gh0strat | TheKingOfGhosts[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

TheKingOfGhosts.rar
Size

8.8MB
MD5

15ec80004aae68dc3bcd0c096ea4b625
SHA1

af0196f23be2145add3eba35af9b09d69e23dd7f
SHA256

90beb2948185f7b29684953c182065cd6098cf0cc05b7d9e822989afa24a83b6
SHA512

8ef1a72f898cc0d7ae3f16c17ea8294df4894b6657d64c424f61260521c53bbfff883262469fbae8b65ba96599a04ac5b5d01c35288efdaaa7f81b58cf1b89d3
SSDEEP

196608:DuWLR1sp4i2yoSVjHdE+4lpEhdGfrjimVtYfh9KTFef:dUp40j9EtEhmrjNqhf

Score

10^/10

cryptone packer upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 14 IoCs

resource	yara_rule
static1/unpack001/Client.exe	family_gh0strat
static1/unpack001/Plugins/CHAT.dll	family_gh0strat
static1/unpack001/Plugins/FILE.dll	family_gh0strat
static1/unpack001/Plugins/KEYLOG.dll	family_gh0strat
static1/unpack001/Plugins/LISTEN.dll	family_gh0strat
static1/unpack001/Plugins/PROXYMAP.dll	family_gh0strat
static1/unpack001/Plugins/QQINFO.dll	family_gh0strat
static1/unpack001/Plugins/REGEDIT.dll	family_gh0strat
static1/unpack001/Plugins/SCREEN.dll	family_gh0strat
static1/unpack001/Plugins/SERVICE.dll	family_gh0strat
static1/unpack001/Plugins/SHELL.dll	family_gh0strat
static1/unpack001/Plugins/SYSTEM.dll	family_gh0strat
static1/unpack001/Plugins/SYSTEMINFO.dll	family_gh0strat
static1/unpack001/Plugins/VIDEO.dll	family_gh0strat

Gh0strat family
gh0strat

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
static1/unpack001/Client.exe	cryptone

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SkinH.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SkinH.dll	upx
static1/unpack002/out.upx	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cache/Install.dat
unpack001/Client.exe
unpack001/Plugins/AnyFileToByte.exe
unpack001/Plugins/CHAT.dll
unpack001/Plugins/FILE.dll
unpack001/Plugins/KEYLOG.dll
unpack001/Plugins/LISTEN.dll
unpack001/Plugins/PROXY.dll
unpack001/Plugins/PROXYMAP.dll
unpack001/Plugins/QQINFO.dll
unpack001/Plugins/REGEDIT.dll
unpack001/Plugins/SCREEN.dll
unpack001/Plugins/SERVICE.dll
unpack001/Plugins/SHELL.dll
unpack001/Plugins/SYSTEM.dll
unpack001/Plugins/SYSTEMINFO.dll
unpack001/Plugins/VIDEO.dll
unpack001/SkinH.dll
unpack002/out.upx
unpack001/Tools/FTPServer.exe
unpack001/Tools/hfs.exe
unpack001/验证器.exe

Files

TheKingOfGhosts.rar
.rar
Cache/Install.dat
.exe windows:4 windows x86 arch:x86

ad7a2ffc6f5b52aad38d95624d779716

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetProcAddress
LoadLibraryA
ExitProcess
GetCurrentThreadId
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeW

user32

GetInputState
GetMessageA
PostThreadMessageA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Client.exe
.exe windows:4 windows x86 arch:x86

13e1c3269ca7b56cbbb1c9eb16ffd2e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetDevCapsA
mixerGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveOutClose

kernel32

IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetStdHandle
GetDriveTypeA
GetACP
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
ExitThread
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
GetCurrentDirectoryA
SetErrorMode
lstrcpyW
FindResourceExA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
VirtualProtect
GetProfileIntA
GetProfileStringA
GetCurrentProcessId
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
GetExitCodeThread
GetDateFormatA
GetTimeFormatA
GetStringTypeW
HeapSize
CreateEventA
SetFileAttributesA
CloseHandle
TerminateThread
WaitForSingleObject
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetProcAddress
FreeResource
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
LoadLibraryA
lstrcpyA
OutputDebugStringA
SetFilePointer
ReadFile
lstrlenA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
GetFileSize
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
CopyFileA
CreateProcessA
lstrcatA
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
SetLastError
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
SuspendThread
SetThreadPriority
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FormatMessageA
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
lstrcmpA
EnumResourceNamesA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LocalSize
GetCommandLineA
GetStartupInfoA
ExitProcess
GlobalSize
GetSystemDirectoryA
ResetEvent
MulDiv
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
DeleteCriticalSection
CancelIo
InterlockedExchange
GetQueuedCompletionStatus
InterlockedDecrement
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryExA
FreeLibrary
GetTempPathA
GetStringTypeA

user32

ReuseDDElParam
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
CharUpperA
wvsprintfA
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
MapWindowPoints
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
UnpackDDElParam
BringWindowToTop
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
LoadIconA
EnableWindow
SendMessageA
InvalidateRect
SetRect
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
CreateWindowExA
IsZoomed
LoadStringA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
FindWindowA
IsRectEmpty
SetParent
GetClassNameA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
UpdateWindow
PostMessageA
GetCursorPos
PtInRect
GetSubMenu
LoadMenuA
GetWindowRect
ReleaseDC
GetDC
MessageBoxA
GetDialogBaseUnits
GetClientRect
GetWindow
SetCapture
LoadCursorA
SetCursor
ClientToScreen
ScreenToClient
WindowFromPoint
ReleaseCapture
IsWindowVisible
GetParent
WindowFromDC
GetWindowThreadProcessId
UnregisterClassA
MsgWaitForMultipleObjects
InSendMessage
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
CopyImage
RemoveMenu
GetSysColorBrush
CopyAcceleratorTableA
IntersectRect
IsIconic
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
InsertMenuA
GetMenuStringA
CreateMenu
LoadBitmapA
SendDlgItemMessageA
DeleteMenu
SystemParametersInfoA
DrawTextA
ShowScrollBar
GetScrollBarInfo
DrawIconEx
GetKeyState
GetMenuState
GetWindowLongA
SetWindowLongA
CheckMenuRadioItem
SetClassLongA
ClipCursor
DestroyCursor
CopyRect
FillRect
LockWindowUpdate
GetFocus
DrawEdge
GetDoubleClickTime
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetCursorPos
UnionRect
GetWindowRgn
HideCaret
ShowCaret
IsMenu
LoadMenuIndirectA
GetMenuStringW
LookupIconIdFromDirectoryEx
GetMenuDefaultItem
IsClipboardFormatAvailable
GetMenuItemInfoA
SetWindowRgn
GetCursor
CopyIcon
CreateIconIndirect
GetIconInfo
DrawFrameControl
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
CreatePopupMenu
WaitMessage
GetNextDlgGroupItem
GetDCEx
InvertRect
SetForegroundWindow
ModifyMenuA
RedrawWindow
SetMenu
GetMenu
KillTimer
GetDesktopWindow
SetTimer
LoadImageA
DestroyIcon
GetSystemMenu
AppendMenuA
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetSysColor
MapVirtualKeyA
DrawFocusRect
DrawStateA
SendMessageTimeoutA
SetWindowPos
GetDlgCtrlID
wsprintfA
CheckMenuItem
EnableMenuItem
GetMenuItemCount
CharNextA
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectory
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
InflateRect
OffsetRect

gdi32

DeleteDC
GdiFlush
DeleteObject
GetCharWidthA
StartDocA
SaveDC
RestoreDC
SelectPalette
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
EndPage
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
StretchBlt
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
Escape
LPtoDP
DPtoLP
GetMapMode
SetRectRgn
CombineRgn
CreateFontIndirectA
CopyMetaFileA
CreateDCA
GetTextColor
GetBkColor
StartPage
SetAbortProc
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
SetStretchBltMode
BitBlt
SetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection
GetStockObject
GetPaletteEntries
CreateHalftonePalette
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
StretchDIBits
ExtTextOutA
SetTextColor
SetBkColor
CreatePen
GetObjectA
CreateFontA
GetPixel
SetPixelV
GetTextExtentPoint32A
TextOutA
SetColorAdjustment
SetBkMode
GetDCOrgEx
GetClipBox
CreateBitmap
PatBlt
CreateRectRgnIndirect
SetTextAlign
MoveToEx
Polygon
GetWindowOrgEx
GetTextAlign
SetPixel
GetCurrentObject
GetDIBits
GetBitmapBits
ExtCreateRegion
EnumFontFamiliesExA
GetRgnBox
CreatePolygonRgn
RoundRect
PtInRegion
Rectangle
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
CreateDIBitmap
AbortDoc
EndDoc
GetTextMetricsA

comdlg32

CommDlgExtendedError
PageSetupDlgA
PrintDlgA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

SetFileSecurityA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
GetFileSecurityA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHBrowseForFolderA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderLocation
DragQueryFileA
ShellExecuteA
SHGetMalloc
DragFinish
DragAcceptFiles
SHAppBarMessage
ExtractIconA

comctl32

CreatePropertySheetPageA
ImageList_Write
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord14
ord13
ord17
ImageList_AddMasked
ImageList_SetBkColor
ImageList_ReplaceIcon
PropertySheetA
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
DestroyPropertySheetPage

oledlg

ord4
ord9
ord5
ord6
ord7
ord3
ord1
ord8

ole32

OleGetClipboard
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
GetRunningObjectTable
IsAccelerator
OleTranslateAccelerator
CreateDataAdviseHolder
OleRegGetMiscStatus
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemFree
CreateFileMoniker
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
CreateItemMoniker
CreateGenericComposite
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleSetMenuDescriptor
GetClassFile
DoDragDrop
CoGetMalloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleRegEnumVerbs
CreateOleAdviseHolder

olepro32

ord253
ord251

oleaut32

SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysReAllocStringLen
SafeArrayCreateVector
SysStringLen
LoadTypeLi
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayAllocDescriptor
OleLoadPicturePath
VariantChangeTypeEx
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit

urlmon

URLDownloadToFileA

ws2_32

closesocket
getpeername
inet_ntoa
shutdown
getsockname
ntohs
WSAIoctl
WSACloseEvent
setsockopt
gethostbyname
WSARecv
accept
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSASocketA
WSAGetLastError
WSACreateEvent
WSAEventSelect
bind
gethostname
select
listen
WSACleanup
WSASend
inet_addr
send
recv
WSAStartup
htons
socket
ioctlsocket
connect

shlwapi

PathRemoveFileSpecA
SHAutoComplete

avifil32

AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

skinh

SkinH_Detach
SkinH_SetAero
SkinH_AttachRes

wininet

FtpPutFileA
FtpGetFileA
GopherCreateLocatorA
GopherGetAttributeA
GopherOpenFileA
HttpOpenRequestA
InternetErrorDlg
HttpAddRequestHeadersA
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmAssociateContext

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Client.ini
Plugins/AnyFileToByte.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 316KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/CHAT.dll
.dll windows:4 windows x86 arch:x86

9f13f6cf5cf71332049e29987766f62d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA

user32

SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
CreateDialogParamA
LoadIconA
UpdateWindow
ShowWindow
SetWindowPos
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EndDialog
wsprintfA

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
recv
closesocket
send
WSAStartup

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 497B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/C_CHAT.h
Plugins/C_FILE.h
Plugins/C_KEYLOG.h
Plugins/C_LISTEN.h
Plugins/C_PROXY.h
Plugins/C_PROXYMAP.h
Plugins/C_QQINFO.h
Plugins/C_REGEDIT.h
Plugins/C_SCREEN.h
Plugins/C_SERVICE.h
Plugins/C_SHELL.h
Plugins/C_SYSTEM.h
Plugins/C_SYSTEMINFO.h
Plugins/C_VIDEO.h
Plugins/Example.Cpp
Plugins/FILE.dll
.dll windows:4 windows x86 arch:x86

6fbb5271905a2806783ea11b49699250

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl
WSACleanup
setsockopt
htons
gethostbyname
socket
select
recv
closesocket
send
connect
WSAStartup

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
CreateProcessAsUserA

shell32

ShellExecuteA
ShellExecuteExA
SHGetFolderPathA
SHGetFileInfoA

msvcrt

??1type_info@@UAE@XZ
sprintf
strncpy
_beginthreadex
memmove
strrchr
strstr
_except_handler3
malloc
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z
_stricmp

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

kernel32

GetCurrentThreadId
WTSGetActiveConsoleSessionId
GetModuleHandleA
CancelIo
LoadLibraryA
SetThreadPriority
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
SetFileAttributesA
RemoveDirectoryA
FindFirstFileA
LocalAlloc
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcatA
CreateProcessA
lstrlenA
lstrcpyA
GetProcAddress
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetCurrentProcess
IsWow64Process
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
Sleep

user32

OpenDesktopA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
wsprintfA
CharNextA

wtsapi32

WTSQueryUserToken

Exports

Exports

PluginMe

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/KEYLOG.dll
.dll windows:4 windows x86 arch:x86

16d82d962cca486597b3883f6ba6b426

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
printf
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z

ws2_32

WSAIoctl
setsockopt
WSAStartup
connect
htons
gethostbyname
socket
select
recv
closesocket
send
WSACleanup

msvcp60

??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

kernel32

GetFileSize
SetFilePointer
ReadFile
LocalAlloc
LocalFree
CreateFileA
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
lstrcatA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
lstrlenA
WriteFile
VirtualFree
CreateEventA
VirtualAlloc

user32

GetAsyncKeyState
GetForegroundWindow
wsprintfA
SendMessageA
GetKeyState
UnhookWindowsHookEx

Exports

Exports

PluginMe

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/LISTEN.dll
.dll windows:4 windows x86 arch:x86

b75c095f479189480dbfa8824107f670

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetNumDevs
mixerGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveOutClose

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
__CxxFrameHandler
ceil
_ftol
_CxxThrowException
_beginthreadex
_except_handler3
_CIacos
printf
_CIpow
??1type_info@@UAE@XZ

ws2_32

send
closesocket
recv
select
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup

kernel32

CancelIo
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
CreateEventA
InterlockedExchange
ResetEvent
VirtualAlloc
VirtualFree
lstrcpyA
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle

user32

GetMessageA
TranslateMessage
DispatchMessageA

Exports

Exports

PluginMe

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXY.dll
.dll windows:4 windows x86 arch:x86

7860524c5ba6ef564bb3aee747862755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
WSACleanup
select
shutdown
WSAStartup
sendto
accept
getpeername
bind
getsockname
htons
socket
listen
WSAGetLastError
setsockopt
connect
closesocket
ntohs
inet_addr
inet_ntoa
gethostbyname
recv
__WSAFDIsSet
send

kernel32

CreateThread
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Sleep
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject

user32

wsprintfA

msvcrt

atoi
strncmp
strncpy
printf
free
malloc
strchr
_errno
_strnicmp

Exports

Exports

CloseProxy
OpenProxy

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 875B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXYMAP.dll
.dll windows:4 windows x86 arch:x86

e00e4173419f23bd6e12986bee5455ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
_beginthreadex
_except_handler3

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
WSAStartup
socket
select
recv
closesocket
send
getsockname
gethostbyname

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 694B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/QQINFO.dll
.dll windows:4 windows x86 arch:x86

f6891a4615baac7d623ee1aecbf713e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strstr
strncat
atol
strncpy
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
tolower
strchr
sprintf
floor
_CIpow
strncmp
malloc
free
_ftol
ceil
_itoa

ws2_32

recv
select
send
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
closesocket
socket
WSAStartup

kernel32

VirtualAlloc
LocalAlloc
LocalFree
OutputDebugStringA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualFree
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA

Exports

Exports

PluginMe

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/REGEDIT.dll
.dll windows:4 windows x86 arch:x86

b39690f8ef6249a80b9e55c49614819c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalReAlloc
LocalAlloc
LocalFree
LocalSize
FreeLibrary
GetProcAddress
Sleep
CancelIo
InterlockedExchange
SetEvent
VirtualFree
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
LoadLibraryA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
printf
free
malloc
_beginthreadex
_except_handler3

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
WSAStartup
gethostbyname
socket
select
recv
closesocket
send
htons

Exports

Exports

PluginMe

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN.dll
.dll windows:4 windows x86 arch:x86

23e62090cea2cce8ab2aa0205b444a5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
getenv
sscanf
fprintf
exit
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
sprintf
free
_iob
_beginthreadex
_except_handler3
malloc
??1type_info@@UAE@XZ
vsprintf

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
recv
closesocket
send
WSAStartup

kernel32

lstrcmpiA
GetCurrentThreadId
GetSystemInfo
GetModuleHandleA
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetProcAddress
LoadLibraryA

user32

OpenInputDesktop
OpenDesktopA
SetThreadDesktop
GetDC
LoadCursorA
CloseDesktop
GetCursorPos
GetThreadDesktop
GetCursorInfo
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
MapVirtualKeyA
keybd_event
GetSystemMetrics
GetUserObjectInformationA
SystemParametersInfoA
SendMessageA
ReleaseDC
BlockInput
DestroyCursor
PostMessageA

gdi32

GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
CreateRectRgnIndirect
CombineRgn
GetRegionData
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

PluginMe

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SERVICE.dll
.dll windows:4 windows x86 arch:x86

5a020c56e7cc8fda99fe18a5128dc7f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z

ws2_32

send
closesocket
recv
select
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup

kernel32

LocalReAlloc
lstrcpyA
LocalFree
lstrlenA
LocalAlloc
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
LocalSize
InterlockedExchange
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
Sleep
CancelIo

advapi32

CloseServiceHandle
QueryServiceConfig2A
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
DeleteService
ControlService
QueryServiceStatus
StartServiceA
QueryServiceConfigA

Exports

Exports

PluginMe

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 393B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SHELL.dll
.dll windows:4 windows x86 arch:x86

53f05ec76e32328c579729f48a65ec15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z

ws2_32

socket
gethostbyname
htons
select
setsockopt
WSAIoctl
WSACleanup
WSAStartup
recv
closesocket
send
connect

kernel32

SetEvent
ReadFile
LocalFree
WriteFile
TerminateThread
TerminateProcess
DisconnectNamedPipe
CreatePipe
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
Sleep
CancelIo
InterlockedExchange
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForMultipleObjects
PeekNamedPipe
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
LocalAlloc

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SYSTEM.dll
.dll windows:4 windows x86 arch:x86

fb2fe93166772fc033b3974ecfdad414

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
EnumWindows
GetWindowThreadProcessId
SendMessageA
wsprintfA
ShowWindow
IsWindowVisible

msvcrt

??1type_info@@UAE@XZ
_beginthreadex
strncmp
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
??3@YAXPAX@Z
_stricmp

ws2_32

setsockopt
connect
htons
gethostbyname
WSAIoctl
select
recv
closesocket
send
WSACleanup
socket
WSAStartup

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

shell32

SHGetSpecialFolderPathA

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

mfc42

ord540
ord2915
ord2818
ord533
ord3790
ord350
ord860
ord5194
ord5465
ord939
ord941
ord1997
ord800
ord798
ord3663
ord3616
ord5651
ord3127

kernel32

GlobalAlloc
GetLogicalDriveStringsA
QueryDosDeviceA
LocalSize
LocalFree
WinExec
GetCurrentThreadId
lstrcmpiA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GlobalFree
ResetEvent
GetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
Thread32First
OpenThread
SuspendThread
Thread32Next
TerminateProcess
DeleteFileA
CreateToolhelp32Snapshot
LocalAlloc
Process32First
LocalReAlloc
GetPriorityClass
CreateFileA
GetFileSize
FreeLibrary
lstrcatA
Process32Next
ExpandEnvironmentStringsA
GetPrivateProfileSectionNamesA
lstrlenA
GetFileAttributesA
GetVersionExA
OpenProcess
lstrcpyA
Sleep
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
VirtualFree

advapi32

LookupAccountSidA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
OpenProcessToken
GetTokenInformation

psapi

GetProcessMemoryInfo
GetModuleFileNameExA
GetProcessImageFileNameA
EnumProcessModules

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Exports

Exports

PluginMe

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SYSTEMINFO.dll
.dll windows:4 windows x86 arch:x86

7c443c1128cf0cc7fa45292e3443a3d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
strchr
??3@YAXPAX@Z
_except_handler3
_beginthreadex
atol
sprintf
atoi
_mbscmp
_mbsstr
strstr
_strupr
_vsnprintf
printf
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
_stricmp

ws2_32

socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
recv
select
send
closesocket

kernel32

lstrcatA
Module32First
Module32Next
lstrlenA
GetProcessHeap
FindNextFileA
HeapFree
CreateToolhelp32Snapshot
Process32First
OpenProcess
GlobalMemoryStatusEx
GetVersionExA
FindFirstFileA
GetSystemDirectoryA
GetFileSize
CreateFileA
GetModuleFileNameA
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
FreeLibrary
HeapAlloc
Process32Next
lstrcpyA
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrcmpiA
GetCurrentThreadId
LocalFree
LocalSize
LocalAlloc
GetSystemInfo
GetProcAddress
GetModuleHandleA
LoadLibraryA

user32

GetUserObjectInformationA
GetThreadDesktop
GetSystemMetrics
wsprintfA
GetWindow
OpenInputDesktop
GetClassNameA
FindWindowA
CloseDesktop
GetWindowTextA
SetThreadDesktop

advapi32

OpenProcessToken
GetTokenInformation
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupAccountSidA

shell32

SHGetSpecialFolderPathA

netapi32

Netbios

ole32

CoInitialize
CoCreateInstance

iphlpapi

GetIfTable

Exports

Exports

PluginMe

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/VIDEO.dll
.dll windows:4 windows x86 arch:x86

41d786d195f6f263ed690176ca93d0b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
vsprintf
free
malloc
??3@YAXPAX@Z
_except_handler3
_beginthreadex
_CxxThrowException
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

kernel32

CancelIo
GetSystemInfo
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
VirtualFree

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString

ws2_32

htons
send
closesocket
WSAStartup
recv
WSAIoctl
setsockopt
connect
WSACleanup
gethostbyname
socket
select

Exports

Exports

PluginMe

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2007.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:5d:7c:93:bd:42:1c:4c:35:98:4f:45:95:4b:a4:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

19/10/2012, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b5:e3:41:4a:df:af:78:b6:3c:39:ab:ee:c2:b0:e6:6b:2c:7d:cc:60
Signer

Actual PE Digest

b5:e3:41:4a:df:af:78:b6:3c:39:ab:ee:c2:b0:e6:6b:2c:7d:cc:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Office2010.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:5d:7c:93:bd:42:1c:4c:35:98:4f:45:95:4b:a4:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

19/10/2012, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:12:3b:04:b2:68:78:59:b1:8f:ca:53:d6:6a:c3:de:0e:38:ca:7c
Signer

Actual PE Digest

50:12:3b:04:b2:68:78:59:b1:8f:ca:53:d6:6a:c3:de:0e:38:ca:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Windows7.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:5d:7c:93:bd:42:1c:4c:35:98:4f:45:95:4b:a4:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/09/2010, 00:00

Not After

19/10/2012, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:db:3b:b8:c9:56:8f:20:9e:a4:df:c3:42:3c:dd:34:c0:c5:84:08
Signer

Actual PE Digest

26:db:3b:b8:c9:56:8f:20:9e:a4:df:c3:42:3c:dd:34:c0:c5:84:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/FTPServer.exe
.exe windows:5 windows x86 arch:x86

15dae2b9237aecac92ae12be6b9bae43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitProcess
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
HeapSize
HeapCreate
VirtualFree
TlsFree
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FindFirstFileA
FindNextFileA
FindClose
GetFileTime
GetFileSizeEx
CreateFileA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
CloseHandle
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
FreeLibrary
lstrcmpW
GetVersionExA
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CreateDirectoryA
GetLocalTime
lstrcatA
lstrcpyA
lstrlenA
MultiByteToWideChar
lstrcpynA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
ResumeThread
SetThreadPriority
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MulDiv
Sleep
GetFileAttributesA
GetTickCount
RemoveDirectoryA
DeleteFileA
EnterCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
GetACP
WideCharToMultiByte

user32

MessageBeep
UnregisterClassA
SetCursor
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CharUpperA
GetWindowThreadProcessId
WaitMessage
GetMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetNextDlgGroupItem
TrackPopupMenu
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetFocus
ShowWindow
MoveWindow
SetWindowLongA
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetWindow
SetFocus
GetMenuState
GetMenuItemID
GetMenuItemCount
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
IsWindowEnabled
GetParent
GetSysColorBrush
DestroyMenu
WindowFromPoint
GetNextDlgTabItem
EndDialog
SetForegroundWindow
GetCursorPos
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA
GetSubMenu
LoadMenuA
EnableMenuItem
SetWindowPos
GetDlgCtrlID
DestroyIcon
LoadImageA
DrawFocusRect
GetSystemMetrics
InflateRect
OffsetRect
DrawStateA
CopyRect
DrawFrameControl
GetSysColor
WinHelpA
LoadIconA
KillTimer
RedrawWindow
InvalidateRect
GetWindowRect
GetDlgItem
IsWindow
GetClientRect
wsprintfA
PostMessageA
SetTimer
PostThreadMessageA
SendMessageA
EnableWindow
GetClassInfoA

gdi32

DeleteDC
GetStockObject
ExtTextOutA
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateRectRgnIndirect
ExtSelectClipRgn
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
DeleteObject
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
Shell_NotifyIconA
SHBrowseForFolderA

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA

oledlg

ord8

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen

wsock32

socket
select
gethostbyname
htonl
htons
ioctlsocket
bind
getsockname
getpeername
accept
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
shutdown
listen
WSAGetLastError
closesocket
WSACleanup
WSASetLastError
inet_addr
ntohs
WSAStartup

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/QQwry.Dat
Tools/hfs.exe
.exe windows:4 windows x86 arch:x86

76df3e062fa2b6d0b0959576ee2edcfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FlashWindow
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateCaret
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
RemoveDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenW
lstrcpynW
lstrcpyA
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TerminateProcess
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
OutputDebugStringA
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalGetAtomNameA
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetVersionExA
MulDiv

msimg32

GradientFill

gdi32

UnrealizeObject
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtCreatePen
ExcludeClipRect
EndPage
EndDoc
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
DragAcceptFiles
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ord71

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseFontA
GetSaveFileNameA
GetOpenFileNameA

winmm

timeGetTime
PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 55KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

JCLDEBUG
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/map.html
.html .js polyglot
验证器.exe
.exe windows:4 windows x86 arch:x86

dbaad8351e4c2b31f7babd27a07f6077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
closesocket
accept
listen
bind
socket
htons
WSAStartup
WSACleanup
recv

mfc42

ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord537
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord1576
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord2370
ord2294
ord2362
ord4160
ord2863
ord2379
ord755
ord470
ord1200
ord2642
ord3092
ord6334
ord4299
ord535
ord825
ord540
ord1168
ord860
ord800
ord2514
ord5065

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strncmp
strchr
atoi
time
localtime
sprintf
__CxxFrameHandler
_setmbcp

kernel32

GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
ExitProcess
CreateThread
lstrcmpiA
CreateFileA
lstrlenA
ReadFile
CloseHandle
WritePrivateProfileStringA
lstrcatA
lstrcpyA
GetCurrentDirectoryA
GetPrivateProfileStringA

user32

GetSystemMenu
EnableWindow
GetWindowRect
InvalidateRect
UpdateWindow
wsprintfA
IsIconic
GetSystemMetrics
GetClientRect
LoadIconA
SendMessageA
AppendMenuA
DrawIcon

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
验证器.ini

Sharing

General

Malware Config

Signatures

Files

ad7a2ffc6f5b52aad38d95624d779716

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 52KB - Virtual size: 52KB

13e1c3269ca7b56cbbb1c9eb16ffd2e8

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

shlwapi

avifil32

msvfw32

skinh

wininet

imm32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 112KB - Virtual size: 108KB

.rdata Size: 488KB - Virtual size: 484KB

.data Size: 1.8MB - Virtual size: 2.3MB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

Headers

File Characteristics

Sections

MEW Size: - Virtual size: 888KB

�uۊ�� Size: 316KB - Virtual size: 376KB

9f13f6cf5cf71332049e29987766f62d

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 497B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 794B

6fbb5271905a2806783ea11b49699250

Headers

File Characteristics

Imports

ws2_32

advapi32

shell32

msvcrt

msvcp60

kernel32

user32

wtsapi32

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 52KB - Virtual size: 52KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 488KB - Virtual size: 484KB

.data
Size: 1.8MB - Virtual size: 2.3MB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

MEW
Size: - Virtual size: 888KB

�uۊ��
Size: 316KB - Virtual size: 376KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 497B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 794B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 193B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 35KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 875B

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 506B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 232B

.reloc
Size: 1024B - Virtual size: 694B