546d615dea34b629c692d4c82d80b925

Sharing

Copy URL

Twitter E-mail

General

Target

546d615dea34b629c692d4c82d80b925
Size

2.8MB
MD5

546d615dea34b629c692d4c82d80b925
SHA1

b17b29753b0d921c4a8c20c8f162b9f247c44854
SHA256

6819331b357c7397ce401390ecc4ae876854e63af4135bbb4e92afb6c2e621c5
SHA512

b292fcdc1e1843d833e1cbdab93042dd472a0d0a011fd9918c336cded1ab8cfc4bd770f18d33c4a854e86fdf21c9d5ebe48fb4b105900707e10baadab7866cbd
SSDEEP

49152:a3ZggTZ1kAvn+hFcR29YxG/3EQAlFJKjMI1FuO4zreKjHlRG1XEzpkKYL8:mZF1kAvJR9G/3fAYj71AO4eKjHb20FC8

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/XPSP2Patch/XPSP2Patch_cn.exe	aspack_v212_v242
static1/unpack001/XPSP2Patch/XPSP2Patch_en.exe	aspack_v212_v242

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/CrashReport.exe
unpack001/Funshion.exe
unpack001/FunshionPlugin.dll
unpack001/GetMACAddress.dll
unpack001/XPSP2Patch/SysOptimize.exe
unpack001/XPSP2Patch/XPSP2Patch_cn.exe
unpack001/XPSP2Patch/XPSP2Patch_en.exe
unpack001/dbghelp.dll
unpack001/wmasf.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

546d615dea34b629c692d4c82d80b925
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:b4:b4:68:77:fe:36:32:b9:97:4a:a1:80:99:48:f1
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

31/07/2006, 00:00

Not After

31/07/2007, 23:59

Subject

CN=Funshion Online Technologies Ltd.,OU=Secure Application Development,O=Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NetType.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/config_funplayer.ini
$SYSDIR/funshion.ini
AD/ad1.html
AD/ad10.html
AD/ad2.html
AD/ad3.html
AD/ad4.html
AD/ad5.html
AD/ad6.html
AD/ad7.html
AD/ad8.html
AD/ad9.html
AD/bt_reco.html
.html
CrashReport.exe
.exe windows:4 windows x86 arch:x86

b38b3d986c69681edc8ddc4d444fb724

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetModuleHandleW
GetModuleFileNameW
GetSystemTime
DeleteFileW
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
ReadFile
CreateFileA
SetEndOfFile
FreeLibrary
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetOEMCP
GetCPInfo
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
SetLastError
lstrcmpiW
RaiseException
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
GetModuleFileNameA
GetStdHandle
EnterCriticalSection
GetStringTypeW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
Sleep
ExitProcess
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
VirtualQuery
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate

user32

ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowLongW
DestroyWindow
SendMessageW
GetWindowLongW
GetDlgItem
IsDialogMessageW
CharNextW
LoadBitmapW
GetWindowTextLengthW
GetWindowTextW
PostQuitMessage
DefWindowProcW
GetSystemMetrics
LoadImageW
UnregisterClassA
CreateDialogParamW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos

gdi32

CreateFontW
DeleteObject
GetStockObject

advapi32

RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

wininet

InternetConnectW
FtpSetCurrentDirectoryW
FtpPutFileW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Funshion.exe
.exe windows:4 windows x86 arch:x86

9f067bd20b5075d8c5751746ed873081

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFileExistsW

ws2_32

closesocket
recv
send
connect
ioctlsocket
htons
inet_addr
inet_ntoa
gethostbyname
gethostname
sendto
WSACleanup
WSAStartup
ntohl
getsockopt
htonl
ntohs
recvfrom
shutdown
select
WSAGetLastError
bind
setsockopt
listen
accept
socket
__WSAFDIsSet

wininet

InternetGetConnectedState
InternetConnectW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetSetCookieW

kernel32

GlobalMemoryStatus
GetComputerNameW
GetVersionExW
lstrcatW
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
lstrcmpW
FindFirstFileW
MultiByteToWideChar
GetCurrentProcessId
lstrcmpiW
Sleep
lstrcpynA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
CompareStringW
GetLastError
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetFileSizeEx
CreateFileW
ExitProcess
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFileAttributesW
GetSystemDirectoryA
DeleteFileA
TerminateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
SetUnhandledExceptionFilter
GetSystemTime
FindResourceA
FindResourceExA
GetLocalTime
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
GetThreadLocale
SetFilePointer
InterlockedExchange
GetVersion
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringA
GetStringTypeExW
GetStringTypeExA
lstrcmpiA
ResumeThread
SuspendThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetStartupInfoW
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetConsoleCP
GetConsoleMode
ReadFile
MoveFileW
FlushFileBuffers
GetTickCount
GetSystemDirectoryW
SetThreadLocale
CreateDirectoryW
lstrlenA
WideCharToMultiByte
CreateFileA
WriteFile
CloseHandle
CreateDirectoryA
CreateThread
SetThreadPriority
GetModuleFileNameW
WritePrivateProfileStringW
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetOEMCP
SetHandleCount
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetLastError
lstrcpynW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
FindResourceExW
lstrcpyW
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
FatalAppExitA
GetTimeFormatA
GetDateFormatA
VirtualAlloc
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
FormatMessageA
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
GetLocaleInfoA
LocalFree
RtlUnwind
ExitThread
TerminateProcess
GetACP

user32

DrawFocusRect
GetDlgCtrlID
CallNextHookEx
IsMenu
DrawEdge
GetWindowDC
PeekMessageW
TrackPopupMenuEx
CreatePopupMenu
AppendMenuW
DestroyAcceleratorTable
OffsetRect
GetClassNameW
SetCursor
GetMenu
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
DrawTextW
GetWindowThreadProcessId
CharNextW
CharLowerW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
IsWindowEnabled
GetFocus
MessageBeep
UnhookWindowsHookEx
CallWindowProcW
SetWindowsHookExW
InflateRect
FillRect
LoadStringA
PostQuitMessage
wsprintfW
CreateDialogParamW
SetFocus
SetCapture
GetCapture
ReleaseCapture
ScreenToClient
UpdateWindow
IsWindow
IsCharAlphaW
IsCharAlphaNumericW
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
CreateWindowExW
DefWindowProcW
SetRectEmpty
RemoveMenu
SetMenu
EnableMenuItem
FlashWindow
PostMessageA
CharUpperA
CharUpperW
CharLowerA
MessageBoxA
ScrollWindow
ExitWindowsEx
GetMessageW
PtInRect
ClientToScreen
CheckMenuItem
EnableWindow
InvalidateRect
GetMenuState
CheckMenuRadioItem
FindWindowW
LoadMenuW
GetKeyState
PostMessageW
TranslateAcceleratorW
DestroyWindow
DestroyMenu
SetWindowLongW
TranslateMessage
DispatchMessageW
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeNameService
DdeGetData
GetDlgItemInt
SetDlgItemInt
MessageBoxW
GetMenuItemID
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetDlgItemTextW
SendMessageA
CopyRect
GetDCEx
DialogBoxParamW
MoveWindow
EndPaint
BeginPaint
LoadIconW
DrawIcon
GetWindowLongW
GetWindow
SystemParametersInfoW
MapWindowPoints
GetDlgItem
SetWindowTextW
GetParent
EndDialog
DrawStateW
InvalidateRgn
GetActiveWindow
SetWindowPos
SetWindowRgn
GetWindowRect
GetClientRect
LoadBitmapW
GetDC
ReleaseDC
SetTimer
KillTimer
GetSubMenu
ModifyMenuW
GetCursorPos
TrackPopupMenu
IsWindowVisible
ShowWindow
IsIconic
SendMessageW
SetForegroundWindow
GetSystemMetrics
LoadImageW
DestroyIcon
UnregisterClassA
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
LoadStringW
SetRect
GetSysColor
IsChild

gdi32

SetBrushOrgEx
GetTextColor
Polygon
GetBitmapBits
CreateRoundRectRgn
CreateCompatibleBitmap
PatBlt
CreateBitmap
CreatePatternBrush
MoveToEx
LineTo
CreateSolidBrush
CreatePen
Rectangle
SetBkColor
ExtTextOutW
SetTextColor
GetStockObject
GetTextMetricsW
GetDeviceCaps
DPtoLP
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
SetBkMode
StretchBlt
BitBlt
CreateRectRgn
GetPixel
CombineRgn
DeleteObject
OffsetRgn
GetDCOrgEx
GetObjectW
CreateCompatibleDC
RoundRect
TextOutW
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyW
RegQueryInfoKeyW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

Shell_NotifyIconW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
DragQueryFileW

ole32

CLSIDFromString
StringFromGUID2
CoUninitialize
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
CoInitialize
OleUninitialize
OleLockRunning
CoCreateInstance
CoTaskMemAlloc

oleaut32

GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
SysAllocStringLen
SysAllocString
VariantInit
VariantChangeType
SafeArrayCreate
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_Create
CreateStatusWindowW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_LoadImageW
ImageList_Draw
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetImageInfo

msimg32

TransparentBlt

iphlpapi

GetBestRoute
GetBestInterface
GetIpAddrTable
GetIfTable

dbghelp

MiniDumpWriteDump

Exports

Exports

??$void_cast_register@$$CBVtaskpersist_065_1@@$$CBVfilespersist@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVtaskpersist_065_1@@PBVfilespersist@@@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCFpTaskFactory@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vfilepersist@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vfilespersist@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_061@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_065_1@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCFpTaskFactory@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vfilepersist@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vfilespersist@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_061@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_065_1@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FunshionPlugin.dll
.dll windows:4 windows x86 arch:x86

22cf31c1a3615777af304fac0d7bdc42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dsound

ord1

wmvcore

WMCreateReaderPriv

kernel32

LocalFree
LocalAlloc
GetModuleHandleW
DeviceIoControl
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
VirtualAlloc
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThread
SetThreadPriority
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
GetModuleHandleA
GetFullPathNameA
GetStringTypeExA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
RaiseException
GetModuleFileNameA
FreeLibrary
VirtualProtect
LoadLibraryA
GetProcAddress
InterlockedIncrement
GetDriveTypeA
FindFirstFileA
FindClose
GetUserDefaultLCID
GetSystemDirectoryA
GetPrivateProfileIntA
CreateEventA
GetTickCount
TerminateThread
InterlockedDecrement
SetUnhandledExceptionFilter
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
Sleep
WideCharToMultiByte
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MulDiv
CreateThread
GetLastError
WaitForMultipleObjects
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEnvironmentVariableA
GetLocaleInfoW
IsBadCodePtr
GetTimeZoneInformation
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
HeapSize
GetFileType
SetStdHandle
TerminateProcess
ExitThread
HeapReAlloc
GetCommandLineA
IsBadReadPtr
GetSystemTimeAsFileTime
VirtualQuery
HeapAlloc
HeapFree
FindNextFileA
GetVolumeInformationA
IsDBCSLeadByteEx
GetTempPathA
GetTempFileNameA
DebugBreak
lstrcpyA
lstrcpynA
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
lstrcmpA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
ResumeThread
SuspendThread
GetCurrentDirectoryA
EnumResourceLanguagesA
ConvertDefaultLocale
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind

user32

RegisterClassA
GetClassInfoA
GetParent
AdjustWindowRectEx
GetSysColor
GetMenu
SetForegroundWindow
GetKeyState
LoadIconA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
ValidateRect
GetCursorPos
GetActiveWindow
GetDlgCtrlID
GetMessageA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
DeleteMenu
SetCursor
GetSysColorBrush
InsertMenuA
DefWindowProcA
CallWindowProcA
LoadCursorA
IsWindow
GetWindow
GetClientRect
MapWindowPoints
IsWindowVisible
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
PtInRect
GetMenuState
GetMenuStringA
GetMenuItemID
PostMessageA
SetRect
CopyRect
IsRectEmpty
GetMenuItemCount
GetSubMenu
InflateRect
CharLowerBuffA
MessageBoxA
GetDC
ReleaseDC
IntersectRect
MonitorFromWindow
GetWindowRect
SetRectEmpty
EqualRect
OffsetRect
UnionRect
FillRect
SendMessageA
PostThreadMessageA
PostQuitMessage
EnableWindow
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
wsprintfA
PeekMessageA
UnregisterClassA
CharUpperA
CreateAcceleratorTableA
DestroyAcceleratorTable
MessageBeep
DestroyMenu

gdi32

CloseFigure
EndPath
GetPath
AbortPath
BeginPath
AddFontResourceA
GetDeviceCaps
TranslateCharsetInfo
GetClipBox
ExtTextOutA
CreateBitmap
SaveDC
RestoreDC
DeleteDC
CreateCompatibleDC
SetBkMode
SetMapMode
GetTextExtentPoint32W
TextOutW
SelectObject
GetTextMetricsA
GetStockObject
SetBkColor
SetTextColor
TextOutA
CreateRectRgn
GetRegionData
DeleteObject
PtVisible
RectVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
CreateFontIndirectA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA

shell32

ShellExecuteW

ole32

CoFreeLibrary
CoLoadLibrary
GetRunningObjectTable
CreateItemMoniker
CoFreeUnusedLibraries
CreateBindCtx
MkParseDisplayName
CLSIDFromString
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData

ddraw

DirectDrawCreateEx

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathCanonicalizeA
PathStripToRootA
PathAddBackslashA
PathFindFileNameA
UrlUnescapeA
PathFileExistsA
PathIsUNCA
PathFindExtensionA

dbghelp

MiniDumpWriteDump

wininet

InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

Exports

Exports

FilterDllMsg
FunPlayerPluginExports
ProcessDllIdle

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GetMACAddress.dll
.dll windows:4 windows x86 arch:x86

ef6a036c99754e52d571ec048bfab146

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4486
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord6375
ord2554
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord4274
ord825
ord815
ord823
ord3147
ord3259
ord561
ord600
ord826
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1116
ord1176
ord269
ord6467
ord1578
ord1255

msvcrt

__CxxFrameHandler
sprintf
_EH_prolog
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit

kernel32

LocalAlloc
LocalFree

iphlpapi

GetIfTable

Exports

Exports

GetMACAddress

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/DownCodec_cn.html
.html
Res/DownCodec_en.html
.html
Res/Readme_cn.html
.html
Res/Readme_en.html
.html
Res/bak.jpg
.jpg
Res/bg.jpg
.jpg
Res/error.html
Uninstall.exe.nsis
WMVCORE.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

93ffa084929ccbb3d7c99014a7547237

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

db:33:48:2d:fc:64:c7:90:0d:20:c2:dc:94:1c:df:e1:32:24:c8:62
Signer

Actual PE Digest

db:33:48:2d:fc:64:c7:90:0d:20:c2:dc:94:1c:df:e1:32:24:c8:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
TraceEvent

gdi32

GetSystemPaletteEntries

kernel32

SetFilePointerEx
GetFileSizeEx
DuplicateHandle
SleepEx
OpenProcess
GetExitCodeProcess
GetSystemDirectoryA
lstrcpynW
CompareStringW
GetTempPathW
GetVersion
GetSystemInfo
CreateEventA
HeapSize
RaiseException
LocalFree
LocalAlloc
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
SetFileAttributesW
CreateFileW
WriteFile
CloseHandle
FreeResource
GetLocalTime
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
lstrlenW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetVersionExA
GetModuleHandleA
LoadLibraryA
HeapReAlloc
SetLastError
CreateThread
GetExitCodeThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateSemaphoreA
SetEndOfFile
GetFileTime
FileTimeToSystemTime
IsBadStringPtrW
IsBadWritePtr
GetLocaleInfoW
FindAtomW
GetModuleFileNameW
GetUserDefaultLCID
GetSystemDefaultLangID
GetVersionExW
GlobalAlloc
GlobalLock
GetProcAddress
LoadLibraryW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MulDiv
InterlockedCompareExchange
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
InterlockedDecrement
ReadFile
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetEvent
SystemTimeToFileTime
GetSystemTime
WaitForSingleObject
GetFileSize
ReleaseSemaphore
CreateSemaphoreW
MultiByteToWideChar
IsBadReadPtr
SetFilePointer
WideCharToMultiByte
GetDiskFreeSpaceExW
lstrlenA
CompareFileTime
DeleteFileW
Sleep
FreeLibrary
CreateEventW
InterlockedExchange
GetVolumeInformationW
GetComputerNameW
SetThreadAffinityMask
WaitForMultipleObjects
ResetEvent
DisableThreadLibraryCalls
ExitProcess
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
VirtualProtect
InitializeCriticalSectionAndSpinCount

msvcrt

wcsncat
iswspace
_vsnwprintf
_vsnprintf
swscanf
wcstoul
setlocale
_wtoi
_snwprintf
swprintf
wcstol
_ultow
_wtol
__CxxFrameHandler
_ultoa
strncmp
sscanf
isspace
strstr
_stricmp
iswdigit
isalnum
_except_handler3
free
strcpy
realloc
abs
_waccess
_wcsupr
_ui64toa
isdigit
strchr
time
_strcmpi
_itoa
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
malloc
calloc
memset
wcsncpy
strcspn
strspn
abort
exit
fprintf
_iob
getenv
ceil
toupper
isxdigit
iswcntrl
iswascii
wcsspn
wcscspn
_ltoa
isalpha
wcsftime
gmtime
wcstok
strcmp
perror
floor
printf
_CIpow
_snprintf
_strnicmp
wcsrchr
wcschr
wcspbrk
wcsncmp
_wcsicmp
_set_error_mode
_purecall
wcscmp
wcscpy
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
wcscat
memcmp
memcpy
rand
strlen
srand
_beginthreadex
memmove
_wcslwr
longjmp
_setjmp3
sprintf
strncpy
strpbrk
memchr
wcstombs
wcsstr
_itow
towupper
iswprint
_errno
strtoul

ole32

CLSIDFromString
CoGetTreatAsClass
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
VariantTimeToSystemTime
SysStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

user32

GetDesktopWindow
GetDC
ReleaseDC
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
PostThreadMessageW

wmasf

ord5
ord17
ord8
ord6
ord10
ASFTimeToPresTime
ASFTimeToSendTime
ASFSendTimeToTime
ASFPresTimeToTime
ord18
ASFCreateStreamSelector
ASFGetTimeBase
ASFSetDataUnitInfo
ord24
ord11
ord7
ord9

Exports

Exports

DllRegisterServer
WMCheckURLExtension
WMCheckURLScheme
WMCreateBackupRestorer
WMCreateBackupRestorerPrivate
WMCreateEditor
WMCreateIndexer
WMCreateLicenseRevocationAgentPrivate
WMCreateProfileManager
WMCreateReader
WMCreateReaderPriv
WMCreateSyncReader
WMCreateSyncReaderPriv
WMCreateWriter
WMCreateWriterFileSink
WMCreateWriterNetworkSink
WMCreateWriterPriv
WMCreateWriterPushSink
WMIsAvailableOffline
WMIsContentProtected
WMValidateData

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XPSP2Patch/SysOptimize.exe
.exe windows:4 windows x86 arch:x86

da0a9fc439e183bcb21bfd4414ee070b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrlenW
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
lstrlenA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
GetCurrentDirectoryA
lstrcpyA
GetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
HeapFree
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
RaiseException
DeleteCriticalSection
GetModuleFileNameA
FindFirstFileA
Sleep
GetCurrentThreadId
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualFree
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
InterlockedExchange
GetFileType
ExitProcess
HeapReAlloc
RtlUnwind
VirtualProtect

user32

PeekMessageA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
UnregisterClassA
CharNextA
SetDlgItemTextA
EndPaint
BeginPaint
GetDC
ReleaseDC
LoadBitmapA
FillRect
SetWindowTextA
GetSysColorBrush
ExitWindowsEx
SetWindowLongA
GetActiveWindow
EndDialog
CreateDialogParamA
GetWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageA
GetParent
DestroyWindow
DefWindowProcA
PostQuitMessage
GetSystemMetrics
LoadImageA
SendMessageA
FindWindowA
GetDlgItem

gdi32

CreateFontIndirectA
CreatePatternBrush
DeleteObject
GetDeviceCaps
DPtoLP
GetObjectA
SelectObject
SetBrushOrgEx
SetBkMode
DeleteDC

advapi32

RegCloseKey
LookupPrivilegeValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XPSP2Patch/XPSP2Patch_cn.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XPSP2Patch/XPSP2Patch_en.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 53KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dbghelp.dll
.dll windows:5 windows x86 arch:x86

bfdf63b29852e4529780d92b76de1d65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_initterm
_except_handler3
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
wcscmp
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_onexit
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
_strnicmp
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
lstrcmpW
SuspendThread
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetCurrentThreadId
GetThreadSelectorEntry
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmasf.dll
.dll windows:5 windows x86 arch:x86

f5ff989df3991d98134d8365e6abd655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
CloseHandle
GetLastError
WriteFile
FlushFileBuffers
WideCharToMultiByte
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
MulDiv
InitializeCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter

msvcrt

_purecall
malloc
_adjust_fdiv
_initterm
free
_wcsicmp
wcscmp
wcscpy
wcslen
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z

ole32

CoCreateGuid

Exports

Exports

ASFAddPresDelta
ASFAddSendDelta
ASFCalculatePresDelta
ASFCreateBitrateTracker
ASFCreateIOMonitor
ASFCreateIndexMaker
ASFCreateIndexMakerFileSink
ASFCreateLibrary
ASFCreateMediaObjectIndexMaker
ASFCreateStreamSelector
ASFFindHeaderObject
ASFFindRootObject
ASFFindStreamPropertiesObject
ASFGUIDFromCodecID
ASFGUIDToCodecID
ASFGetDataUnitInfo
ASFGetHeaderObject
ASFGetRootObject
ASFGetStreamPropertiesObject
ASFGetTimeBase
ASFPresDeltaTimeToTime
ASFPresDeltaToFull
ASFPresFullToDelta
ASFPresTimeToSendTime
ASFPresTimeToTime
ASFReadHeaderFromFile
ASFReadHeaderFromFileHandle
ASFSendTimeToPresTime
ASFSendTimeToTime
ASFSetDataUnitInfo
ASFTimeToPresDeltaTime
ASFTimeToPresTime
ASFTimeToSendTime
ASFWriteHeaderToFile
CreateAsfCellPoolAllocator

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

237a51742fed62d237b6f1b75452402f

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:b4:b4:68:77:fe:36:32:b9:97:4a:a1:80:99:48:f1Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 290KB

.ndata Size: - Virtual size: 464KB

.rsrc Size: 30KB - Virtual size: 32KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 3KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:b4:b4:68:77:fe:36:32:b9:97:4a:a1:80:99:48:f1
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 290KB

.ndata
Size: - Virtual size: 464KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 22KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B