3d7412ecf39d2b88932ca2d4894e31c5

Sharing

Copy URL Twitter E-mail

General

Target

3d7412ecf39d2b88932ca2d4894e31c5
Size

7.8MB
MD5

3d7412ecf39d2b88932ca2d4894e31c5
SHA1

1f55fc2bf0b8caa942a44fe39413f04c1a445035
SHA256

974c4d323edc45525700d7428c2125bc9988425781cb76da712effa3ace35417
SHA512

72ad8e1ed98baceab240ce0b19dd9d1f8639b5d95d01c0ab5a62a118be8c73e15cbd534c674efa4e3674989f66738a9139f912bc125c25bda1ed616e83179a47
SSDEEP

196608:eMtWskzV4FBCvZRKZgT2UQQ1aBpSAOAdNCiY76QJ:ecWsWqCT1Q4oUKCiKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/7z.dll
unpack003/Unistall.exe
unpack003/双击运行.exe
unpack001/QBanPaoPaoTang1_chs_setup/点击使用.exe

Files

3d7412ecf39d2b88932ca2d4894e31c5
.rar
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/#YouXun#
.7z
FlashPlayer.exe
.exe windows:5 windows x86 arch:x86

d5e704f00b4ddbae5704755a7b4cdd7f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:d5:fe:ff:f5:fc:c8:a0:34:a4:c1:71:1a:bc:24:bd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/03/2014, 00:00

Not After

04/03/2015, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Flash Player - Fortnight+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:d1:cb:a9:82:57:72:7c:5d:10:ef:f5:92:05:60:8d:4a:a6:37:fd
Signer

Actual PE Digest

59:d1:cb:a9:82:57:72:7c:5d:10:ef:f5:92:05:60:8d:4a:a6:37:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
SysFreeString

kernel32

GetModuleFileNameA
GetCommandLineW
DeleteFileW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
GetVersionExW
GetModuleHandleA
GetSystemInfo
SwitchToThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
SetEndOfFile
WriteFile
CreateFileA
GetFileAttributesA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LCMapStringA
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
GetStdHandle
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
HeapReAlloc
UnhandledExceptionFilter
ExitProcess
RtlUnwind
GetStartupInfoA
IsProcessorFeaturePresent
GetProcessAffinityMask
HeapSize
HeapFree
GetProcessHeap
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
GetCommandLineA
Sleep
GetCPInfo
GetACP
IsDBCSLeadByte
CreateProcessA
GetTempPathA
FindNextFileW
GetModuleFileNameW
GetTempFileNameW
GetSystemDirectoryW
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetTempPathW
CreateProcessW
GetTempFileNameA
CreateDirectoryA
DeleteFileA
GetVersionExA
GetLastError
CreateMutexA
FindFirstFileW
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
MoveFileExW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
OutputDebugStringA
CreateDirectoryW
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
GetFileAttributesW
VirtualQuery
ExitThread
GetUserDefaultLangID
GetUserDefaultUILanguage
VerifyVersionInfoW
VerSetConditionMask
CreateThread
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalSize
QueueUserAPC
OpenThread
SleepEx
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcessTimes
RaiseException
WaitForSingleObject
FlushInstructionCache
SetLastError
CreateEventW
TerminateThread
SetEvent
ResetEvent
WaitForMultipleObjects
CreateWaitableTimerW
GetTickCount
SetThreadPriority
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
GetSystemDirectoryA
GetExitCodeThread
DuplicateHandle
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
GetLocaleInfoW
LCMapStringW
CompareFileTime
LocalFree
ReleaseMutex
CreateFileMappingA
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
InterlockedExchangeAdd
lstrlenW
GetVersion
DeviceIoControl
VirtualAlloc
VirtualFree
CreateSemaphoreA
GlobalMemoryStatusEx
DebugBreak
IsDebuggerPresent
SetSystemTime
FileTimeToSystemTime
TlsAlloc
TlsFree
ResumeThread
FormatMessageW
VirtualProtect
FormatMessageA
ConnectNamedPipe
CreateNamedPipeA
FlushFileBuffers
GetNumberFormatW
GetCurrencyFormatW
CompareStringW

user32

GetWindowTextA
PostQuitMessage
UnregisterClassA
GetWindow
GetWindowRect
SetWindowTextA
LoadStringA
GetDlgItem
EndDialog
DialogBoxParamW
LoadStringW
InvalidateRect
InsertMenuA
InsertMenuW
RemoveMenu
GetSubMenu
GetMenu
UpdateWindow
ShowWindow
GetDlgItemTextA
GetWindowTextLengthA
GetDlgItemTextW
EnableWindow
GetWindowTextLengthW
SetFocus
SetDlgItemTextA
SetDlgItemTextW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
GetDoubleClickTime
WaitForInputIdle
GetForegroundWindow
KillTimer
SetTimer
GetQueueStatus
PeekMessageW
GetWindowLongW
MonitorFromWindow
CheckMenuItem
PostMessageW
GetFocus
CopyRect
GetWindowInfo
GetKeyState
MessageBoxA
SetCursor
LoadCursorW
MessageBoxW
AttachThreadInput
GetWindowThreadProcessId
GetClientRect
ScreenToClient
GetCursorPos
EnumWindows
SystemParametersInfoW
GetCapture
CallWindowProcW
SetCapture
ReleaseCapture
GetMessageTime
TrackMouseEvent
SetCursorPos
ClientToScreen
SetWindowLongW
InflateRect
GetSystemMetrics
SetRect
PtInRect
SendInput
SetPropW
GetPropW
DestroyIcon
GetCursor
SetRectEmpty
GetMonitorInfoW
FillRect
GetDC
SendMessageW
SendMessageTimeoutW
GetParent
SetWindowTextW
LoadIconW
GetDesktopWindow
DialogBoxIndirectParamW
RedrawWindow
MoveWindow
IsWindowEnabled
RegisterClipboardFormatW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
MapWindowPoints
GetActiveWindow
FlashWindowEx
SetMenu
GetSystemMenu
IsZoomed
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
ShowWindowAsync
GetClassInfoExW
IsIconic
IsWindow
EnumDisplaySettingsW
EndPaint
BeginPaint
GetWindowTextW
RegisterClassExW
CreateWindowExW
DeleteMenu
LoadMenuW
MsgWaitForMultipleObjects
RegisterClipboardFormatA
GetClipboardFormatNameA
InsertMenuItemW
CreateMenu
GetMenuItemInfoW
DrawMenuBar
SetMenuItemInfoW
SetMenuInfo
DestroyMenu
TrackPopupMenu
CreatePopupMenu
CloseWindow
ShowCaret
CreateCaret
DestroyCaret
SetCaretPos
DdeUninitialize
DdeFreeStringHandle
LoadAcceleratorsW
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleA
DdeInitializeW
CharLowerW
CharUpperW
MapVirtualKeyW
GetKeyboardLayout
ActivateKeyboardLayout
OffsetRect
EnumDisplayDevicesA
UpdateLayeredWindow
EnumDisplayDevicesW
PostThreadMessageW
PostMessageA
RegisterWindowMessageA
DefWindowProcA
GetWindowLongA
DispatchMessageA
GetMessageA
SetWindowLongA
CreateWindowExA
RegisterClassExA
GetMenuStringA
GetMenuStringW
DestroyWindow
DefWindowProcW
EnableMenuItem
ReleaseDC
SetWindowPos
CreateIconIndirect
DdeConnect

gdi32

CreateDCA
DeleteObject
CreatePalette
RealizePalette
SelectPalette
EnumFontFamiliesExW
GetFontData
StretchDIBits
FillPath
ExtCreatePen
StrokePath
CreateSolidBrush
EndDoc
StartDocW
LPtoDP
GetStretchBltMode
GetDeviceCaps
GetSystemPaletteEntries
DeleteDC
GetICMProfileA
SetTextColor
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GdiAlphaBlend
GetWorldTransform
SetGraphicsMode
SetWorldTransform
GetTextCharacterExtra
DPtoLP
EnumFontFamiliesA
GetCurrentObject
CreatePen
SetTextCharacterExtra
GetBkColor
SetBkColor
SelectClipRgn
GetTextColor
GetBkMode
GetTextAlign
SetBkMode
SetTextAlign
CreateRectRgn
GetClipRgn
IntersectClipRect
CreateFontIndirectA
BitBlt
GetTextExtentPoint32W
ExtTextOutW
ExtTextOutA
GetTextExtentPoint32A
GetTextMetricsW
EnumFontFamiliesW
GdiFlush
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
MoveToEx
EndPath
BeginPath
EndPage
StartPage
SaveDC
SetPolyFillMode
GetClipBox
CreateFontIndirectW
CreateDIBSection
CreateBitmap
SetPixel
GetStockObject
GetObjectW
CreateCompatibleDC
SelectObject

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError

shell32

DragQueryFileA
DragAcceptFiles
DragQueryFileW
SHGetFolderPathW
SHGetDiskFreeSpaceExW
SHGetFolderPathA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetSettings
SHGetFolderLocation
SHAppBarMessage

ws2_32

ntohs
sendto
recvfrom
WSACloseEvent
getsockname
setsockopt
gethostname
accept
ntohl
connect
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
WSACleanup
WSAStartup
select
ioctlsocket
closesocket
WSAAsyncSelect
WSAGetLastError
WSAIoctl
socket
WSASocketW
send
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
WSAAddressToStringA
getservbyport
WSASetLastError
listen
recv
bind

mscms

TranslateBitmapBits
DeleteColorTransform
CreateColorTransformW
CloseColorProfile
OpenColorProfileW

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

crypt32

CertCompareCertificate
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertOpenStore
CertVerifyRevocation
CertVerifyTimeValidity
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCompareCertificateName
CryptFindOIDInfo
CertRDNValueToStrW
CertFindRDNAttr
CryptDecodeObjectEx
CertNameToStrW
CertAddStoreToCollection

urlmon

CopyStgMedium

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA

winmm

waveOutWrite
waveInGetPosition
waveOutPause
waveOutRestart
mixerGetControlDetailsA
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerClose
waveInMessage
waveOutMessage
waveOutGetDevCapsA
waveInGetDevCapsA
mixerGetID
waveInOpen
waveInPrepareHeader
waveInReset
waveInUnprepareHeader
waveInClose
waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutGetPosition
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutPrepareHeader
mixerSetControlDetails
timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeKillEvent
waveOutSetVolume

dsound

ord8
ord1

dinput8

DirectInput8Create

advapi32

CryptEncrypt
CryptDecrypt
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptSetKeyParam
CryptImportKey
CryptDestroyKey
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExW
RegCreateKeyExW

ole32

OleIsCurrentClipboard
OleGetClipboard
OleInitialize
CoSetProxyBlanket
CoTaskMemAlloc
OleFlushClipboard
MkParseDisplayName
CreateBindCtx
PropVariantClear
CoTaskMemFree
CoCreateInstance
OleSetClipboard
OleUninitialize
ReleaseStgMedium
CoUninitialize
CoInitializeEx
CoInitialize

Exports

Exports

IAEModule_AEModule_PutKernel
IAEModule_IAEKernel_LoadModule
IAEModule_IAEKernel_UnloadModule
_WinMainSandboxed@20

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QBanPaoPaoTang1_chs.ico
Q版泡泡堂.swf
gameyxdown.dat
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/7z.dll
.dll windows:5 windows x86 arch:x86

82dc00c29a6aea96c6ff9b7fcd4e6e2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
SetLastError
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
ReadFile
WriteFile
CreateFileA
GetSystemInfo
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount

user32

CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/gameyxdown.dat
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/info.dat
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/install.yx
QBanPaoPaoTang1_chs_setup/QBanPaoPaoTang1_chs/setup
.7z
Unistall.exe
.exe windows:5 windows x86 arch:x86

9197afa0b3c8922a2e489709a1cb0d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetModuleHandleA
CompareStringA
InterlockedExchange
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryA
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GlobalAddAtomW
GlobalFlags
lstrcmpW
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
lstrlenA
lstrcmpA
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
FreeResource
GetTickCount
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
GetLastError
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetPrivateProfileStringW
GetModuleFileNameW

user32

DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CharUpperW
ClientToScreen
GetClassNameW
MessageBeep
IsChild
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
ReleaseCapture
GetDesktopWindow
SetCapture
InvalidateRgn
InvalidateRect
GetClientRect
GetWindowRect
EqualRect
IntersectRect
CopyAcceleratorTableW
SetRect
IsRectEmpty
OffsetRect
PtInRect
CopyRect
CharNextW
GetFocus
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
LoadStringW
GetMessageW
GetDlgItem
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
GetWindowThreadProcessId
CreateDialogIndirectParamW
SendMessageW
GetWindowLongW
DestroyMenu
GetWindowDC
CheckMenuItem
GrayStringW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
RegisterClipboardFormatW
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
GetWindowTextW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
CallWindowProcW

gdi32

ExtSelectClipRgn
DeleteDC
GetMapMode
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetObjectW
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
OleUninitialize

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantInit

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gameyxdown.dat
双击运行.exe
.exe windows:5 windows x86 arch:x86

3636bfdb4307b796202b34da38da473f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCheckConnectionW
GetUrlCacheEntryInfoW
InternetOpenW
InternetCrackUrlW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

dbghelp

MiniDumpWriteDump

kernel32

HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetShortPathNameW
IsBadWritePtr
OpenProcess
TerminateProcess
ResumeThread
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
GetDriveTypeW
SetVolumeLabelW
MoveFileW
GetDiskFreeSpaceExW
ReleaseSemaphore
CreateSemaphoreW
SetLastError
FileTimeToLocalFileTime
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
MulDiv
lstrcmpA
HeapCreate
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetModuleHandleA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GlobalFlags
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WriteConsoleA
GetTempPathW
WriteConsoleW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
FindClose
FindFirstFileW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
RaiseException
LeaveCriticalSection
LoadLibraryExW
FreeLibrary
FreeResource
GlobalUnlock
GlobalLock
CreateThread
GetPrivateProfileIntW
GetVersionExW
InitializeCriticalSection
InterlockedIncrement
GetStartupInfoW
ReadFile
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetCommandLineW
LoadLibraryA
InterlockedDecrement
LocalAlloc
GlobalFree
GlobalAlloc
GetModuleFileNameW
WaitForSingleObject
lstrlenA
WriteFile
DeleteFileW
CloseHandle
CreateFileW
GetTickCount
LockResource
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
SizeofResource
CopyFileW
Sleep
WideCharToMultiByte
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
FlushFileBuffers
GetConsoleOutputCP
HeapValidate
lstrcmpW

user32

GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
CharUpperW
SetRectEmpty
SetCapture
SetFocus
CallWindowProcW
GetDesktopWindow
GetWindowThreadProcessId
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
ScreenToClient
GetCursorPos
CharNextW
LoadIconW
CopyRect
UpdateLayeredWindow
GetSystemMetrics
SetCursor
LoadImageW
LoadCursorW
PtInRect
wsprintfW
InvalidateRect
SystemParametersInfoW
IsWindowVisible
SendMessageW
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
DestroyMenu
SetTimer
KillTimer
GetSysColorBrush
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FindWindowExW
EnableWindow
EndPaint
GetWindowRect
GetWindowDC
PostMessageW
GetParent
GetClientRect
BeginPaint
GetDC
RegisterClassExW
GetWindowLongW
CreateWindowExA
ReleaseDC
SetWindowLongW
SetWindowPos
ShowWindow
IsWindow
EqualRect
ReleaseCapture
DefWindowProcW
MoveWindow
MessageBoxW
RegisterClipboardFormatW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuItemCount

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
OffsetViewportOrgEx
SaveDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
PtVisible
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
GetTextColor
GetBkColor
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
Escape
ExtTextOutW
CreateDIBSection
GetDeviceCaps
BitBlt
TextOutW
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetMapMode
RestoreDC
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
SHFileOperationW

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

ole32

OleFlushClipboard
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleRun
OleDraw
OleCreate
OleSetContainedObject
CreateStreamOnHGlobal
CoInitialize
CoGetClassObject

oleaut32

VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
SysStringLen
VarUI4FromStr
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
OleCreateFontIndirect
GetErrorInfo

oledlg

OleUIBusyW

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipGetFontStyle
GdipGetPathWorldBounds
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateImageAttributes
GdipCreateFont
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipSetImageAttributesWrapMode
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectRect
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDeleteFont

ws2_32

send
connect
WSAStartup
select
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
gethostbyname

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QBanPaoPaoTang1_chs_setup/安装说明.txt
QBanPaoPaoTang1_chs_setup/游迅网.url
.url
QBanPaoPaoTang1_chs_setup/点击使用.exe
.exe windows:5 windows x86 arch:x86

a61e1a6bd89891db55e6a2a47c5a5158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

MiniDumpWriteDump

kernel32

GlobalAddAtomW
MulDiv
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
FileTimeToLocalFileTime
GetModuleHandleA
LocalAlloc
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
ExitThread
ConvertDefaultLocale
GetConsoleCP
GetConsoleMode
GetFileType
GetProcessHeap
SetStdHandle
RtlUnwind
ExitProcess
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
EnumResourceLanguagesW
lstrcmpA
SetLastError
CompareStringA
InterlockedExchange
lstrcmpW
LocalFree
FormatMessageW
TerminateProcess
GetStdHandle
FindNextFileW
SetEndOfFile
GetFullPathNameW
SetFileTime
ResumeThread
Sleep
SetFileAttributesW
GlobalFree
CreateDirectoryA
GetSystemTimeAsFileTime
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
SetFilePointer
GetFileSize
FindClose
FindFirstFileW
FreeLibrary
SetErrorMode
WideCharToMultiByte
GetStartupInfoW
ReadFile
LoadLibraryW
GetTickCount
lstrlenA
GetShortPathNameW
GetProcAddress
GetLastError
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetModuleHandleW
FreeResource
CreateThread
DeleteFileW
GetDiskFreeSpaceExW
GlobalUnlock
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
lstrcpynW
CopyFileW
GlobalAlloc
WriteFile
GetPrivateProfileStringW
WaitForSingleObject
GlobalLock
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
LockResource
CreateFileW
SizeofResource
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FindResourceW
GetCommandLineW
GlobalDeleteAtom
GetLocaleInfoW
GetCurrentThread
InterlockedCompareExchange
HeapReAlloc

user32

CharNextW
GetSysColorBrush
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
UnregisterClassW
SendDlgItemMessageW
RegisterClipboardFormatW
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SetCapture
SetFocus
GetWindowLongW
DestroyMenu
PostThreadMessageW
SetWindowLongW
ReleaseCapture
CallWindowProcW
DefWindowProcW
PtInRect
SetRectEmpty
IsRectEmpty
IsWindow
GetWindowThreadProcessId
GetDesktopWindow
wsprintfW
SetWindowRgn
GetWindowRect
CopyRect
SetRect
IsWindowVisible
SetCursor
SetTimer
ScreenToClient
PostMessageW
KillTimer
LoadCursorW
GetClientRect
LoadIconW
InvalidateRect
GetCursorPos
GetSystemMetrics
SendMessageW
EnableWindow
UpdateWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
GetDlgItem

gdi32

GetStockObject
CreateFontIndirectW
CreateRectRgnIndirect
ExtSelectClipRgn
Escape
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetClipBox
OffsetViewportOrgEx
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
SetViewportOrgEx
BitBlt
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

InitializeSecurityDescriptor
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

comctl32

_TrackMouseEvent

shlwapi

ord156
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipDrawString
GdipFillRectangle
GdipCreateFontFamilyFromName
GdipFillRectangleI
GdipDrawImageRectRect
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipSetTextRenderingHint
GdipSetImageAttributesWrapMode
GdipCloneImage
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetSolidFillColor
GdipCreateStringFormat
GdipGetImageWidth
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5e704f00b4ddbae5704755a7b4cdd7f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

35:d5:fe:ff:f5:fc:c8:a0:34:a4:c1:71:1a:bc:24:bdCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

59:d1:cb:a9:82:57:72:7c:5d:10:ef:f5:92:05:60:8d:4a:a6:37:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

user32

gdi32

comdlg32

shell32

ws2_32

mscms

wininet

crypt32

urlmon

version

winmm

dsound

dinput8

advapi32

ole32

Exports

Exports

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rodata Size: 4KB - Virtual size: 4KB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 263KB - Virtual size: 1.3MB

.rsrc Size: 576KB - Virtual size: 575KB

.reloc Size: 363KB - Virtual size: 362KB

82dc00c29a6aea96c6ff9b7fcd4e6e2a

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 606KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 29KB - Virtual size: 54KB

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 41KB - Virtual size: 41KB

9197afa0b3c8922a2e489709a1cb0d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

35:d5:fe:ff:f5:fc:c8:a0:34:a4:c1:71:1a:bc:24:bd
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:d1:cb:a9:82:57:72:7c:5d:10:ef:f5:92:05:60:8d:4a:a6:37:fd
Signer

.text
Size: 7.8MB - Virtual size: 7.8MB

.rodata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 263KB - Virtual size: 1.3MB

.rsrc
Size: 576KB - Virtual size: 575KB

.reloc
Size: 363KB - Virtual size: 362KB

.text
Size: 607KB - Virtual size: 606KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 29KB - Virtual size: 54KB

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 41KB - Virtual size: 41KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 44KB - Virtual size: 63KB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 81KB - Virtual size: 80KB

.text
Size: 461KB - Virtual size: 460KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 63KB - Virtual size: 63KB