193b76ec9a62050e0ac83d6a7552c237

Sharing

Copy URL Twitter E-mail

General

Target

193b76ec9a62050e0ac83d6a7552c237
Size

2.3MB
MD5

193b76ec9a62050e0ac83d6a7552c237
SHA1

5c21fa4bd267dc320e8b6ad6de8a633c76580912
SHA256

f96ea653cb513b59e5469f4a1e787a46c81bfc28905152609e2ca8f216554c53
SHA512

6fd1746a644ed8616ecd243c82c706704b1ccce115a8e85c162e36cc27d6dab8462a210c17ddd8a80268f5bff9655ef57dc34e67ade05b0b5b3a5c560dbe2920
SSDEEP

49152:duSwE3dtowJ1bhlFD4/uJHzHq1+Lb1/H+2dAVa34zC:dGE3wshlFD4mpzc+LbdHkVbC

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/dmstsc.exe	aspack_v212_v242

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dmstsc.exe
unpack001/msswch.dll
unpack001/msswchx.exe
unpack001/mstext40.dll
unpack001/mstime.dll
unpack001/mstlsapi.dll
unpack001/mstsc.exe
unpack001/mstscax.dll
unpack001/mstvca.dll
unpack001/mstvgs.dll
unpack001/msuni11.dll

Files

193b76ec9a62050e0ac83d6a7552c237
.rar
data/data.mdb
data/set.ini
dmstsc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 82KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
msswch.dll
.dll windows:5 windows x86 arch:x86

ffbf95e3f84516135c61627fe4bfb360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
free

kernel32

LocalAlloc
WinExec
CloseHandle
GetCommModemStatus
CreateFileW
SetCommState
GetCommState
GetModuleHandleW
LocalFree
DeviceIoControl
WaitForSingleObject
CreateMutexW
ReleaseMutex
MapViewOfFile
CreateFileMappingW
lstrcatW
lstrcpyW
lstrlenW
SetLastError
GetVersionExW
UnmapViewOfFile

user32

UnhookWindowsHookEx
SendMessageW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
wsprintfW
SetWindowsHookExW
GetAsyncKeyState
CallNextHookEx
PostMessageW
IsWindow

advapi32

RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

winmm

joyGetPosEx
timeGetTime

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msswchx.exe
.exe windows:5 windows x86 arch:x86

eba892da2a3c34a21c22c5c5f8316da7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

kernel32

GetModuleHandleA
MultiByteToWideChar
SetErrorMode
LoadLibraryW
GetProcAddress
GetCurrentThreadId
FreeLibrary
GetStartupInfoA

gdi32

GetStockObject

user32

SetTimer
CloseWindowStation
GetProcessWindowStation
PostQuitMessage
SetProcessWindowStation
OpenInputDesktop
OpenDesktopW
DestroyWindow
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
RegisterClassW
CreateWindowExW
OpenWindowStationW
KillTimer
MessageBoxW
GetFocus
LoadStringW
SetThreadDesktop
CloseDesktop
GetThreadDesktop

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qnk
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mstext40.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1c129a6bc0ff85788bcfba6bf499e0af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msjet40

ord172
ord167
ord155
ord170
ord146
ord179
ord156
ord159
ord101
ord136
ord118
ord108
ord158
ord176
ord173

mswstr10

ord1

kernel32

GlobalUnlock
GlobalFree
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
GetLastError
CloseHandle
ReadFile
WriteFile
SetFilePointer
GetPrivateProfileStringA
GetCurrentProcessId
GetVersionExW
DisableThreadLibraryCalls
GetModuleFileNameA
GlobalLock
GlobalAlloc
LoadLibraryW
GetFileSize
GetStringTypeA
GetStringTypeW
IsValidCodePage
GetLocaleInfoA
GetSystemDefaultLangID
WritePrivateProfileStringA
GetLocaleInfoW
SetLastError
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
LoadLibraryA
GetVersionExA
GetTempPathA
GetTempPathW
FreeLibrary
GetUserDefaultLCID
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetModuleHandleA
GetProcAddress
GetDriveTypeA
CreateDirectoryA
CreateDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
GetACP
GetOEMCP
GetFullPathNameA
WideCharToMultiByte
GetFullPathNameW

user32

CharUpperW
CharUpperA

advapi32

RegOpenKeyA
RegDeleteValueW
RegDeleteValueA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyW
RegCreateKeyA
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegQueryInfoKeyA

oleaut32

VarDecFromStr
VarBstrFromDec
SysAllocString
SysStringByteLen
SysFreeString
VarI2FromStr
SysAllocStringLen

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstime.dll
.dll regsvr32 windows:5 windows x86 arch:x86

44a604ad30f52d2efdf5766cdcf3c237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscat
bsearch
_itow
wcscmp
wcscpy
wcsncpy
_adjust_fdiv
malloc
__dllonexit
free
_except_handler3
memmove
ceil
floor
_ftol
_wtoi
_HUGE
_onexit
_initterm
wcslen

kernel32

GetVersionExA
WaitForSingleObjectEx
GlobalFree
GlobalHandle
GlobalSize
GlobalReAlloc
IsBadReadPtr
SetFilePointer
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
IsBadWritePtr
InterlockedExchange
ReadFile
GetLocalTime
DisableThreadLibraryCalls
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
GetLastError
HeapAlloc
GetProcessHeap
GetProcAddress
CreateThread
WaitForMultipleObjectsEx
SetEvent
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
HeapReAlloc
HeapFree
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
GetFileSize
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcatW
HeapDestroy
CloseHandle

user32

EqualRect
SetRect
wsprintfA
ReleaseCapture
SetRectEmpty
FillRect
SetTimer
KillTimer
TranslateMessage
GetSystemMetrics
DestroyWindow
wsprintfW
MapWindowPoints
GetDC
ReleaseDC
IntersectRect
CopyRect
MsgWaitForMultipleObjects

gdi32

CreateSolidBrush
StretchBlt
SetTextColor
SetBkColor
GetPaletteEntries
CreateCompatibleBitmap
SelectObject
SetPixel
GetPixel
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps

advapi32

RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateInstance
ProgIDFromCLSID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleRun
StringFromGUID2

oleaut32

SysStringByteLen
VariantClear
VariantInit
GetErrorInfo
VariantChangeTypeEx
CreateErrorInfo
LoadTypeLi
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
RegisterTypeLi
SetErrorInfo
LoadRegTypeLi
VariantChangeType
VariantCopy
SafeArrayCreateVector

urlmon

CoInternetCombineUrl
URLDownloadToCacheFileW
CoGetClassObjectFromURL
CreateAsyncBindCtx
FindMimeFromData

wininet

InternetCombineUrlW
InternetGetConnectedStateExW
InternetCrackUrlW

ddraw

DirectDrawCreate

shlwapi

ord83
ord45
ord29
ord104
ord84
ord117
ord436
ord28
ord25
ord43
ord309
ord51
ord107
ord123
ord56
ord52
ord131
StrCmpIW
StrCpyW
StrCpyNW
PathAppendW
StrCmpNIW
StrCatW
PathFindExtensionW
PathFindFileNameW
StrStrIW
StrCSpnIW
PathFileExistsW
StrCmpW
wvnsprintfW
StrSpnW
StrStrW
StrNCatW
StrRChrW
StrCmpNW
StrCatBuffW
ord40
ord121
ord94
ord120
ord125
ord128
ord130
ord116
ord60
ord80
ord145
ord141
ord314
ord55

rpcrt4

NdrDllRegisterProxy
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate
NdrCStdStubBuffer_Release

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstlsapi.dll
.dll windows:5 windows x86 arch:x86

a220dd54861f023cebc519d233b852e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_ultoa
rand
srand
_onexit
__dllonexit
_except_handler3
_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
_purecall
wcslen
sscanf
malloc
_initterm
free
swprintf
_wcsicmp
wcscpy
wcschr
wcscmp

activeds

ord3
ord7
ord9

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
VariantClear

rpcrt4

RpcStringFreeW
RpcMgmtSetComTimeout
RpcBindingSetAuthInfoW
RpcBindingFree
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcSmDestroyClientContext

netapi32

NetApiBufferFree
NetApiBufferAllocate
DsGetDcNameW
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
DsGetDcCloseW
DsGetDcNextW
DsGetDcOpenW
DsGetSiteNameW
NetGetJoinInformation

advapi32

RegCreateKeyExA
RegQueryValueExA
GetUserNameA
LsaOpenPolicy
LsaClose
LsaStorePrivateData
LsaFreeMemory
LsaRetrievePrivateData
LsaNtStatusToWinError
CheckTokenMembership
RegSetValueExA
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW

user32

GetSystemMetrics
GetMessageTime
GetCursorPos
wsprintfW

kernel32

GetComputerNameW
GetEnvironmentStrings
lstrlenA
GetSystemTime
SystemTimeToFileTime
CompareFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetCurrentProcessId
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
CreateMailslotW
CreateFileW
WriteFile
ReadFile
LocalReAlloc
GetLastError
CreateThread
LoadLibraryA
GetProcAddress
GetModuleHandleW
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitNamedPipeW
SetLastError
Sleep
DisableThreadLibraryCalls
LocalFree
LocalAlloc
CloseHandle
InterlockedDecrement
GetEnvironmentStringsW
GetVersionExW
lstrlenW
ReleaseMutex
WaitForSingleObject
CreateMutexW
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
InterlockedExchangeAdd
SetEvent

crypt32

CryptEncodeObject

Exports

Exports

EnumerateTlsServer
FindEnterpriseServer
GetAllEnterpriseServers
LsCsp_DecryptEnvelopedData
LsCsp_EncryptHwid
LsCsp_GetServerData
LsCsp_RetrieveSecret
LsCsp_StoreSecret
MIDL_user_allocate
MIDL_user_free
RequestToTlsRequest
TLSAllocateConcurrentLicense
TLSAllocateInternetLicenseEx
TLSAnnounceLicensePack
TLSAnnounceServer
TLSChallengeServer
TLSCheckLicenseMark
TLSConnectToAnyLsServer
TLSConnectToLsServer
TLSDepositeServerSPK
TLSDisconnectFromServer
TLSFreeTSCertificate
TLSGetAvailableLicenses
TLSGetLSPKCS10CertRequest
TLSGetLastError
TLSGetServerCertificate
TLSGetServerName
TLSGetServerNameEx
TLSGetServerPID
TLSGetServerSPK
TLSGetServerScope
TLSGetSupportFlags
TLSGetTSCertificate
TLSGetTlsPrivateData
TLSGetVersion
TLSInDomain
TLSInit
TLSInstallCertificate
TLSIsBetaNTServer
TLSIsLicenseEnforceEnable
TLSIssueNewLicense
TLSIssueNewLicenseEx
TLSIssueNewLicenseExEx
TLSIssuePlatformChallenge
TLSKeyPackAdd
TLSKeyPackEnumBegin
TLSKeyPackEnumEnd
TLSKeyPackEnumNext
TLSKeyPackSetStatus
TLSLicenseEnumBegin
TLSLicenseEnumEnd
TLSLicenseEnumNext
TLSLicenseEnumNextEx
TLSLookupServer
TLSMarkLicense
TLSRegisterLicenseKeyPack
TLSRequestTermServCert
TLSResponseServerChallenge
TLSRetrieveTermServCert
TLSReturnInternetLicenseEx
TLSReturnLicense
TLSReturnLicensedProduct
TLSSendServerCertificate
TLSShutdown
TLSStartDiscovery
TLSStopDiscovery
TLSTelephoneRegisterLKP
TLSTriggerReGenKey
TLSUpgradeLicense
TLSUpgradeLicenseEx

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstsc.exe
.exe windows:5 windows x86 arch:x86

b86124fdcbbac4f4dca40c45b1e62668

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
GetUserNameW
RegQueryValueExA
GetUserNameA

kernel32

FlushFileBuffers
FreeEnvironmentStringsW
SetStdHandle
RtlUnwind
GetCurrentProcessId
GetTickCount
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadWritePtr
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
DeleteCriticalSection
lstrcpynA
GetVersionExW
GetComputerNameA
GetDiskFreeSpaceA
GetFileType
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
ExitProcess
GetCommandLineA
GetModuleHandleA
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
CloseHandle
LocalFree
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetEnvironmentStringsW
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
lstrlenW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
GetModuleHandleW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
SetBkMode
CreateCompatibleBitmap
GetDIBColorTable
CreatePalette
CreateSolidBrush
SetTextColor
SetMapMode
UpdateColors
TranslateCharsetInfo
CreateCompatibleDC
SelectPalette
RealizePalette
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn
GetStockObject
GetDeviceCaps
DeleteDC
BitBlt
StretchBlt
SelectObject

user32

TranslateMessage
GetWindowDC
KillTimer
SetTimer
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowRect
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetSystemMetrics
DestroyWindow
GetMessageTime
GetWindowLongA
OffsetRect
IntersectRect
GetCursorPos

shell32

SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetSaveFileNameA
GetSaveFileNameW
GetFileTitleA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tqn
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mstscax.dll
.dll regsvr32 windows:5 windows x86 arch:x86

10e2d913a824a6cd1edc4b862e6a8438

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetSystemDefaultLangID
SetEvent
GetCurrentProcessId
GetVersion
IsBadReadPtr
GetTickCount
FreeResource
GlobalFree
GlobalHandle
SetFilePointer
ReadFile
DuplicateHandle
Beep
InterlockedExchange
TlsAlloc
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
CreateDirectoryA
DeleteFileA
GetTempFileNameA
GetTempPathA
ResetEvent
GlobalSize
CreateDirectoryW
DeleteFileW
GetTempFileNameW
Sleep
FreeLibraryAndExitThread
ResumeThread
CreateThread
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
QueryDosDeviceW
DebugBreak
GetComputerNameA
WaitForMultipleObjectsEx
FlushFileBuffers
DeviceIoControl
SetErrorMode
FindClose
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
GetCommTimeouts
GetCommMask
GetOverlappedResult
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
GetDiskFreeSpaceA
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
OutputDebugStringA
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetModuleFileNameW
GetSystemDirectoryA
GetSystemDirectoryW
GetModuleHandleW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
LoadLibraryW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
SetStdHandle
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapReAlloc
GetCommandLineA
TlsSetValue
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
SizeofResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
LocalFree
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
WideCharToMultiByte

advapi32

GetSecurityDescriptorLength
GetUserNameA
RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyA

user32

FlashWindow
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
SetCapture
ReleaseCapture
UnhookWindowsHookEx
CreateIconIndirect
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
CreateCursor
LoadStringW
MessageBeep
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
SetClassLongA
SetClassLongW
GetKeyboardLayout
GetSystemMenu
EnableMenuItem
SetWindowPlacement
SetTimer
CloseWindow
KillTimer
DestroyCursor
GetWindowDC
BringWindowToTop
InflateRect
GetSysColorBrush
FillRect
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
DestroyWindow
TranslateMessage
IsWindow
MoveWindow
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
SetScrollInfo
GetWindowThreadProcessId
PeekMessageA
AttachThreadInput
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
GetDC
ReleaseDC
UnionRect
PtInRect
OffsetRect
GetWindowPlacement
GetSystemMetrics
GetDesktopWindow
GetWindowRect
wsprintfA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
StretchDIBits
SetTextColor
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
CreateBrushIndirect
CreateDIBitmap
GetBitmapBits
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
RealizePalette
SelectPalette
CreateDIBSection
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
SetTextAlign
GetTextAlign
SetROP2
GdiFlush
GetPaletteEntries
Ellipse
SetPolyFillMode
Polyline
Polygon
GetNearestColor
PatBlt
CreateSolidBrush
GetMetaFileBitsEx
DeleteObject
CreatePen
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
PlayMetaFile

winspool.drv

GetPrinterA
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterDriverW
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

ole32

CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleLoadFromStream
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
CoGetMalloc

oleaut32

SysAllocString
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
VariantClear
SysStringByteLen
RegisterTypeLi
LoadTypeLi
SysFreeString

winmm

waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen

wsock32

connect
htons
socket
closesocket
send
recv
WSAStartup
WSAGetLastError
sendto
recvfrom
WSAAsyncSelect
gethostbyname
gethostname
WSACancelAsyncRequest
WSAAsyncGetHostByName
ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
bind

shell32

ExtractIconW
SHFileOperationA
ExtractIconA

rpcrt4

NdrMesTypeDecode
NdrMesTypeEncode
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
MesHandleFree

comctl32

InitCommonControlsEx
CreateToolbarEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstvca.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9a68c33f654c2b23e034d4b270dc3e3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

comctl32

InitCommonControlsEx
ImageList_Create
ord17
ImageList_Add

kernel32

GlobalHandle
FormatMessageW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
GetTickCount
CloseHandle
CreateThread
GetCommandLineA
GetVersionExA
HeapReAlloc
RaiseException
ExitProcess
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
VirtualAlloc
SetUnhandledExceptionFilter
HeapSize
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
IsBadCodePtr
SetFilePointer
FreeResource
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
FlushFileBuffers
Sleep
lstrcmpW
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
LocalFree
GetShortPathNameW
LoadLibraryExW
GetLastError
SizeofResource
lstrlenA
FindResourceW
LoadResource
LockResource
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTime
GetModuleFileNameW
lstrcatW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
MulDiv
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
lstrcpyW
lstrlenW
MultiByteToWideChar
LCMapStringA

advapi32

RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

ole32

HWND_UserMarshal
HWND_UserSize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateStreamOnHGlobal
OleLoadFromStream
HWND_UserFree
OleSaveToStream
CLSIDFromString
StringFromCLSID
OleLockRunning
CLSIDFromProgID
CoCreateFreeThreadedMarshaler
StgCreateDocfile
StgOpenStorage
OleInitialize
OleUninitialize
OleSave
OleLoad
ReadClassStm
WriteClassStm
HWND_UserUnmarshal

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysAllocString
VariantClear
VarUI4FromStr
LoadTypeLi
SystemTimeToVariantTime
RegisterTypeLi
SysAllocStringLen
SysStringLen
LoadRegTypeLi
OleTranslateColor
OleLoadPicture
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
VariantCopy
VariantInit
VariantCopyInd
SysFreeString
BSTR_UserFree

user32

SetFocus
GetWindowLongW
CallWindowProcW
EndPaint
GetClientRect
BeginPaint
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
PostMessageW
EndDialog
EnableWindow
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
RedrawWindow
GetClassNameW
FillRect
CreateAcceleratorTableW
RegisterWindowMessageW
RegisterClassW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateDialogIndirectParamW
UpdateWindow
GetWindowRect
LoadStringW
LoadBitmapW
ReleaseDC
CharNextW
GetParent
DestroyAcceleratorTable
SendMessageW
GetWindow
GetNextDlgTabItem
IsDialogMessageW
GetKeyState
IsWindow
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
EnumChildWindows
GetDlgItem
ShowWindow
GetFocus
IsChild
SetWindowLongW
GetSysColor
DrawTextW
DefWindowProcW
DestroyWindow
GetDC
GetDesktopWindow
GetDialogBaseUnits

gdi32

LPtoDP
CreateDCW
SetBkMode
SetTextColor
Rectangle
GetStockObject
RestoreDC
GetObjectW
CreateSolidBrush
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SaveDC
CreateMetaFileW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
DeleteDC
SetBkColor
DeleteObject

shell32

SHPathPrepareForWriteW
SHGetFolderPathW

rpcrt4

CStdStubBuffer_QueryInterface
NdrDllUnregisterProxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy

shlwapi

PathAppendW

atl

ord48

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstvgs.dll
.dll regsvr32 windows:5 windows x86 arch:x86

91867e24995ee3ea8a1edf006ad7beda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsicmp
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_CxxThrowException
_ftol
??3@YAXPAX@Z
_snwprintf
wcschr
wcscmp
wcscpy
wcslen
wcscat
_purecall
realloc
free
malloc

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

kernel32

FormatMessageW
LocalAlloc
GlobalHandle
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
GetSystemDirectoryW
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
LocalFree
IsBadReadPtr
IsBadStringPtrW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetLastError
MultiByteToWideChar
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcatW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrlenA

advapi32

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

OleRun
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantChangeType
SysStringLen
VariantCopy
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SafeArrayUnaccessData
VariantClear
SafeArrayAccessData
SafeArrayCreateVector
VarCmp
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
VariantChangeTypeEx
GetErrorInfo
SysAllocString
SysFreeString

user32

RegisterWindowMessageW
wsprintfW
DestroyWindow
CharNextW
RegisterClassW
PostMessageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
DefWindowProcW

rpcrt4

UuidCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msuni11.dll
.dll windows:4 windows x86 arch:x86

1946b820e751fc91c2ca4097c0fec3ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_adjust_fdiv
malloc
free

kernel32

GlobalFree
EnterCriticalSection
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 14KB - Virtual size: 24KB

.rdata Size: 1KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 16KB

.ecode Size: 82KB - Virtual size: 388KB

.rsrc Size: 160KB - Virtual size: 160KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

ffbf95e3f84516135c61627fe4bfb360

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

winmm

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: - Virtual size: 44B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 1024B - Virtual size: 736B

eba892da2a3c34a21c22c5c5f8316da7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdi32

user32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 120B

.rsrc Size: 1KB - Virtual size: 1KB

.qnk Size: - Virtual size: 4KB

1c129a6bc0ff85788bcfba6bf499e0af

Headers

File Characteristics

Imports

msjet40

mswstr10

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 192KB

.data Size: 32KB - Virtual size: 39KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 8KB - Virtual size: 6KB

44a604ad30f52d2efdf5766cdcf3c237

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

wininet

ddraw

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 408KB

.text
Size: 14KB - Virtual size: 24KB

.rdata
Size: 1KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 16KB

.ecode
Size: 82KB - Virtual size: 388KB

.rsrc
Size: 160KB - Virtual size: 160KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: - Virtual size: 44B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 1024B - Virtual size: 736B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 120B

.rsrc
Size: 1KB - Virtual size: 1KB

.qnk
Size: - Virtual size: 4KB

.text
Size: 196KB - Virtual size: 192KB

.data
Size: 32KB - Virtual size: 39KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 408KB - Virtual size: 408KB

.orpc
Size: 512B - Virtual size: 99B

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 40KB

.reloc
Size: 32KB - Virtual size: 31KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 130KB - Virtual size: 130KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 317KB - Virtual size: 316KB

.tqn
Size: - Virtual size: 4KB

.text
Size: 423KB - Virtual size: 422KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 23KB - Virtual size: 22KB