General

Malware Config

Signatures

Files

• 983748c25d0701763e2d22718371bc136838148f1d0918778906da5d52617f26

  .zip

  Password: infected

• 1/10月26日最新发布-财会人员薪资补贴所需材料.exe

  .exe windows:6 windows x86 arch:x86

  4f2f006e2ecf7172ad368f8289dc96c1

  
  

  Code Sign

  38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  15-06-2007 00:00

  Not After

  14-06-2012 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  21-05-2009 00:00

  Not After

  20-05-2019 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  66:66:05:52:d4:65:b3:1f:42:9f:75:27:ea:6a:93:bf

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

  Not Before

  08-09-2010 00:00

  Not After

  23-11-2013 23:59

  Subject

  CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  26:25:ea:c9:62:70:28:5b:8e:5b:aa:2e:a8:e1:06:0f:e9:6f:c1:22

  Signer

  Actual PE Digest

  26:25:ea:c9:62:70:28:5b:8e:5b:aa:2e:a8:e1:06:0f:e9:6f:c1:22

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WriteFile

  WriteConsoleW

  WerSetFlags

  WerGetFlags

  WaitForMultipleObjects

  WaitForSingleObject

  VirtualQuery

  VirtualFree

  VirtualAlloc

  TlsAlloc

  SwitchToThread

  SuspendThread

  SetWaitableTimer

  SetUnhandledExceptionFilter

  SetProcessPriorityBoost

  SetEvent

  SetErrorMode

  SetConsoleCtrlHandler

  ResumeThread

  RaiseFailFastException

  PostQueuedCompletionStatus

  LoadLibraryW

  LoadLibraryExW

  SetThreadContext

  GetThreadContext

  GetSystemInfo

  GetSystemDirectoryA

  GetStdHandle

  GetQueuedCompletionStatusEx

  GetProcessAffinityMask

  GetProcAddress

  GetErrorMode

  GetEnvironmentStringsW

  GetCurrentThreadId

  GetConsoleMode

  FreeEnvironmentStringsW

  ExitProcess

  DuplicateHandle

  CreateWaitableTimerExW

  CreateThread

  CreateIoCompletionPort

  CreateFileA

  CreateEventA

  CloseHandle

  AddVectoredExceptionHandler

  Sections

  .text

  Size: 4.3MB - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.2MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 75KB - Virtual size: 74KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .symtab

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 224KB - Virtual size: 224KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• 1/2023年10月新发-财会人员薪资补贴调整新政策所需材料.exe

  .exe windows:5 windows x86 arch:x86

  32f3282581436269b3a75b6675fe3e08

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  CreateFileW

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  CloseHandle

  lstrlenW

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrcpynA

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 427KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 1.3MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 31KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/AggregatorHost.exe

  .exe windows:6 windows x64 arch:x64

  63af2ad638c4acf9624bbc2ba315bf61

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetTickCount

  ExitProcess

  Sleep

  GetLocaleInfoEx

  FormatMessageA

  VirtualProtect

  GetFullPathNameW

  AreFileApisANSI

  GetLastError

  GetModuleHandleW

  MultiByteToWideChar

  WideCharToMultiByte

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  LocalFree

  user32

  MessageBoxA

  advapi32

  RegSetValueExA

  RegOpenKeyExA

  RegCloseKey

  shell32

  ShellExecuteA

  msvcp140

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ??Bid@locale@std@@QEAA_KXZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  _Query_perf_frequency

  ??1_Lockit@std@@QEAA@XZ

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ??0_Lockit@std@@QEAA@H@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?_Winerror_map@std@@YAHH@Z

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Syserror_map@std@@YAPEBDH@Z

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  _Thrd_sleep

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  _Xtime_get_ticks

  _Query_perf_counter

  winhttp

  WinHttpCloseHandle

  WinHttpOpen

  WinHttpSetStatusCallback

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  __std_terminate

  __std_exception_copy

  _CxxThrowException

  memchr

  memcmp

  memcpy

  __current_exception

  memset

  __current_exception_context

  __std_exception_destroy

  memmove

  api-ms-win-crt-runtime-l1-1-0

  _initialize_onexit_table

  _register_onexit_function

  _exit

  _initterm_e

  _initterm

  _get_initial_narrow_environment

  _initialize_narrow_environment

  _cexit

  _set_app_type

  _seh_filter_exe

  _crt_atexit

  __p___argv

  terminate

  _c_exit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo_noreturn

  exit

  _configure_narrow_argv

  __p___argc

  api-ms-win-crt-stdio-l1-1-0

  fwrite

  ungetc

  fsetpos

  fgetc

  fgetpos

  setvbuf

  fclose

  fflush

  __p__commode

  fread

  fputc

  _fseeki64

  _get_stream_buffer_pointers

  _set_fmode

  api-ms-win-crt-heap-l1-1-0

  malloc

  _callnewh

  _set_new_mode

  free

  api-ms-win-crt-utility-l1-1-0

  rand

  srand

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-locale-l1-1-0

  ___lc_codepage_func

  _configthreadlocale

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  Sections

  .text

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 302KB - Virtual size: 303KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 236B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/PO20230225-13360.exe

  .exe windows:4 windows x64 arch:x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Sections

  .text

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 78KB - Virtual size: 77KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• 1/TIanagents.exe

  .exe windows:6 windows x64 arch:x64

  974b46aac09fd69de98c5361efb17a61

  
  

  Code Sign

  33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  30-03-2016 19:21

  Not After

  30-06-2017 19:21

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-06-2015 17:42

  Not After

  04-09-2016 17:42

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  28-10-2015 20:31

  Not After

  28-01-2017 20:31

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ac:b8:a7:b1:1c:dd:f6:41:55:0b:65:ab:63:a8:77:36:0d:5a:e6:9a:07:1f:7b:5e:27:e3:9c:96:e1:8c:b9:5a

  Signer

  Actual PE Digest

  ac:b8:a7:b1:1c:dd:f6:41:55:0b:65:ab:63:a8:77:36:0d:5a:e6:9a:07:1f:7b:5e:27:e3:9c:96:e1:8c:b9:5a

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  81:39:a0:cd:01:a1:b3:02:9f:c7:dd:33:37:ed:40:da:48:54:34:c5

  Signer

  Actual PE Digest

  81:39:a0:cd:01:a1:b3:02:9f:c7:dd:33:37:ed:40:da:48:54:34:c5

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  VirtualProtectEx

  GetTempPathW

  GetTempFileNameW

  CreateFileW

  GetLastError

  GetFileAttributesExW

  CloseHandle

  Sleep

  CreateThread

  WriteConsoleW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  HeapReAlloc

  HeapSize

  GetProcessHeap

  GetStringTypeW

  GetFileType

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  WideCharToMultiByte

  MultiByteToWideChar

  GetCommandLineW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  GetModuleHandleW

  RtlUnwindEx

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  RaiseException

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  GetCurrentProcess

  ExitProcess

  TerminateProcess

  GetModuleHandleExW

  LCMapStringW

  HeapAlloc

  HeapFree

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  user32

  PostQuitMessage

  EndPaint

  BeginPaint

  DefWindowProcW

  DestroyWindow

  DialogBoxParamW

  UpdateWindow

  ShowWindow

  EndDialog

  RegisterClassExW

  LoadCursorW

  LoadIconW

  DispatchMessageW

  TranslateMessage

  TranslateAcceleratorW

  GetMessageW

  LoadAcceleratorsW

  LoadStringW

  CreateWindowExW

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 124KB - Virtual size: 129KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/c.dat

  .zip
• 1/c.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Code Sign

  01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  19-09-2018 00:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7a:b0:36:d2:cb:27:e9:7c:ef:1e:1f:bf

  Certificate

  Issuer

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  19-12-2019 10:00

  Not After

  17-03-2023 06:23

  Subject

  SERIALNUMBER=110111-1535991,CN=NetSarang Computer\, Inc.,O=NetSarang Computer\, Inc.,STREET=85\, Gwangnaru-ro 56-gil,L=GWANGJIN-GU,ST=SEOUL,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  28-01-2021 11:08

  Not After

  01-03-2032 11:08

  Subject

  CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20-06-2018 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  10-12-2014 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dc

  Signer

  Actual PE Digest

  67:c3:75:72:5c:02:15:9a:72:82:68:a1:e6:5a:66:fa:2f:5e:76:b5:a6:a2:ce:12:09:6a:34:28:b4:d8:bd:dc

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 796KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 437KB - Virtual size: 440KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 30KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows:4 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 916KB - Virtual size: 914KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 164KB - Virtual size: 160KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 84KB - Virtual size: 99KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• 1/loader.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  20-09-2012 00:00

  Not After

  20-09-2015 23:59

  Subject

  CN=YY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=YY Inc.,L=guangzhou,ST=guangdong,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  61:19:93:e4:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-02-2011 19:25

  Not After

  22-02-2021 19:35

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ce:63:e9:2a:7f:dc:e4:68:70:64:4c:d5:d8:c6:41:dc:fa:01:0b:bc

  Signer

  Actual PE Digest

  ce:63:e9:2a:7f:dc:e4:68:70:64:4c:d5:d8:c6:41:dc:fa:01:0b:bc

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 758KB - Virtual size: 758KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 266KB - Virtual size: 265KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/【东莞信易贷平台】企业认证资料无法上传-文件大小不能超过5MB，请重新上传-202310.exe

  .exe windows:6 windows x64 arch:x64

  e2e1d6eaf5574cbdf6e0eddd6dd4034c

  
  

  Code Sign

  33:00:00:03:12:75:62:47:81:61:e8:1f:04:00:00:00:00:03:12

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  10-06-2021 18:55

  Not After

  09-06-2022 18:55

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ef:48:13:90:4a:0e:36:c7:94:b7:e9:34:a7:d1:ae:02:77:3c:02:78:4a:2e:13:94:0b:cf:06:df:05:81:1b:fd

  Signer

  Actual PE Digest

  ef:48:13:90:4a:0e:36:c7:94:b7:e9:34:a7:d1:ae:02:77:3c:02:78:4a:2e:13:94:0b:cf:06:df:05:81:1b:fd

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  AddVectoredExceptionHandler

  MoveFileExW

  ExitProcess

  WinExec

  IsDebuggerPresent

  Sleep

  CreateToolhelp32Snapshot

  Process32NextW

  Process32FirstW

  CloseHandle

  SetEndOfFile

  WaitForSingleObject

  GetModuleFileNameW

  WriteConsoleW

  HeapSize

  CreateFileW

  GetProcessHeap

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringEx

  GetStringTypeW

  GetCPInfo

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  GetStartupInfoW

  GetModuleHandleW

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  GetLastError

  SetLastError

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  GetModuleHandleExW

  GetStdHandle

  WriteFile

  GetCommandLineA

  GetCommandLineW

  GetFileSizeEx

  SetFilePointerEx

  GetFileType

  HeapAlloc

  HeapFree

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  FlushFileBuffers

  GetConsoleOutputCP

  GetConsoleMode

  ReadFile

  ReadConsoleW

  HeapReAlloc

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  RtlUnwind

  shell32

  SHGetKnownFolderPath

  ole32

  CoTaskMemFree

  shlwapi

  PathCombineW

  StrCmpIW

  PathFindFileNameW

  PathGetDriveNumberW

  Sections

  .text

  Size: 904KB - Virtual size: 904KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 76KB - Virtual size: 76KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 216KB - Virtual size: 215KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/【企业认证资料】企业认证资料包含营业执照原件，身份证等信息等，已加水印处理勿外传-2023-10.exe

  .exe windows:6 windows x64 arch:x64

  c7b1299ce45fdfef467676bf0f5b9b71

  
  

  Code Sign

  33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0c

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  05-01-2023 19:22

  Not After

  15-12-2023 19:22

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  28:ed:d5:d5:1a:fe:49:22:ac:5e:05:1a:ab:9e:4b:68:d5:2f:03:ea:96:37:b6:b8:72:85:66:cf:85:97:1d:7f

  Signer

  Actual PE Digest

  28:ed:d5:d5:1a:fe:49:22:ac:5e:05:1a:ab:9e:4b:68:d5:2f:03:ea:96:37:b6:b8:72:85:66:cf:85:97:1d:7f

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  AddVectoredExceptionHandler

  SetThreadStackGuarantee

  GetLastError

  HeapAlloc

  GetProcessHeap

  HeapFree

  HeapReAlloc

  GetModuleHandleA

  GetProcAddress

  GetCurrentThread

  TryAcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  GetStdHandle

  GetConsoleMode

  WaitForSingleObject

  WriteConsoleW

  SetLastError

  GetCurrentDirectoryW

  WaitForSingleObjectEx

  LoadLibraryA

  CreateMutexA

  GetCurrentProcess

  ReleaseMutex

  GetEnvironmentVariableW

  GetCommandLineW

  GetModuleHandleW

  FormatMessageW

  GetModuleFileNameW

  CreateFileW

  GetFullPathNameW

  AcquireSRWLockExclusive

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  CompareStringOrdinal

  GetSystemDirectoryW

  GetWindowsDirectoryW

  CreateProcessW

  GetFileAttributesW

  DuplicateHandle

  CreateThread

  GetCurrentProcessId

  CreateNamedPipeW

  ReadFileEx

  SleepEx

  WriteFileEx

  RtlCaptureContext

  AcquireSRWLockShared

  ReleaseSRWLockShared

  RtlLookupFunctionEntry

  CloseHandle

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  RtlVirtualUnwind

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  QueryPerformanceCounter

  advapi32

  SystemFunction036

  bcrypt

  BCryptGenRandom

  ntdll

  NtAllocateVirtualMemory

  NtTestAlert

  NtQueueApcThread

  NtWriteVirtualMemory

  vcruntime140

  memcmp

  memmove

  _CxxThrowException

  __C_specific_handler

  __current_exception

  __current_exception_context

  memset

  memcpy

  __CxxFrameHandler3

  api-ms-win-crt-runtime-l1-1-0

  _seh_filter_exe

  __p___argc

  __p___argv

  _cexit

  _c_exit

  _register_thread_local_exe_atexit_callback

  _initterm

  _get_initial_narrow_environment

  _exit

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  terminate

  _initialize_narrow_environment

  exit

  _set_app_type

  _configure_narrow_argv

  _initterm_e

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  _set_fmode

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-heap-l1-1-0

  free

  _set_new_mode

  Sections

  .text

  Size: 214KB - Virtual size: 214KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 210KB - Virtual size: 209KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 744B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 279KB - Virtual size: 278KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/【财务部】关于工资调整通知 .exe

  .exe windows:6 windows x64 arch:x64

  059c9f4b73ed5ee399069018d7f110b8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  CloseHandle

  CompareStringW

  CreateEventW

  CreateFileW

  CreateProcessW

  DecodePointer

  DeleteCriticalSection

  EncodePointer

  EnterCriticalSection

  EnumSystemLocalesW

  ExitProcess

  FindClose

  FindFirstFileExW

  FindNextFileW

  FindResourceW

  FlushFileBuffers

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetConsoleCP

  GetConsoleMode

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  GetFileSizeEx

  GetFileType

  GetLastError

  GetLocaleInfoW

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetProcAddress

  GetProcessHeap

  GetShortPathNameW

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemTimeAsFileTime

  GetUserDefaultLCID

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InitializeCriticalSectionEx

  InitializeSListHead

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  IsValidLocale

  LCMapStringEx

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryExW

  LoadResource

  LockResource

  MultiByteToWideChar

  QueryPerformanceCounter

  RaiseException

  ReadConsoleW

  ReadFile

  ResetEvent

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlPcToFileHeader

  RtlUnwind

  RtlUnwindEx

  RtlVirtualUnwind

  SetEndOfFile

  SetEnvironmentVariableW

  SetEvent

  SetFilePointerEx

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  WaitForSingleObjectEx

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  lstrcatW

  lstrcpyW

  shell32

  ShellExecuteW

  Sections

  .text

  Size: 307KB - Virtual size: 306KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 40B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .voltbl

  Size: 512B - Virtual size: 58B

  _RDATA

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 990KB - Virtual size: 990KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/内容.exe

  .exe windows:6 windows x86 arch:x86

  cab71e19c04a41cbdb2e1b1d531fce98

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegOpenKeyExW

  RegSetValueExW

  RegCloseKey

  RegQueryValueExW

  bthprops.cpl

  BluetoothSdpGetAttributeValue

  BluetoothSdpGetContainerElementData

  BluetoothFindFirstDevice

  BluetoothFindNextDevice

  BluetoothSdpGetString

  BluetoothFindDeviceClose

  ws2_32

  WSALookupServiceNextW

  WSALookupServiceBeginW

  WSAStartup

  WSALookupServiceEnd

  setsockopt

  freeaddrinfo

  htons

  recv

  send

  getaddrinfo

  select

  closesocket

  bind

  __WSAFDIsSet

  getsockopt

  socket

  WSAGetLastError

  WSAAddressToStringW

  connect

  winmm

  waveOutPrepareHeader

  waveOutOpen

  waveOutClose

  waveOutUnprepareHeader

  timeBeginPeriod

  timeGetDevCaps

  timeKillEvent

  timeEndPeriod

  timeSetEvent

  waveOutWrite

  cfgmgr32

  CM_Get_Device_Interface_ListW

  CM_Get_Device_Interface_List_SizeW

  kernel32

  QueryPerformanceCounter

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  LoadLibraryExW

  GetModuleHandleW

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  SetThreadExecutionState

  CreateThread

  GetCurrentProcessId

  GetLastError

  Sleep

  GetCurrentThreadId

  SetThreadPriority

  GetTickCount

  WideCharToMultiByte

  MultiByteToWideChar

  CreateSemaphoreW

  ReleaseSemaphore

  ReleaseMutex

  CreateMutexW

  GetProcessHeap

  HeapAlloc

  CreateFileW

  DeviceIoControl

  CreatePipe

  WriteFile

  HeapFree

  CreateProcessW

  CloseHandle

  GetSystemTimeAsFileTime

  InitializeSListHead

  ReadFile

  WaitForSingleObject

  user32

  IsIconic

  UpdateWindow

  EnableMenuItem

  PostQuitMessage

  CheckMenuItem

  FlashWindowEx

  LoadCursorW

  FindWindowW

  TranslateMessage

  EndPaint

  DispatchMessageW

  GetSubMenu

  LoadAcceleratorsW

  RegisterClassExW

  DeleteMenu

  GetMenu

  LoadMenuW

  DefWindowProcW

  GetMessageW

  TrackPopupMenu

  CreatePopupMenu

  TranslateAcceleratorW

  LoadIconW

  BeginPaint

  wsprintfW

  DialogBoxParamW

  GetDlgItem

  EndDialog

  SendMessageW

  SetWindowPos

  GetWindowRect

  EnableWindow

  IsDlgButtonChecked

  ShowWindow

  LoadStringW

  MessageBoxW

  DestroyWindow

  CreateDialogParamW

  SetClipboardData

  EmptyClipboard

  CloseClipboard

  OpenClipboard

  CreateWindowExW

  GetCursorPos

  SetForegroundWindow

  InsertMenuW

  shell32

  Shell_NotifyIconW

  msvcp140

  ?_Xlength_error@std@@YAXPBD@Z

  vcruntime140

  __std_exception_copy

  __std_exception_destroy

  memchr

  __std_terminate

  wcsstr

  _purecall

  memset

  memmove

  memcpy

  _CxxThrowException

  __current_exception

  __current_exception_context

  _except_handler4_common

  __CxxFrameHandler3

  api-ms-win-crt-runtime-l1-1-0

  _controlfp_s

  abort

  _initialize_onexit_table

  _register_onexit_function

  _errno

  _cexit

  _seh_filter_exe

  _set_app_type

  _invalid_parameter_noinfo_noreturn

  _configure_wide_argv

  _initialize_wide_environment

  _get_wide_winmain_command_line

  _initterm

  _initterm_e

  exit

  _exit

  terminate

  _c_exit

  _register_thread_local_exe_atexit_callback

  _crt_atexit

  _invalid_parameter_noinfo

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vswscanf

  _set_fmode

  __p__commode

  __acrt_iob_func

  fread

  __stdio_common_vfwprintf

  fclose

  __stdio_common_vsnprintf_s

  __stdio_common_vfprintf

  fopen

  api-ms-win-crt-convert-l1-1-0

  wcstombs

  _wtoi

  api-ms-win-crt-string-l1-1-0

  wcscpy_s

  api-ms-win-crt-heap-l1-1-0

  free

  _callnewh

  malloc

  _set_new_mode

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Exports

  Exports

  opus_decode

  opus_decode_float

  opus_decoder_create

  opus_decoder_ctl

  opus_decoder_destroy

  opus_decoder_get_nb_samples

  opus_decoder_get_size

  opus_decoder_init

  opus_get_version_string

  opus_packet_get_bandwidth

  opus_packet_get_nb_channels

  opus_packet_get_nb_frames

  opus_packet_get_nb_samples

  opus_packet_get_samples_per_frame

  opus_packet_parse

  opus_pcm_soft_clip

  opus_strerror

  Sections

  .text

  Size: 114KB - Virtual size: 114KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 1/外挂 王者 吃鸡 绝地辅助链接可测试_xf.exe

  .exe windows:6 windows x86 arch:x86

  a41eb800970df4b6ce818a3ea76c19fd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  AcquireSRWLockExclusive

  AreFileApisANSI

  CloseHandle

  CompareStringEx

  CompareStringW

  ConvertFiberToThread

  ConvertThreadToFiber

  CopyFileW

  CreateDirectoryW

  CreateEventW

  CreateFiber

  CreateFileW

  CreateSymbolicLinkW

  CreateThread

  DecodePointer

  DeleteCriticalSection

  DeleteFiber

  DeleteFileW

  DeviceIoControl

  DuplicateHandle

  EncodePointer

  EnterCriticalSection

  EnumSystemLocalesW

  ExitProcess

  ExitThread

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindClose

  FindFirstFileExW

  FindFirstFileW

  FindNextFileW

  FindResourceExW

  FindResourceW

  FlushFileBuffers

  FormatMessageA

  FormatMessageW

  FreeEnvironmentStringsW

  FreeLibrary

  FreeLibraryAndExitThread

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDriveTypeW

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  GetFileAttributesExW

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  GetFileSize

  GetFileSizeEx

  GetFileTime

  GetFileType

  GetFullPathNameW

  GetLastError

  GetLocaleInfoEx

  GetLocaleInfoW

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  GetProcAddress

  GetProcessHeap

  GetProfileIntW

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemDefaultUILanguage

  GetSystemDirectoryA

  GetSystemDirectoryW

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAsFileTime

  GetTempFileNameW

  GetTempPathW

  GetThreadLocale

  GetTickCount64

  GetTimeZoneInformation

  GetUserDefaultLCID

  GetUserDefaultUILanguage

  GetVersionExW

  GetVolumeInformationW

  GetWindowsDirectoryW

  GlobalAddAtomW

  GlobalAlloc

  GlobalDeleteAtom

  GlobalFindAtomW

  GlobalFlags

  GlobalFree

  GlobalGetAtomNameW

  GlobalHandle

  GlobalLock

  GlobalReAlloc

  GlobalSize

  GlobalUnlock

  HeapAlloc

  HeapDestroy

  HeapFree

  HeapQueryInformation

  HeapReAlloc

  HeapSize

  InitOnceBeginInitialize

  InitOnceComplete

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  InitializeCriticalSectionEx

  InitializeSListHead

  InitializeSRWLock

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  IsValidLocale

  LCMapStringEx

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalAlloc

  LocalFree

  LocalReAlloc

  LockFile

  LockResource

  MulDiv

  MultiByteToWideChar

  OutputDebugStringA

  OutputDebugStringW

  PeekNamedPipe

  QueryPerformanceCounter

  QueryPerformanceFrequency

  RaiseException

  ReadConsoleA

  ReadConsoleW

  ReadFile

  ReleaseSRWLockExclusive

  ResetEvent

  ResumeThread

  RtlUnwind

  SearchPathW

  SetConsoleCtrlHandler

  SetConsoleMode

  SetEndOfFile

  SetEnvironmentVariableW

  SetErrorMode

  SetEvent

  SetFileInformationByHandle

  SetFilePointer

  SetFilePointerEx

  SetLastError

  SetStdHandle

  SetThreadPriority

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  SwitchToFiber

  SystemTimeToFileTime

  SystemTimeToTzSpecificLocalTime

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  TryAcquireSRWLockExclusive

  UnhandledExceptionFilter

  UnlockFile

  VerSetConditionMask

  VerifyVersionInfoW

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WaitForSingleObjectEx

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  WritePrivateProfileStringW

  lstrcmpA

  lstrcmpW

  lstrcmpiW

  lstrcpyW

  user32

  AdjustWindowRectEx

  AppendMenuW

  BeginDeferWindowPos

  BeginPaint

  BringWindowToTop

  CallNextHookEx

  CallWindowProcW

  CharUpperBuffW

  CharUpperW

  CheckDlgButton

  CheckMenuItem

  ClientToScreen

  CloseClipboard

  CopyAcceleratorTableW

  CopyIcon

  CopyImage

  CopyRect

  CreateAcceleratorTableW

  CreateDialogIndirectParamW

  CreateMenu

  CreatePopupMenu

  CreateWindowExW

  DefFrameProcW

  DefMDIChildProcW

  DefWindowProcW

  DeferWindowPos

  DeleteMenu

  DestroyAcceleratorTable

  DestroyCursor

  DestroyIcon

  DestroyMenu

  DestroyWindow

  DispatchMessageW

  DrawEdge

  DrawFocusRect

  DrawFrameControl

  DrawIcon

  DrawIconEx

  DrawMenuBar

  DrawStateW

  DrawTextExW

  DrawTextW

  EmptyClipboard

  EnableMenuItem

  EnableScrollBar

  EnableWindow

  EndDeferWindowPos

  EndDialog

  EndPaint

  EnumDisplayMonitors

  EqualRect

  FillRect

  FrameRect

  GetActiveWindow

  GetAsyncKeyState

  GetCapture

  GetClassInfoExW

  GetClassInfoW

  GetClassLongW

  GetClassNameW

  GetClientRect

  GetComboBoxInfo

  GetCursorPos

  GetDC

  GetDesktopWindow

  GetDlgCtrlID

  GetDlgItem

  GetDoubleClickTime

  GetFocus

  GetForegroundWindow

  GetIconInfo

  GetKeyNameTextW

  GetKeyState

  GetKeyboardLayout

  GetKeyboardState

  GetLastActivePopup

  GetMenu

  GetMenuCheckMarkDimensions

  GetMenuDefaultItem

  GetMenuItemCount

  GetMenuItemID

  GetMenuItemInfoW

  GetMenuState

  GetMenuStringW

  GetMessagePos

  GetMessageTime

  GetMessageW

  GetMonitorInfoW

  GetNextDlgGroupItem

  GetNextDlgTabItem

  GetParent

  GetProcessWindowStation

  GetPropW

  GetScrollInfo

  GetScrollPos

  GetScrollRange

  GetSubMenu

  GetSysColor

  GetSysColorBrush

  GetSystemMenu

  GetSystemMetrics

  GetTopWindow

  GetUpdateRect

  GetUserObjectInformationW

  GetWindow

  GetWindowDC

  GetWindowLongW

  GetWindowPlacement

  GetWindowRect

  GetWindowRgn

  GetWindowTextLengthW

  GetWindowTextW

  GetWindowThreadProcessId

  GrayStringW

  HideCaret

  InflateRect

  InsertMenuItemW

  InsertMenuW

  IntersectRect

  InvalidateRect

  InvertRect

  IsCharLowerW

  IsChild

  IsClipboardFormatAvailable

  IsDialogMessageW

  IsIconic

  IsMenu

  IsRectEmpty

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  IsZoomed

  KillTimer

  LoadAcceleratorsW

  LoadBitmapW

  LoadCursorW

  LoadIconW

  LoadImageW

  LoadMenuW

  LockWindowUpdate

  MapDialogRect

  MapVirtualKeyExW

  MapVirtualKeyW

  MapWindowPoints

  MessageBeep

  MessageBoxW

  ModifyMenuW

  MonitorFromPoint

  MonitorFromWindow

  MoveWindow

  NotifyWinEvent

  OffsetRect

  OpenClipboard

  PeekMessageW

  PostMessageW

  PostQuitMessage

  PostThreadMessageW

  PtInRect

  RealChildWindowFromPoint

  RedrawWindow

  RegisterClassW

  RegisterClipboardFormatW

  RegisterWindowMessageW

  ReleaseCapture

  ReleaseDC

  RemoveMenu

  RemovePropW

  ReuseDDElParam

  ScreenToClient

  ScrollWindow

  SendDlgItemMessageA

  SendMessageW

  SetActiveWindow

  SetCapture

  SetClassLongW

  SetClipboardData

  SetCursor

  SetCursorPos

  SetFocus

  SetForegroundWindow

  SetLayeredWindowAttributes

  SetMenu

  SetMenuDefaultItem

  SetMenuItemBitmaps

  SetMenuItemInfoW

  SetParent

  SetPropW

  SetRect

  SetRectEmpty

  SetScrollInfo

  SetScrollPos

  SetScrollRange

  SetTimer

  SetWindowLongW

  SetWindowPlacement

  SetWindowPos

  SetWindowRgn

  SetWindowTextW

  SetWindowsHookExW

  ShowOwnedPopups

  ShowScrollBar

  ShowWindow

  SubtractRect

  SystemParametersInfoW

  TabbedTextOutW

  ToUnicodeEx

  TrackMouseEvent

  TrackPopupMenu

  TranslateAcceleratorW

  TranslateMDISysAccel

  TranslateMessage

  UnhookWindowsHookEx

  UnionRect

  UnpackDDElParam

  UnregisterClassW

  UpdateLayeredWindow

  UpdateWindow

  ValidateRect

  WaitMessage

  WinHelpW

  WindowFromPoint

  ws2_32

  WSACleanup

  WSAGetLastError

  WSASetLastError

  WSASocketW

  WSAStartup

  __WSAFDIsSet

  closesocket

  connect

  freeaddrinfo

  getaddrinfo

  gethostbyaddr

  gethostbyname

  getnameinfo

  getpeername

  getservbyname

  getservbyport

  getsockname

  getsockopt

  htonl

  htons

  inet_addr

  inet_ntoa

  inet_pton

  ioctlsocket

  ntohs

  recv

  select

  send

  setsockopt

  shutdown

  socket

  gdi32

  BitBlt

  CombineRgn

  CopyMetaFileW

  CreateBitmap

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateDCW

  CreateDIBSection

  CreateDIBitmap

  CreateEllipticRgn

  CreateFontIndirectW

  CreateHatchBrush

  CreatePalette

  CreatePatternBrush

  CreatePen

  CreatePolygonRgn

  CreateRectRgn

  CreateRectRgnIndirect

  CreateRoundRectRgn

  CreateSolidBrush

  DPtoLP

  DeleteDC

  DeleteObject

  Ellipse

  EnumFontFamiliesExW

  EnumFontFamiliesW

  Escape

  ExcludeClipRect

  ExtFloodFill

  ExtSelectClipRgn

  ExtTextOutW

  FillRgn

  FrameRgn

  GetBkColor

  GetBoundsRect

  GetClipBox

  GetDeviceCaps

  GetLayout

  GetNearestPaletteIndex

  GetObjectType

  GetObjectW

  GetPaletteEntries

  GetPixel

  GetRgnBox

  GetStockObject

  GetSystemPaletteEntries

  GetTextCharsetInfo

  GetTextColor

  GetTextExtentPoint32W

  GetTextFaceW

  GetTextMetricsW

  GetViewportExtEx

  GetViewportOrgEx

  GetWindowExtEx

  GetWindowOrgEx

  IntersectClipRect

  LPtoDP

  LineTo

  MoveToEx

  OffsetRgn

  OffsetViewportOrgEx

  OffsetWindowOrgEx

  PatBlt

  Polygon

  Polyline

  PtInRegion

  PtVisible

  RealizePalette

  RectVisible

  Rectangle

  RestoreDC

  RoundRect

  SaveDC

  ScaleViewportExtEx

  ScaleWindowExtEx

  SelectClipRgn

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetDIBColorTable

  SetLayout

  SetMapMode

  SetPaletteEntries

  SetPixel

  SetPixelV

  SetPolyFillMode

  SetROP2

  SetRectRgn

  SetTextAlign

  SetTextColor

  SetViewportExtEx

  SetViewportOrgEx

  SetWindowExtEx

  SetWindowOrgEx

  StretchBlt

  TextOutW

  uxtheme

  CloseThemeData

  DrawThemeBackground

  DrawThemeParentBackground

  DrawThemeText

  GetCurrentThemeName

  GetThemeColor

  GetThemePartSize

  GetThemeSysColor

  GetWindowTheme

  IsAppThemed

  IsThemeBackgroundPartiallyTransparent

  OpenThemeData

  ole32

  CoCreateGuid

  CoCreateInstance

  CoDisconnectObject

  CoInitialize

  CoInitializeEx

  CoLockObjectExternal

  CoTaskMemAlloc

  CoTaskMemFree

  CoUninitialize

  CreateStreamOnHGlobal

  DoDragDrop

  IsAccelerator

  OleCreateMenuDescriptor

  OleDestroyMenuDescriptor

  OleDuplicateData

  OleGetClipboard

  OleLockRunning

  OleTranslateAccelerator

  RegisterDragDrop

  ReleaseStgMedium

  RevokeDragDrop

  oleaut32

  LoadTypeLi

  SysAllocString

  SysAllocStringLen

  SysFreeString

  SysStringLen

  SystemTimeToVariantTime

  VarBstrFromDate

  VariantChangeType

  VariantClear

  VariantCopy

  VariantInit

  VariantTimeToSystemTime

  shlwapi

  PathFindExtensionW

  PathFindFileNameW

  PathIsUNCW

  PathRemoveFileSpecW

  PathStripToRootW

  StrFormatKBSizeW

  winspool.drv

  ClosePrinter

  DocumentPropertiesW

  OpenPrinterW

  gdiplus

  GdipAlloc

  GdipBitmapLockBits

  GdipBitmapUnlockBits

  GdipCloneImage

  GdipCreateBitmapFromHBITMAP

  GdipCreateBitmapFromScan0

  GdipCreateBitmapFromStream

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipDisposeImage

  GdipDrawImageI

  GdipDrawImageRectI

  GdipFree

  GdipGetImageGraphicsContext

  GdipGetImageHeight

  GdipGetImagePalette

  GdipGetImagePaletteSize

  GdipGetImagePixelFormat

  GdipGetImageWidth

  GdipSetInterpolationMode

  GdiplusShutdown

  GdiplusStartup

  oleacc

  AccessibleObjectFromWindow

  CreateStdAccessibleObject

  LresultFromObject

  msimg32

  AlphaBlend

  TransparentBlt

  shell32

  DragFinish

  DragQueryFileW

  SHAppBarMessage

  SHBrowseForFolderW

  SHGetDesktopFolder

  SHGetFileInfoW

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  ShellExecuteW

  imm32

  ImmGetContext

  ImmGetOpenStatus

  ImmReleaseContext

  winmm

  PlaySoundW

  Sections

  .text

  Size: 3.5MB - Virtual size: 3.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 923KB - Virtual size: 922KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 87KB - Virtual size: 114KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .00cfg

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data1

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .trace

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .voltbl

  Size: 512B - Virtual size: 328B

  _RDATA

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 180KB - Virtual size: 180KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 233KB - Virtual size: 232KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ