233a80de0dbe8b21003e342e923f140b

Sharing

Copy URL Twitter E-mail

General

Target

233a80de0dbe8b21003e342e923f140b
Size

1.8MB
MD5

233a80de0dbe8b21003e342e923f140b
SHA1

da232292f57ad27979a0c26798be7fb87ce0de43
SHA256

e15f9389a6b3f0f0422e6ae976e9ddf13bdef6bc1b233fbc1a947755570fb8fc
SHA512

3cd8408b21fc98efd9023f4ea687db0f79e49ad00783d04324e49ff7a4c762a92387d44c28a36690b468861de81d1ffff05f3a02b5b97a308a85116d6a0c50d1
SSDEEP

49152:cd7efi6R2sUKKdMod6FHy5j2SEO4TqGgJTrLG4P8UuQuDaE:cd7efi82sUKKSG6FQaXb0TZP8NDz

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Maxthon/Plugin/FlashSave/Config.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Maxthon/Plugin/IEHV/iehv.exe	upx
static1/unpack001/Maxthon/Plugin/IEHistory/iehistory.exe	upx

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Maxthon/MaxUpdate.exe
unpack001/Maxthon/Maxthon.exe
unpack001/Maxthon/Plugin/FTP Helper/FTPPlugin.exe
unpack001/Maxthon/Plugin/FlashSave/Config.exe
unpack001/Maxthon/Plugin/FlashSave/coolzmskin.ocx
unpack001/Maxthon/Plugin/FloatBar/FloatBar.dll
unpack001/Maxthon/Plugin/IEHV/iehv.exe
unpack003/out.upx
unpack001/Maxthon/Plugin/IEHistory/iehistory.exe
unpack001/Maxthon/Plugin/ViewPartialSource/ViewPartialSource.exe
unpack001/Maxthon/Plugin/ViewSource/ViewSrc.dll
unpack001/Maxthon/Plugin/uc/uc.dll
unpack001/Maxthon/Services/realtime/real_time.dll
unpack001/Maxthon/zlib.dll

Files

233a80de0dbe8b21003e342e923f140b
.rar
Maxthon/Config/Dynamic.ini
Maxthon/Config/Plugins.ini
Maxthon/Config/backup/setupcenter.ini
Maxthon/Config/blacklist.htm
.html .js polyglot
Maxthon/Config/blocked.wav
Maxthon/Config/config.xml
.xml
Maxthon/Config/default.xml
.xml
Maxthon/Config/default_ns.xml
.xml
Maxthon/Config/downloadmgr.ini
.vbs
Maxthon/Config/empty.swf
Maxthon/Config/pserv.dat
.zip
Maxthon/Config/setupcenter.ini
Maxthon/Groups/WaReZ.cgp
Maxthon/Groups/maxthon.cgp
Maxthon/Language/English/DefaultSetup.ini
Maxthon/Language/English/SearchBar.ini
.js
Maxthon/Language/English/gohelp.htm
.html
Maxthon/Language/English/gohelp.htm.bak
.html
Maxthon/Language/English/language.ini
Maxthon/Language/English/resource.htm
.html .js polyglot
Maxthon/Language/English/search.htm
.html .js polyglot
Maxthon/Language/English/tips.txt
Maxthon/Language/English/urllist.htm
.html .js polyglot
Maxthon/Language/Russian/language.ini
Maxthon/Language/Russian/urllist.htm
.html .js polyglot
Maxthon/License.txt
Maxthon/MaxUpdate.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Maxthon/Maxthon.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 406KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Maxthon/Plugin/AnalyzePic/analyzepic.htm
.html .js polyglot
Maxthon/Plugin/AnalyzePic/analyzepic0.ico
Maxthon/Plugin/AnalyzePic/analyzepic1.ico
Maxthon/Plugin/AnalyzePic/plugin.ini
Maxthon/Plugin/AstalavistaSearch/AstalavistaSearch.htm
.html
Maxthon/Plugin/AstalavistaSearch/plugin.ini
Maxthon/Plugin/AstalavistaSearch/scull.ico
Maxthon/Plugin/AstalavistaSearch/skull1.ico
Maxthon/Plugin/AstalavistaSearch/skull2.ico
Maxthon/Plugin/AstalavistaSearch/x.ico
Maxthon/Plugin/Calc++/calc.htm
.html .js polyglot
Maxthon/Plugin/Calc++/calculator.htm
.html
Maxthon/Plugin/Calc++/cpp.ico
Maxthon/Plugin/Calc++/help.htm
.html
Maxthon/Plugin/Calc++/plugin.ini
Maxthon/Plugin/ClearRubbish/clear_rubbish.htm
.html
Maxthon/Plugin/ClearRubbish/cold.ico
Maxthon/Plugin/ClearRubbish/hot.ico
Maxthon/Plugin/ClearRubbish/plugin.ini
Maxthon/Plugin/Continuous Reload/close_button.gif
Maxthon/Plugin/Continuous Reload/cold.ico
Maxthon/Plugin/Continuous Reload/continuous_reload.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_01min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_02min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_05min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_05sec.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_10min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_10sec.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_15sec.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_30min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_30sec.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/continuous_reload_60min.htm
.html .js polyglot
Maxthon/Plugin/Continuous Reload/hot.ico
Maxthon/Plugin/Continuous Reload/plugin.ini
Maxthon/Plugin/Continuous Reload/reload_button.gif
.gif
Maxthon/Plugin/Copy URL/cold.ico
Maxthon/Plugin/Copy URL/copyurl.htm
.html
Maxthon/Plugin/Copy URL/hot.ico
Maxthon/Plugin/Copy URL/plugin.ini
Maxthon/Plugin/CrackHTML_EN/CrackHTML.htm
.html .js polyglot
Maxthon/Plugin/CrackHTML_EN/cold.ico
Maxthon/Plugin/CrackHTML_EN/hot.ico
Maxthon/Plugin/CrackHTML_EN/plugin.ini
Maxthon/Plugin/Deframe/cold.ico
Maxthon/Plugin/Deframe/deframe.htm
.html
Maxthon/Plugin/Deframe/hot.ico
Maxthon/Plugin/Deframe/plugin.ini
Maxthon/Plugin/EnableRightClick/EnableRightClick.htm
.html
Maxthon/Plugin/EnableRightClick/plugin.ini
Maxthon/Plugin/EnableRightClick/rc.ico
Maxthon/Plugin/EnableRightClick/rightclick.ico
Maxthon/Plugin/EnableRightClick/rightclick2.ico
Maxthon/Plugin/FTP Helper/FTPPlugin.exe
.exe windows:4 windows x86 arch:x86

b6a453fc18993397fef18169f8e35aff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaVarCmpGe
__vbaLateMemSt
ord669
ord593
__vbaVarForInit
__vbaExitProc
ord594
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
ord520
__vbaStrFixstr
__vbaBoolVarNull
__vbaVarTstLt
__vbaFpR8
_CIsin
ord631
__vbaErase
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaRedimPreserve
_adj_fpatan
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaInputFile
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord535
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaInStr
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
__vbaVarSetObjAddref
__vbaR8IntI2
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Maxthon/Plugin/FTP Helper/FTPSetup.ini
Maxthon/Plugin/FTP Helper/Readme.txt
Maxthon/Plugin/FTP Helper/WhatsNew.txt
Maxthon/Plugin/FTP Helper/plugin.ini
Maxthon/Plugin/FlashLink/FlashLinks.html
.html .js polyglot
Maxthon/Plugin/FlashLink/cold.ico
Maxthon/Plugin/FlashLink/hot.ico
Maxthon/Plugin/FlashLink/plugin.ini
Maxthon/Plugin/FlashLink/readme.txt
Maxthon/Plugin/FlashSave/Config.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Maxthon/Plugin/FlashSave/Config.exe.manifest
.xml
Maxthon/Plugin/FlashSave/FlashSave.html
.html .js polyglot
Maxthon/Plugin/FlashSave/Language/English/Cancel.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Foreground.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Home.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Language.ini
Maxthon/Plugin/FlashSave/Language/English/OK.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page1-1.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page1-2.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page2-1.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page2-2.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page3-1.gif
.gif
Maxthon/Plugin/FlashSave/Language/English/Page3-2.gif
.gif
Maxthon/Plugin/FlashSave/Option.ini
Maxthon/Plugin/FlashSave/Readme_EN.txt
Maxthon/Plugin/FlashSave/Skins/Default/Html.dat
.html .js polyglot
Maxthon/Plugin/FlashSave/Skins/Default/Preview.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Default/Skin.ini
Maxthon/Plugin/FlashSave/Skins/Luxury/FlashSave_1.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Luxury/FlashSave_2.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Luxury/FlashSave_3.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Luxury/FlashSave_4.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Luxury/Html.dat
.html .js polyglot
Maxthon/Plugin/FlashSave/Skins/Luxury/Preview.gif
.gif
Maxthon/Plugin/FlashSave/Skins/Luxury/Skin.ini
Maxthon/Plugin/FlashSave/cold.ico
Maxthon/Plugin/FlashSave/coolzmskin.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

0a6ae82b558c5a2ee07dee4408ece1f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaI4Str
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord689
ord104
ord105
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Maxthon/Plugin/FlashSave/hot.ico
Maxthon/Plugin/FlashSave/plugin.ini
Maxthon/Plugin/FloatBar/FloatBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d1db46406901b96596e971843804268

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
lstrcmpA
GetVersionExA
GetModuleFileNameA
DisableThreadLibraryCalls
GetShortPathNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateFileA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
ReadFile
SetStdHandle
Sleep
IsBadCodePtr
GlobalUnlock
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
LCMapStringW
LCMapStringA
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
lstrcpynA
CopyFileA
GetLastError
SetEndOfFile
FormatMessageA
LocalFree
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
lstrlenA
OutputDebugStringA
DebugBreak
IsBadReadPtr
InterlockedDecrement

user32

CreatePopupMenu
AppendMenuA
OpenClipboard
SetDlgItemTextA
EndDialog
MessageBoxA
SendMessageA
DestroyMenu
GetWindow
SetWindowLongA
MessageBeep
SetDlgItemInt
GetDlgItemInt
wvsprintfA
CharNextA
TrackPopupMenu
MapWindowPoints
ClientToScreen
PtInRect
SetMenuItemInfoA
LoadMenuA
GetSubMenu
GetDlgItem
SetFocus
SetWindowTextA
GetWindowLongA
ShowWindow
SetTimer
KillTimer
MoveWindow
EmptyClipboard
SetClipboardData
CloseClipboard
LoadImageA
DialogBoxParamA
EnumChildWindows
LoadStringA
CreateWindowExA
wsprintfA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
GetParent
GetClassNameA
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
GetDC
ReleaseDC
GetFocus
IsChild
GetSysColor
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DialogBoxIndirectParamA
CreateDialogParamA
GetCursorPos
GetActiveWindow
CharLowerA
ScreenToClient
WindowFromPoint
GetWindowRect
IsWindowVisible

gdi32

GetDeviceCaps
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemRealloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
VariantCopy
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
RegisterTypeLi

wininet

GetUrlCacheEntryInfoExA

urlmon

URLDownloadToCacheFileA

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Maxthon/Plugin/FloatBar/ReadMe.txt
Maxthon/Plugin/FloatBar/plugin.ini
Maxthon/Plugin/FloatBar/tempfile.html
.html
Maxthon/Plugin/Force Pictures/ForcePictures.htm
.html .js polyglot
Maxthon/Plugin/Force Pictures/cold.ico
Maxthon/Plugin/Force Pictures/empty.gif
.gif
Maxthon/Plugin/Force Pictures/hot.ico
Maxthon/Plugin/Force Pictures/plugin.ini
Maxthon/Plugin/Gray/cold.ico
Maxthon/Plugin/Gray/gray.htm
.html .js polyglot
Maxthon/Plugin/Gray/hot.ico
Maxthon/Plugin/Gray/plugin.ini
Maxthon/Plugin/Hide Images/Hi.htm
.html
Maxthon/Plugin/Hide Images/cold.ico
Maxthon/Plugin/Hide Images/hi.ico
Maxthon/Plugin/Hide Images/hicold.ico
Maxthon/Plugin/Hide Images/hot.ico
Maxthon/Plugin/Hide Images/plugin.ini
Maxthon/Plugin/HighLightTexts/HighLightTexts.htm
.html .js polyglot
Maxthon/Plugin/HighLightTexts/HighLightTexts.ico
Maxthon/Plugin/HighLightTexts/plugin.ini
Maxthon/Plugin/HighLightTexts/th.ico
Maxthon/Plugin/IEHV/cold.ico
Maxthon/Plugin/IEHV/hot.ico
Maxthon/Plugin/IEHV/iehv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Maxthon/Plugin/IEHV/plugin.ini
Maxthon/Plugin/IEHistory/History.ico
Maxthon/Plugin/IEHistory/english.lng
Maxthon/Plugin/IEHistory/formatlines.txt
Maxthon/Plugin/IEHistory/groupless.htm
.html
Maxthon/Plugin/IEHistory/history.css
Maxthon/Plugin/IEHistory/history.txt
Maxthon/Plugin/IEHistory/iehistory.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Maxthon/Plugin/IEHistory/iehst.ini
Maxthon/Plugin/IEHistory/kroshin.htm
.html
Maxthon/Plugin/IEHistory/plugin.ini
Maxthon/Plugin/IEHistory/readmeeng.txt
Maxthon/Plugin/IEHistory/readmerus.txt
Maxthon/Plugin/IEHistory/short.htm
.html
Maxthon/Plugin/IEHistory/short_templ.htm
.html
Maxthon/Plugin/IEHistory/site_short.htm
.html
Maxthon/Plugin/IEHistory/templ_title.htm
.html
Maxthon/Plugin/IEHistory/template.htm
.html
Maxthon/Plugin/Kill Flash Ad and Flying Ad/Kill Flash Ad and Flying Ad.htm
.html .js polyglot
Maxthon/Plugin/Kill Flash Ad and Flying Ad/killad.ico
Maxthon/Plugin/Kill Flash Ad and Flying Ad/plugin.ini
Maxthon/Plugin/Linkify/PLUGIN.INI
Maxthon/Plugin/Linkify/cold.ico
Maxthon/Plugin/Linkify/hot.ico
Maxthon/Plugin/Linkify/linkify.HTM
.html .js polyglot
Maxthon/Plugin/Linktip/Linktip.htm
.html
Maxthon/Plugin/Linktip/cold.ico
Maxthon/Plugin/Linktip/hot.ico
Maxthon/Plugin/Linktip/plugin.ini
Maxthon/Plugin/List Resources/ListResources-Flash.htm
.html
Maxthon/Plugin/List Resources/ListResources-Frame.htm
.html
Maxthon/Plugin/List Resources/ListResources-Image.htm
.html
Maxthon/Plugin/List Resources/ListResources-Link.htm
.html
Maxthon/Plugin/List Resources/ListResources-Script.htm
.html
Maxthon/Plugin/List Resources/ListResources-Style.htm
.html
Maxthon/Plugin/List Resources/ListResources.htm
.html .js polyglot
Maxthon/Plugin/List Resources/ListResources/ListResources.css
Maxthon/Plugin/List Resources/ListResources/ListResources.gif
.gif
Maxthon/Plugin/List Resources/ListResources/ListResources.htm
.html .js polyglot
Maxthon/Plugin/List Resources/ListResources/ListResources.ini
Maxthon/Plugin/List Resources/ListResources/ListResources.js
.js
Maxthon/Plugin/List Resources/ListResources/ListResources.vbs
.vbs
Maxthon/Plugin/List Resources/cold.ico
Maxthon/Plugin/List Resources/hot.ico
Maxthon/Plugin/List Resources/plugin.ini
Maxthon/Plugin/M2bookmark/Desktop.ini
Maxthon/Plugin/M2bookmark/Thumbs.db
Maxthon/Plugin/M2bookmark/compact_menu.html
.html .js polyglot
Maxthon/Plugin/M2bookmark/compact_options.html
.html .js polyglot
Maxthon/Plugin/M2bookmark/defaultlocal.css
Maxthon/Plugin/M2bookmark/images/dot.gif
.gif
Maxthon/Plugin/M2bookmark/images/help1.gif
.gif
Maxthon/Plugin/M2bookmark/images/ico_addfavorite.gif
.gif
Maxthon/Plugin/M2bookmark/images/ico_addfavorite_t.gif
.gif
Maxthon/Plugin/M2bookmark/images/ico_addfolder.gif
.gif
Maxthon/Plugin/M2bookmark/images/logout.gif
.gif
Maxthon/Plugin/M2bookmark/images/options.gif
.gif
Maxthon/Plugin/M2bookmark/images/refresh.gif
.gif
Maxthon/Plugin/M2bookmark/languages/Chinese.ini
Maxthon/Plugin/M2bookmark/languages/English.ini
Maxthon/Plugin/M2bookmark/m2bk.ico
Maxthon/Plugin/M2bookmark/max.src
Maxthon/Plugin/M2bookmark/plugin.ini
Maxthon/Plugin/M2bookmark/settings.ini
Maxthon/Plugin/M2bookmark/userbk.html
.html
Maxthon/Plugin/MailThisTab/MailThisTab.htm
.html .js polyglot
Maxthon/Plugin/MailThisTab/MailThisTab.ico
Maxthon/Plugin/MailThisTab/plugin.ini
Maxthon/Plugin/MemBoost/MemBoost.htm
.html .vbs polyglot
Maxthon/Plugin/MemBoost/MemBoost.ico
Maxthon/Plugin/MemBoost/plugin.ini
Maxthon/Plugin/Newsletter/Newsletter.htm
.html
Maxthon/Plugin/Newsletter/myie2.ico
Maxthon/Plugin/Newsletter/newsletter.ico
Maxthon/Plugin/Newsletter/plugin.ini
Maxthon/Plugin/PageInfo/cold.ico
Maxthon/Plugin/PageInfo/hot.ico
Maxthon/Plugin/PageInfo/pageinfo.htm
.html .js polyglot
Maxthon/Plugin/PageInfo/plugin.ini
Maxthon/Plugin/Plugins-HowTo.htm
.html
Maxthon/Plugin/PrintEdit/PrintEdit.htm
.html .js polyglot
Maxthon/Plugin/PrintEdit/PrintEdit.ico
Maxthon/Plugin/PrintEdit/PrintEdit1.ico
Maxthon/Plugin/PrintEdit/plugin.ini
Maxthon/Plugin/RU.Board Navigation/plugin.ini
Maxthon/Plugin/RU.Board Navigation/ru.board-nav.css
Maxthon/Plugin/RU.Board Navigation/ru.board-nav.htm
.html
Maxthon/Plugin/RU.Board Navigation/ru.board-nav.ico
Maxthon/Plugin/RU.Board Smiles/plugin.ini
Maxthon/Plugin/RU.Board Smiles/ru.board-smiles.css
Maxthon/Plugin/RU.Board Smiles/ru.board-smiles.htm
.html
Maxthon/Plugin/RU.Board Smiles/ru.board-smiles.ico
Maxthon/Plugin/RU.Board Smiles/smiles/4u.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/abuse.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/amazed.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/angel.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/applause.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/baby.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/bad.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/beast.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/beer.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/biggrin.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/biglaugh.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/birthday.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/bow.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/bye.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/chew.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/chih.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/clown.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/condom.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/confused.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/cool.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/cranky.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/dance.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/dandy.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/dedmoroz.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/deds.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/dont.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/down.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/drink.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/duel.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/durak.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/eek.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/eyes.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/fingal.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/gigi.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/girl.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/glasses.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/gulp.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/gum.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/help.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/hi.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/idea.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/idontnow.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/indifferent.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/inlove.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/insane.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/jump.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/kiss.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/kruto.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/lady.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/lamer.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/laugh.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/lol.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/love.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/loveu.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/mad.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/maniac.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/moderator.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/nervous.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/nnn.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/no.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/off.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/offence.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/phone.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/pilot.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/pray.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/puke.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/redface.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/rolleyes.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/rotate.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/row.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/ruboard.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/rupor.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/sad.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/scull.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/sex.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/shot.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/shuffle.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/sleep.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/smile.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/smirk.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/smoke.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/splat.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/spy.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/standup.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/stop.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/sun.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/super.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/surprise.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/talk.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/tease.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/tired.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/tongue.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/type.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/umnik.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/up.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/upside.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/user.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/uzi.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/vampire.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/wave.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/weep.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/wink.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/winkgrin.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/wow.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/yawn.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/yes.gif
.gif
Maxthon/Plugin/RU.Board Smiles/smiles/yogi.gif
.gif
Maxthon/Plugin/Save Page/AutosaveAll.htm
.html .js polyglot
Maxthon/Plugin/Save Page/AutosaveThis.htm
.html .js polyglot
Maxthon/Plugin/Save Page/NameAutosaveAll.htm
.html .js polyglot
Maxthon/Plugin/Save Page/NameAutosaveThis.htm
.html .js polyglot
Maxthon/Plugin/Save Page/QuickSave.htm
.html
Maxthon/Plugin/Save Page/SaveAs.htm
.html
Maxthon/Plugin/Save Page/SaveHtml.htm
.html
Maxthon/Plugin/Save Page/cold.ico
Maxthon/Plugin/Save Page/hot.ico
Maxthon/Plugin/Save Page/plugin.ini
Maxthon/Plugin/SearchDomain/SearchDomain.htm
.html .js polyglot
Maxthon/Plugin/SearchDomain/SearchDomain.ico
Maxthon/Plugin/SearchDomain/SearchDomain_cold.ico
Maxthon/Plugin/SearchDomain/plugin.ini
Maxthon/Plugin/ShowURL/ShowURL.htm
.html .js polyglot
Maxthon/Plugin/ShowURL/cold.ico
Maxthon/Plugin/ShowURL/hot.ico
Maxthon/Plugin/ShowURL/plugin.ini
Maxthon/Plugin/Up a Directory/Up.htm
.html
Maxthon/Plugin/Up a Directory/cold.ico
Maxthon/Plugin/Up a Directory/hot.ico
Maxthon/Plugin/Up a Directory/plugin.ini
Maxthon/Plugin/View CSS 1.0/css.ico
Maxthon/Plugin/View CSS 1.0/css2.ico
Maxthon/Plugin/View CSS 1.0/plugin.ini
Maxthon/Plugin/View CSS 1.0/viewcss.htm
.html .js polyglot
Maxthon/Plugin/View Scripts 0.9/js.ico
Maxthon/Plugin/View Scripts 0.9/js2.ico
Maxthon/Plugin/View Scripts 0.9/plugin.ini
Maxthon/Plugin/View Scripts 0.9/viewscripts.htm
.html .js polyglot
Maxthon/Plugin/ViewCookie/plugin.ini
Maxthon/Plugin/ViewCookie/viewcookie.html
.html .js polyglot
Maxthon/Plugin/ViewCookie/viewcookie0.ico
Maxthon/Plugin/ViewCookie/viewcookie1.ico
Maxthon/Plugin/ViewPartialSource/ViewPartialSource.exe
.exe windows:4 windows x86 arch:x86

dcc723bc43134c4d1c8f1e60bc1fd252

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
ord690
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
ord689
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Maxthon/Plugin/ViewPartialSource/cold.ico
Maxthon/Plugin/ViewPartialSource/hot.ico
Maxthon/Plugin/ViewPartialSource/plugin.ini
Maxthon/Plugin/ViewSource/ViewSrc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a289fa876ad70dfdca4d679a37d3a3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemInfo
HeapCreate
InterlockedDecrement
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
lstrcpyA
WideCharToMultiByte
lstrlenW
GetTempFileNameA
GetTempPathA
WritePrivateProfileStringA
CloseHandle
WriteFile
FlushInstructionCache
DebugBreak
HeapFree
lstrcpynA
HeapAlloc
lstrcatA
CreateFileA
GetCurrentProcess

user32

GetWindowLongA
GetParent
MapWindowPoints
GetWindowRect
GetActiveWindow
SetWindowPos
GetWindow
DialogBoxParamA
SystemParametersInfoA
IsDlgButtonChecked
GetSystemMetrics
GetClientRect
SetWindowLongA
GetDlgItemTextA
LoadImageA
CheckDlgButton
GetDlgItem
EnableWindow
SetDlgItemTextA
SendMessageA
EndDialog

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

ole32

CoUninitialize

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord18
ord15
ord57
ord30
ord58
ord32
ord23
ord21
ord44
ord43
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 557B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Maxthon/Plugin/ViewSource/plugin.ini
Maxthon/Plugin/ViewSource/plugin.ini.bak
Maxthon/Plugin/W3CValidate/W3CValidate.js
.js .html polyglot
Maxthon/Plugin/W3CValidate/cold.ico
Maxthon/Plugin/W3CValidate/hot.ico
Maxthon/Plugin/W3CValidate/plugin.ini
Maxthon/Plugin/W@P 1.0/index.html
.html
Maxthon/Plugin/W@P 1.0/plugin.ini
Maxthon/Plugin/W@P 1.0/temp.html
.html
Maxthon/Plugin/W@P 1.0/wap.html
.html
Maxthon/Plugin/W@P 1.0/wap.ico
Maxthon/Plugin/Weather/config.htm
.html .js polyglot
Maxthon/Plugin/Weather/images/collapse.gif
.gif
Maxthon/Plugin/Weather/images/config.gif
.gif
Maxthon/Plugin/Weather/images/expand.gif
.gif
Maxthon/Plugin/Weather/images/sun.gif
.gif
Maxthon/Plugin/Weather/images/sync.gif
.gif
Maxthon/Plugin/Weather/images/weather.gif
.gif
Maxthon/Plugin/Weather/images/weather_title.jpg
.jpg
Maxthon/Plugin/Weather/language/lan_en.xml
.xml
Maxthon/Plugin/Weather/plugin.ini
Maxthon/Plugin/Weather/readme.txt
Maxthon/Plugin/Weather/script/config.js
.js
Maxthon/Plugin/Weather/script/weather.css
Maxthon/Plugin/Weather/script/weather.js
.js
Maxthon/Plugin/Weather/script/weather2.js
.js
Maxthon/Plugin/Weather/weather.htm
.html .js polyglot
Maxthon/Plugin/Weather/weather.ico
Maxthon/Plugin/Weather/weather2.htm
.html .js polyglot
Maxthon/Plugin/WindowsUpdateBtn/cold.ico
Maxthon/Plugin/WindowsUpdateBtn/hot.ico
Maxthon/Plugin/WindowsUpdateBtn/plugin.ini
Maxthon/Plugin/WindowsUpdateBtn/update.html
.html
Maxthon/Plugin/forcelink/Forcelink.htm
.html
Maxthon/Plugin/forcelink/cold.ico
Maxthon/Plugin/forcelink/hot.ico
Maxthon/Plugin/forcelink/plugin.ini
Maxthon/Plugin/meta.kadets.ru/meta.kadets.ru.htm
.html
Maxthon/Plugin/meta.kadets.ru/plugin.ini
Maxthon/Plugin/meta.kadets.ru/scull.ico
Maxthon/Plugin/meta.kadets.ru/skull1.ico
Maxthon/Plugin/meta.kadets.ru/skull2.ico
Maxthon/Plugin/meta.kadets.ru/x.ico
Maxthon/Plugin/pageno+1/cold.ico
Maxthon/Plugin/pageno+1/hot.ico
Maxthon/Plugin/pageno+1/pageno+1.htm
.html .js polyglot
Maxthon/Plugin/pageno+1/plugin.ini
Maxthon/Plugin/pageno-1/cold.ico
Maxthon/Plugin/pageno-1/hot.ico
Maxthon/Plugin/pageno-1/pageno-1.htm
.html .js polyglot
Maxthon/Plugin/pageno-1/plugin.ini
Maxthon/Plugin/thumbs/cold.ico
Maxthon/Plugin/thumbs/hot.ico
Maxthon/Plugin/thumbs/plugin.ini
Maxthon/Plugin/thumbs/thumbs.htm
.html .js polyglot
Maxthon/Plugin/uc/plugin.ini
Maxthon/Plugin/uc/uc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0bd667d391c1e5584d207cd4452809c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
InitializeCriticalSection
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
HeapFree
DebugBreak
lstrcpynA
FlushInstructionCache
lstrlenW
HeapAlloc
lstrlenA

user32

ShowWindow
GetDlgCtrlID
SendMessageA
BeginPaint
MessageBoxA
ReleaseDC
GetClientRect
FillRect
LoadStringA
SetWindowPos
GetWindowRect
RedrawWindow
GetWindowTextA
CallWindowProcA
ScreenToClient
UpdateWindow
LoadCursorA
KillTimer
SetTimer
CreateWindowExA
OffsetRect
DrawTextA
GetParent
GetWindowLongA
SetWindowLongA
SetWindowTextA
SetCursor
InvalidateRect
DefWindowProcA
GetSysColor
EndPaint
GetDC
CharNextA

gdi32

CreateSolidBrush
GetDeviceCaps
DPtoLP
DeleteDC
BitBlt
TextOutA
SetViewportOrgEx
GetViewportOrgEx
SetTextAlign
SetTextColor
SetBkMode
SelectObject
GetObjectA
DeleteObject
CreateFontIndirectA
CreateCompatibleDC
Rectangle
GetStockObject
CreateCompatibleBitmap

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord30
ord58
ord44
ord43
ord23
ord46
ord21
ord32
ord18
ord16
ord15
ord57

comctl32

InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Maxthon/Services/realtime/Settings.ini
Maxthon/Services/realtime/real_time.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f47fee95827d8a708b59cb1fe74bb87b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2648
ord2055
ord6376
ord3749
ord4441
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3798
ord4837
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3147
ord4080
ord2982
ord3079
ord3597
ord616
ord641
ord567
ord324
ord825
ord692
ord2302
ord4234
ord2379
ord6197
ord6199
ord5951
ord1779
ord4710
ord4129
ord5683
ord860
ord823
ord1168
ord3874
ord5810
ord5481
ord4627
ord4335
ord4863
ord4975
ord4425
ord6374
ord966
ord3570
ord2029
ord926
ord2077
ord278
ord2642
ord3092
ord605
ord5953
ord1264
ord1567
ord268
ord4853
ord3095
ord3097
ord4055
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord540
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord2086
ord6215
ord3337
ord924
ord858
ord3811
ord2820
ord2822
ord922
ord535
ord537
ord800
ord5280
ord4353
ord5241
ord5163
ord2385
ord4078
ord4407
ord1775
ord4998
ord6052
ord2514
ord3639
ord4376
ord5265
ord5290
ord4424
ord3402
ord6055
ord4401
ord1776
ord2024
ord2581
ord4219
ord1771
ord2413
ord6366
ord2578
ord3582
ord4398
ord2411
ord4218
ord2023
ord5796
ord1971
ord5478
ord2031
ord5199
ord1116
ord1176
ord1253
ord269
ord826
ord600
ord1578
ord1255
ord1577
ord1570
ord1243
ord1575
ord342
ord1182
ord1197

msvcrt

memset
malloc
realloc
_onexit
__dllonexit
memcmp
_purecall
memcpy
_CxxThrowException
_ftol
__CxxFrameHandler
_ftime
_mbscmp
modf
_snprintf
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
free

kernel32

GetLastError
SizeofResource
FreeLibrary
LoadResource
GetModuleHandleA
GetShortPathNameA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrlenA
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ResetEvent
SetEvent
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
FormatMessageA
LoadLibraryExA
SetLocalTime
lstrcpynA
IsDBCSLeadByte
lstrcmpiA
GetProcAddress
LoadLibraryA
HeapDestroy
lstrcatA
LocalFree
lstrcpyA
LocalAlloc
FindResourceA

user32

GetWindowRect
SetTimer
SetForegroundWindow
KillTimer
SendMessageA
CharNextA
EnableWindow

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VarUI4FromStr

wsock32

htonl
ntohl
WSAGetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Maxthon/Skin/Crystal2/address.bmp
Maxthon/Skin/Crystal2/coldtool.bmp
Maxthon/Skin/Crystal2/coldtool_s.bmp
Maxthon/Skin/Crystal2/fav.bmp
Maxthon/Skin/Crystal2/hottool.bmp
Maxthon/Skin/Crystal2/hottool_s.bmp
Maxthon/Skin/Crystal2/iconani.bmp
Maxthon/Skin/Crystal2/link.bmp
Maxthon/Skin/Crystal2/progress.bmp
Maxthon/Skin/Crystal2/sbk.bmp
Maxthon/Skin/Crystal2/sidebar_s.bmp
Maxthon/Skin/Crystal2/sidebar_u.bmp
Maxthon/Skin/Crystal2/skin.ini
Maxthon/Skin/Crystal2/status.bmp
Maxthon/Skin/Crystal2/sysmenu.bmp
Maxthon/Skin/Crystal2/sysmenu2.bmp
Maxthon/Skin/Crystal2/tab.bmp
Maxthon/Skin/Crystal2/tbk.bmp
Maxthon/Skin/Crystal2/toolbar_bk.bmp
Maxthon/Skin/Default XP/bg.bmp
Maxthon/Skin/Default XP/coldtool.bmp
Maxthon/Skin/Default XP/coldtool_s.bmp
Maxthon/Skin/Default XP/fav_folder.bmp
Maxthon/Skin/Default XP/go.bmp
Maxthon/Skin/Default XP/hottool.bmp
Maxthon/Skin/Default XP/hottool1.bmp
Maxthon/Skin/Default XP/hottool_s.bmp
Maxthon/Skin/Default XP/hottool_s1.bmp
Maxthon/Skin/Default XP/progress.bmp
Maxthon/Skin/Default XP/selected_icon.ico
Maxthon/Skin/Default XP/sidebar_s1.bmp
Maxthon/Skin/Default XP/sidebar_u1.bmp
Maxthon/Skin/Default XP/skin.ini
Maxthon/Skin/Default XP/status.bmp
Maxthon/Skin/Default XP/status_bk1.bmp
Maxthon/Skin/Default XP/sysmenu.bmp
Maxthon/Skin/Default XP/tab.bmp
Maxthon/Skin/Default XP/tab_bk.bmp
Maxthon/Skin/Default XP/tab_bk1.bmp
Maxthon/Skin/Default XP/unselected_icon.ico
Maxthon/Skin/Default/bg.bmp
Maxthon/Skin/Default/icons.bmp
Maxthon/Skin/Default/skin.ini
Maxthon/Skin/Default/skin1.ini
Maxthon/Skin/Mozilla_2/address.bmp
Maxthon/Skin/Mozilla_2/anicon.bmp
Maxthon/Skin/Mozilla_2/atv_btn.bmp
Maxthon/Skin/Mozilla_2/bg.bmp
Maxthon/Skin/Mozilla_2/coldtool.bmp
Maxthon/Skin/Mozilla_2/coldtoolsm.bmp
Maxthon/Skin/Mozilla_2/hottoolb.bmp
Maxthon/Skin/Mozilla_2/hottoolbsm.bmp
Maxthon/Skin/Mozilla_2/inatv_btn.bmp
Maxthon/Skin/Mozilla_2/link.bmp
Maxthon/Skin/Mozilla_2/selected_icon.ico
Maxthon/Skin/Mozilla_2/skin.ini
Maxthon/Skin/Mozilla_2/status.bmp
Maxthon/Skin/Mozilla_2/sysmenu.bmp
Maxthon/Skin/Mozilla_2/tab.bmp
Maxthon/Skin/Mozilla_2/unselected_icon.ico
Maxthon/Skin/Simple XP/coldtool_s.bmp
Maxthon/Skin/Simple XP/fav_folder.bmp
Maxthon/Skin/Simple XP/go.bmp
Maxthon/Skin/Simple XP/hottool_s.bmp
Maxthon/Skin/Simple XP/hottool_s1.bmp
Maxthon/Skin/Simple XP/iconani.bmp
Maxthon/Skin/Simple XP/sidebar_s.bmp
Maxthon/Skin/Simple XP/sidebar_u.bmp
Maxthon/Skin/Simple XP/skin.ini
Maxthon/Skin/Simple XP/status.bmp
Maxthon/Skin/Simple XP/sysmenu.bmp
Maxthon/Skin/Simple XP/tab.bmp
Maxthon/Skin/TCPort/active.bmp
Maxthon/Skin/TCPort/bg.bmp
Maxthon/Skin/TCPort/checkbox_icon.ico
Maxthon/Skin/TCPort/coldtool.bmp
Maxthon/Skin/TCPort/disabled_checkbox_icon.ico
Maxthon/Skin/TCPort/go.bmp
Maxthon/Skin/TCPort/hottool.bmp
Maxthon/Skin/TCPort/inactive.bmp
Maxthon/Skin/TCPort/link.bmp
Maxthon/Skin/TCPort/progress.bmp
Maxthon/Skin/TCPort/sidebarbg.bmp
Maxthon/Skin/TCPort/skin.ini
Maxthon/Skin/TCPort/status.bmp
Maxthon/Skin/TCPort/sysmenu.bmp
Maxthon/Skin/TCPort/tab.bmp
Maxthon/Skin/TCPort/tabbg.bmp
Maxthon/Skin/X_Phoenity/address.bmp
Maxthon/Skin/X_Phoenity/atv_btn.bmp
Maxthon/Skin/X_Phoenity/bg.bmp
Maxthon/Skin/X_Phoenity/checkbox_icon.ico
Maxthon/Skin/X_Phoenity/coldtool.bmp
Maxthon/Skin/X_Phoenity/coldtool_s.bmp
Maxthon/Skin/X_Phoenity/disabled_checkbox_icon.ico
Maxthon/Skin/X_Phoenity/go.bmp
Maxthon/Skin/X_Phoenity/hottool.bmp
Maxthon/Skin/X_Phoenity/hottool_s.bmp
Maxthon/Skin/X_Phoenity/iconani.bmp
Maxthon/Skin/X_Phoenity/inatv_btn.bmp
Maxthon/Skin/X_Phoenity/link.bmp
Maxthon/Skin/X_Phoenity/progress.bmp
Maxthon/Skin/X_Phoenity/sbbg.bmp
Maxthon/Skin/X_Phoenity/skin.ini
Maxthon/Skin/X_Phoenity/status.bmp
Maxthon/Skin/X_Phoenity/sysmenu.bmp
Maxthon/Skin/X_Phoenity/tab.bmp
Maxthon/Skin/X_Phoenity/tab_status_bg.bmp
Maxthon/Skin/opera/address.bmp
Maxthon/Skin/opera/bg.bmp
Maxthon/Skin/opera/coldtool.bmp
Maxthon/Skin/opera/coldtool_s.bmp
Maxthon/Skin/opera/folder.bmp
Maxthon/Skin/opera/go.bmp
Maxthon/Skin/opera/hottool.bmp
Maxthon/Skin/opera/hottool_s.bmp
Maxthon/Skin/opera/iconani.bmp
Maxthon/Skin/opera/sidebar_s.bmp
Maxthon/Skin/opera/sidebar_u.bmp
Maxthon/Skin/opera/skin.ini
Maxthon/Skin/opera/status.bmp
Maxthon/Skin/opera/sysmenu.bmp
Maxthon/Skin/opera/tab.bmp
Maxthon/Template/fav_search.htm
.html .js polyglot
Maxthon/Template/fav_search.xsl
.xml
Maxthon/maxthon.exe.manifest
.xml
Maxthon/mstyle.css
Maxthon/sp2enable.reg
Maxthon/sp2removal.reg
Maxthon/what's new.txt
Maxthon/zlib.dll
.dll windows:4 windows x86 arch:x86

bce90da5cd731751eca82d6e48766455

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
fprintf
_fdopen
fopen
_errno
strcpy
strlen
malloc
sprintf
fwrite
fread
memset
ftell
_vsnprintf
fflush
fseek
fputc
strcat
clearerr
_initterm
_adjust_fdiv
__dllonexit
_onexit
fclose
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 929B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 32KB

.aspack Size: 28KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 406KB - Virtual size: 984KB

.rdata Size: 54KB - Virtual size: 240KB

.data Size: 18KB - Virtual size: 80KB

.rsrc Size: 154KB - Virtual size: 520KB

.aspack Size: 77KB - Virtual size: 80KB

.adata Size: - Virtual size: 4KB

b6a453fc18993397fef18169f8e35aff

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

.text Size: 50KB - Virtual size: 588KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 48KB

.aspack Size: 31KB - Virtual size: 32KB

.adata Size: - Virtual size: 4KB

0a6ae82b558c5a2ee07dee4408ece1f5

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

2d1db46406901b96596e971843804268

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

wininet

urlmon

comctl32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 16KB - Virtual size: 14KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 25KB - Virtual size: 28KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 32KB

.aspack
Size: 28KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

.text
Size: 406KB - Virtual size: 984KB

.rdata
Size: 54KB - Virtual size: 240KB

.data
Size: 18KB - Virtual size: 80KB

.rsrc
Size: 154KB - Virtual size: 520KB

.aspack
Size: 77KB - Virtual size: 80KB

.adata
Size: - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 588KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 48KB

.aspack
Size: 31KB - Virtual size: 32KB

.adata
Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 16KB - Virtual size: 14KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 256KB

UPX1
Size: 137KB - Virtual size: 140KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 557B

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 902B

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 716B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB