28eb1aa77e8dc61a3bda7e3cc18e6581

Sharing

Copy URL Twitter E-mail

General

Target

28eb1aa77e8dc61a3bda7e3cc18e6581
Size

887KB
MD5

28eb1aa77e8dc61a3bda7e3cc18e6581
SHA1

26911ba9ac6357c1eda2209498d49ce02938ea4d
SHA256

498a544b8cd99d7bb286a2f818da1f2bb933a890b5b53944735e7e66e8ec6842
SHA512

b351794daab69b1444517297e8ade46eaee461dcf0623d003a85598c5fbbbd1168519736184a60f22b419b728ef18edde2a45843700af9c90243945ab98a1a0e
SSDEEP

24576:9zRPjre2flwCnK6uQs7oameDjAAoDIVCnFh:5RPuCK6uJXjAAuIonFh

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/蓝海音乐盒/LiveUpdata.exe
unpack001/蓝海音乐盒/RMListView.col
unpack001/蓝海音乐盒/Radio.exe
unpack001/蓝海音乐盒/TrayInfo.col
unpack001/蓝海音乐盒/UpdateDownload.dll
unpack001/蓝海音乐盒/XpMenu.col
unpack001/蓝海音乐盒/data/user/system32/BsradioVisualEffect.exe
unpack001/蓝海音乐盒/蓝海音乐盒绿化安装.exe

Files

28eb1aa77e8dc61a3bda7e3cc18e6581
.rar
蓝海音乐盒/Diag.col
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蓝海音乐盒/LiveUpdata.exe
.exe windows:4 windows x86 arch:x86

6c599afc230f66b8f53ecd4ffca0ab7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaInStr
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
蓝海音乐盒/RMListView.col
.dll regsvr32 windows:4 windows x86 arch:x86

e490aaa01fe2c74a13cce67d8e2e37f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord694
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaAptOffset
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
EVENT_SINK2_Release
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
__vbaVarZero
__vbaVargVarMove
__vbaChkstk
__vbaFileClose
__vbaCyVar
EVENT_SINK_AddRef
__vbaGet3
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord561
DllFunctionCall
ord563
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
ord717
ord319
__vbaStrVarVal
__vbaGetOwner3
__vbaUbound
__vbaGetOwner4
__vbaCheckType
__vbaI2Var
__vbaFileSeek
__vbaStopExe
ord644
ord645
_CIlog
__vbaFileOpen
__vbaVar2Vec
ord648
ord570
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI4
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
__vbaStrVarCopy
__vbaI4Cy
_allmul
__vbaFpCSngR4
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaFpCSngR8
_CIexp
__vbaRecAssign
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蓝海音乐盒/Radio.exe
.exe windows:4 windows x86 arch:x86

0d7d2008d8052b442f62c30ebd7a66fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
ord582
__vbaStrI2
ord583
_CIcos
_adj_fptan
ord585
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaLenBstr
__vbaLineInputStr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaExitProc
__vbaVarForInit
ord300
__vbaI4Abs
ord301
ord595
__vbaObjSet
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
__vbaFpR4
ord599
ord306
__vbaBoolVar
ord307
ord309
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord313
__vbaInputFile
__vbaStrToUnicode
__vbaPrintFile
ord314
ord606
_adj_fprem
_adj_fdivr_m64
ord315
__vbaLateIdStAd
ord607
ord316
ord608
__vbaFPException
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaInStr
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVerifyVarObj
__vbaFpI2
ord614
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaR8IntI2
__vbaLateMemCallLd
ord617
_CIatan
__vbaUI1Str
ord618
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
蓝海音乐盒/TrayInfo.col
.dll regsvr32 windows:4 windows x86 arch:x86

f10b624b8f63cedfe03d213ef5fd9b58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
__vbaI2Var
ord644
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蓝海音乐盒/UpdateDownload.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0f20601653e36f21a32bf72f40a00968

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
GetTimeZoneInformation
ExitThread
GetLocalTime
CreateThread
GetSystemTime
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
HeapFree
GetCommandLineA
HeapReAlloc
GetACP
RtlUnwind
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapSize
HeapAlloc
SetHandleCount
HeapCreate
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpynA
GetEnvironmentStringsW
TlsSetValue
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetStdHandle
CompareStringA
GetProfileIntA
SetEnvironmentVariableA
GetLocaleInfoW
GetFileTime
SizeofResource
GetFileAttributesA
FindResourceExA
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
GlobalSize
FileTimeToSystemTime
CopyFileA
GetShortPathNameA
FindFirstFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
FindClose
FlushFileBuffers
GetProcessVersion
DuplicateHandle
FormatMessageA
WritePrivateProfileStringA
GetEnvironmentVariableA
GetVersionExA
SetEvent
CreateEventA
Sleep
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
GlobalFlags
LocalReAlloc
SetErrorMode
TlsGetValue
VirtualAlloc
GlobalReAlloc
TlsFree
InterlockedExchange
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetUserDefaultLCID
IsDBCSLeadByte
GlobalFree
GlobalUnlock
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrcpyA
lstrlenA
InterlockedIncrement
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
DeleteFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
WriteFile
ReadFile
CreateFileA
IsBadWritePtr
LCMapStringA
HeapDestroy
CompareStringW
CloseHandle

user32

SetActiveWindow
GetTabbedTextExtentA
GetDialogBaseUnits
GetDCEx
EndDialog
CreateDialogIndirectParamA
LockWindowUpdate
EnumChildWindows
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
AppendMenuA
RemoveMenu
SetFocus
AdjustWindowRectEx
EqualRect
GetTopWindow
WinHelpA
GetClassInfoA
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
MapWindowPoints
CharUpperA
SetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClassNameA
SetRect
GetSysColor
GrayStringA
DrawTextA
TabbedTextOutA
SetRectEmpty
ReleaseDC
LoadStringA
ReleaseCapture
SetCapture
PtInRect
GetSystemMetrics
RegisterClipboardFormatA
MoveWindow
ScreenToClient
IsChild
IsRectEmpty
IntersectRect
CreateMenu
DestroyMenu
GetMenuItemCount
GetMenu
GetSubMenu
GetMenuItemID
UpdateWindow
InflateRect
GetWindowRect
ShowWindow
OffsetRect
InvalidateRect
DrawEdge
CopyRect
SetParent
SetWindowPos
CallWindowProcA
UnhookWindowsHookEx
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
DestroyIcon
GetMessagePos
GetForegroundWindow
GetSysColorBrush
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
SendMessageA
KillTimer
SetTimer
DestroyWindow
UnregisterClassA
GetDesktopWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
IsWindow
PostMessageA
PostThreadMessageA
TranslateMessage
DispatchMessageA
GetMessageA
FillRect
EnableWindow
GetMenuStringA
GetDC
InsertMenuA
GetCapture
GetClientRect

gdi32

SelectClipRgn
MoveToEx
GetCurrentPositionEx
DeleteObject
CreateRectRgn
ScaleWindowExtEx
CreatePen
CreateSolidBrush
CreatePatternBrush
CopyMetaFileA
CreateDCA
GetTextMetricsA
GetTextExtentPoint32A
GetTextAlign
CreateFontIndirectA
EnumFontFamiliesExA
PatBlt
UnrealizeObject
Rectangle
SetRectRgn
CreateRectRgnIndirect
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetROP2
SetMapMode
SetBkMode
RestoreDC
SaveDC
SelectObject
GetObjectA
SetBkColor
GetClipBox
SetTextColor
ExtTextOutA
TextOutA
Escape
PtVisible
CombineRgn
RectVisible
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteDC
GetDeviceCaps
CreateBitmap
LPtoDP
GetStockObject
Ellipse
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA

shell32

ExtractIconA

comctl32

ord17

ole32

OleDestroyMenuDescriptor
CoTaskMemAlloc
StringFromGUID2
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateDataCache
CreateDataAdviseHolder
OleCreateMenuDescriptor
ReleaseStgMedium
OleSaveToStream
CoTaskMemFree
CreateOleAdviseHolder
StringFromCLSID
CoDisconnectObject
ReadFmtUserTypeStg
CoCreateInstance
OleDuplicateData
ReadClassStm
CreateStreamOnHGlobal
CoRegisterClassObject
CoRevokeClassObject

olepro32

ord250
ord251
ord252
ord253

oleaut32

SysStringLen
RegisterTypeLi
SysAllocStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantClear
LoadTypeLi
SafeArrayUnaccessData
SysStringByteLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
VariantInit
SysAllocStringByteLen
SysFreeString
LoadRegTypeLi

ws2_32

ntohs
inet_addr
recvfrom
recv
sendto
send
getsockname
accept
listen
bind
connect
socket
WSAAsyncSelect
closesocket
WSAGetLastError
WSAAsyncGetHostByName
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
gethostname
htons

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蓝海音乐盒/XpMenu.col
.dll regsvr32 windows:4 windows x86 arch:x86

f6ddd339ea6daae09a74d37ca3edbb29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaCyMul
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarSetVarAddref
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord556
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarCmpGe
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaVarIndexStoreObj
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
__vbaForEachCollVar
__vbaBoolVar
__vbaRefVarAry
__vbaVarTstLt
_CIsin
__vbaErase
ord632
__vbaVarZero
__vbaChkstk
__vbaCyVar
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaCyI4
__vbaNextEachCollVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaRedimVar
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaVarDiv
ord607
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaCastObj
__vbaI4Cy
__vbaForEachVar
_allmul
__vbaLateIdSt
ord652
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
蓝海音乐盒/data/TextList.cdb
蓝海音乐盒/data/app.ico
蓝海音乐盒/data/radiolist.cdb
蓝海音乐盒/data/updata/tmp/topver.txt
蓝海音乐盒/data/updata/ver/VER2.CDB
蓝海音乐盒/data/updata/ver/ver.cdb
蓝海音乐盒/data/user/SysSet.cdb
蓝海音乐盒/data/user/system32/BsradioVisualEffect.exe
.exe windows:5 windows x86 arch:x86

d287b46f6436ae965f0f1af9da8d89c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
FreeLibrary
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
蓝海音乐盒/data/user/tmp/#ser#3好人卡-谭维维1.tmp
.js
蓝海音乐盒/data/user/tmp/#ser#3赵薇-黄晓明1.tmp
.js
蓝海音乐盒/data/user/tmp/#ser#3达子的春天-林峰1.tmp
.js
蓝海音乐盒/data/user/top/0.txt
蓝海音乐盒/data/user/top/1.txt
蓝海音乐盒/data/user/top/10.txt
蓝海音乐盒/data/user/top/11.txt
蓝海音乐盒/data/user/top/12.txt
蓝海音乐盒/data/user/top/13.txt
蓝海音乐盒/data/user/top/14.txt
蓝海音乐盒/data/user/top/15.txt
蓝海音乐盒/data/user/top/16.txt
蓝海音乐盒/data/user/top/17.txt
蓝海音乐盒/data/user/top/2.txt
蓝海音乐盒/data/user/top/3.txt
蓝海音乐盒/data/user/top/4.txt
蓝海音乐盒/data/user/top/5.txt
蓝海音乐盒/data/user/top/6.txt
蓝海音乐盒/data/user/top/7.txt
蓝海音乐盒/data/user/top/8.txt
蓝海音乐盒/data/user/top/9.txt
蓝海音乐盒/data/user/top/topver.txt
蓝海音乐盒/data/user/web/Loading.htm
.html
蓝海音乐盒/data/user/web/loading.swf
蓝海音乐盒/reg.cmd
蓝海音乐盒/reg.reg
蓝海音乐盒/新云软件.url
.url
蓝海音乐盒/蓝海音乐盒绿化安装.exe
.exe windows:4 windows x86 arch:x86

35358fbbea6de98f9c4713469f43f4f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaInStrVar
_CIlog
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

6c599afc230f66b8f53ecd4ffca0ab7f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 168KB - Virtual size: 164KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

e490aaa01fe2c74a13cce67d8e2e37f9

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 249KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 24KB - Virtual size: 22KB

0d7d2008d8052b442f62c30ebd7a66fc

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.data Size: 4KB - Virtual size: 26KB

.rsrc Size: 88KB - Virtual size: 84KB

f10b624b8f63cedfe03d213ef5fd9b58

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

0f20601653e36f21a32bf72f40a00968

Headers

File Characteristics

Imports

kernel32

user32

gdi32

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 168KB - Virtual size: 164KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 252KB - Virtual size: 249KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 4KB - Virtual size: 26KB

.rsrc
Size: 88KB - Virtual size: 84KB

.text
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 388KB - Virtual size: 385KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 196KB - Virtual size: 193KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 210KB - Virtual size: 210KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB