67586ead1f68d4571728b7221259564a

Sharing

Copy URL Twitter E-mail

General

Target

67586ead1f68d4571728b7221259564a
Size

8.8MB
MD5

67586ead1f68d4571728b7221259564a
SHA1

eb7032e686c799ebf2ca369afbb893f1c8d1c072
SHA256

04d514b0f8cdd51af7bf8433277bdd6399a6c1fbd2ae671d732b1c6b63669298
SHA512

f7da66f3bff37a8f1b6d3b124540e10b07c6510a8b5f938c49d7e5493c457559e2e879c40a8167541349a8dbf147670db5dd24301df314841a95ec356a9390ee
SSDEEP

196608:rUFGvxj1FpWWnIzXvWCbwLqLOmkeevmrl3PqIu2:rUF8KvdbwLqLfeQl/K2

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/vjoin.exe	aspack_v212_v242

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zhidiansphb-v11.5H.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/M4.exe
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/System.dll
unpack002/cmd/FLVLib.dll
unpack002/cmd/drv43260.dll
unpack002/cmd/tools/rm
unpack002/cmd/tools/rt
unpack002/help.dll
unpack002/js32.dll
unpack002/libiconv-2.dll
unpack002/libintl-8.dll
unpack002/magic1.dll
unpack002/me.exe
unpack002/mkv.exe
unpack002/regex2.dll
unpack002/vjoin.exe
unpack002/zlib1.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/zhidiansphb-v11.5H.exe	nsis_installer_1
static1/unpack001/zhidiansphb-v11.5H.exe	nsis_installer_2
static1/unpack002/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_2

Files

67586ead1f68d4571728b7221259564a
.rar
zhidiansphb-v11.5H.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DESKTOP/ϵ.url
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
M4.exe
.exe windows:4 windows x86 arch:x86

9c51a81c62b0cd8050e46d4821dd31c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_pctype
__mb_cur_max
_isctype
cos
asin
acos
sin
sqrt
tan
atan2
ceil
exit
calloc
longjmp
_setjmp3
log
tolower
toupper
strtoul
strpbrk
_exit
_XcptFilter
_strdup
fseek
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
abort
_snprintf
_errno
_fdopen
_strupr
_fileno
_strlwr
_strnicmp
_stricmp
fputs
getenv
fscanf
fgets
abs
fgetc
vsprintf
setlocale
_filelengthi64
fsetpos
fgetpos
tmpfile
rand
srand
time
_ftime
memchr
pow
floor
memmove
fputc
fputwc
realloc
memcmp
memcpy
strncpy
remove
rename
vfprintf
fflush
strncmp
atof
sscanf
atoi
gmtime
asctime
strstr
_ftol
strchr
strcmp
strcpy
strcat
__p___initenv
memset
ftell
malloc
fread
strrchr
free
sprintf
fopen
fwrite
fclose
strlen
_iob
__getmainargs
fprintf

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

js32

JS_ObjectIsFunction
JS_GetProperty
JS_GetGlobalObject
JS_GetStringChars
JS_CallFunctionName
JS_CallFunctionValue
JS_NewObject
JS_SetPrivate
JS_GetPrivate
JS_GetStringBytes
JS_GetContextPrivate

kernel32

GetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
CloseHandle
UnmapViewOfFile
WaitForSingleObject
GetCurrentThreadId
CreateMutexA
ReleaseMutex
DeleteFileA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app.ini
cmd/FLVLib.dll
.dll windows:4 windows x86 arch:x86

63484dfd1572b5d796417adead0e3179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
DeleteFileA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
RaiseException
GetCommandLineA
HeapSize
HeapReAlloc
ExitProcess
TerminateProcess
GetACP
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
SetLastError
GetVersion
lstrlenA
lstrcpynA
GetModuleFileNameA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
GlobalLock
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetCurrentThreadId
WriteFile
SetFilePointerEx
SetEndOfFile
GetFileSize
GetLastError
CreateFileA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetVersionExA
CreateMutexA

comctl32

ord17

user32

GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
LoadStringA
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
CopyRect
EnableWindow
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
UnregisterClassA
UnhookWindowsHookEx
SetWindowsHookExA
PeekMessageA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
GetWindow

gdi32

GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectObject
SetTextColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
CreateBitmap
GetClipBox
SetBkColor

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

CreateFileReadAble
CreateFileWriteAble
DeleteFileReadAble
DeleteFileWritable
FlvMetaAddCuePoint
FlvMetaAddCuePointParam
FlvMetaClearCuePoints
FlvMetaCreateObject
FlvMetaDeleteObject
FlvMetaParseFromFile
FlvMetaSetVariable
FlvMetaUpdateToFile
FlvMuplex_GetMaxFrameSize
FlvMuplex_WriteAudioFrame
FlvMuplex_WriteDataTag
FlvMuplex_WriteHeader
FlvMuplex_WriteVideoFrame
FlvReader_Create
FlvReader_CreateByFile
FlvReader_Delete
FlvReader_ReadData
FlvReader_ReadHeader
FlvWriter_Create
FlvWriter_CreateByFile
FlvWriter_Delete
FlvWriter_Flush
FlvWriter_WriteAudioFrame
FlvWriter_WriteHeader
FlvWriter_WriteVideoFrame
Flv_FreeTag
Flv_ReadHeader
Flv_ReadTag
Flv_WriteHeader
Flv_WriteTag
GetFLVInfo
GetFLVInfoFromFile

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd/ab
cmd/drv43260.dll
.dll windows:4 windows x86 arch:x86

e31d4509c91ceccd53040baa2421daf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_adjust_fdiv
fprintf
_iob
_ftol
free
_beginthreadex
__CxxFrameHandler
_purecall
malloc
_initterm

kernel32

QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileIntA
CreateEventA
WaitForMultipleObjects
SetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV20toYUV420CustomMessage
RV20toYUV420Free
RV20toYUV420HiveMessage
RV20toYUV420Init
RV20toYUV420Transform

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd/fv
cmd/mpg
cmd/re
cmd/tools/rm
.dll windows:4 windows x86 arch:x86

b7bf0979a70fb6721cf4052ece649ea0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid

user32

CharNextA
GetSystemMetrics
wsprintfA
GetMessageA
PostThreadMessageA
KillTimer
SetTimer
RegisterWindowMessageA
SendMessageA
PostMessageA
RegisterClassA
UnregisterClassA
CreateWindowExA
SetWindowLongA
DefWindowProcA
GetWindowLongA
PeekMessageA
DispatchMessageA
PostQuitMessage
DestroyWindow

advapi32

RegEnumKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

msvcr71

??0exception@@QAE@ABV0@@Z
_CxxThrowException
strncmp
??_U@YAPAXI@Z
tolower
isupper
memmove
qsort
strchr
strtol
_vsnprintf
__CxxFrameHandler
time
_assert
isdigit
_endthreadex
_beginthreadex
atol
isspace
??1exception@@UAE@XZ
strtok
strstr
atof
_unlink
_strnicmp
fclose
fprintf
fopen
_iob
__dllonexit
_onexit
free
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
??0exception@@QAE@XZ
atoi
??_V@YAXPAX@Z
strncpy
_purecall
strrchr
sprintf
remove
??2@YAPAXI@Z
??3@YAXPAX@Z
_strcmpi
_putenv
_ftime
_errno
_open
_close
_lseek
_read
_write
_get_osfhandle
_fstat
_chsize
_findfirst
_findnext
_findclose
_timezone
localtime
_tzset
_creat
_sopen
_tell
_stricmp
malloc

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

kernel32

ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
WaitForSingleObject
CloseHandle
GetThreadPriority
InitializeCriticalSection
ResumeThread
SuspendThread
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetCurrentThreadId
GetSystemDirectoryA
GlobalMemoryStatus
CreateEventA
DeleteFileA
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
GetTempFileNameA
GetTempPathA
GetSystemInfo
GetVersion
SetThreadPriority
FreeLibrary
GetCurrentProcessId
GetVersionExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetTickCount

Exports

Exports

?AsyncNotifyProc@CAsyncNetThread@@KGJPAUHWND__@@IIJ@Z
?AsyncNotifyProc@CAsyncSockN@@KGJPAUHWND__@@IIJ@Z
RMACreateAsmConversionFilter
RMACreateRM1Merge
RMACreateRM2Converter
RMACreateRM2Converter2
RMClose
RMInit
RMMerge
RMMergeConvert

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd/tools/rt
.dll windows:4 windows x86 arch:x86

727990838bd8b2264bbbd2688c4ac9e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadStringA
CharPrevA
CharNextA
GetSystemMetrics

advapi32

RegOpenKeyExA
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

msvcr71

strrchr
strstr
strtol
_vsnprintf
getenv
_errno
strncpy
_chsize
_strnicmp
_timezone
localtime
time
_tzset
sscanf
atof
strchr
malloc
free
_assert
_ftime
_findclose
_findnext
_findfirst
vfprintf
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
?terminate@@YAXXZ
_mbctype
isupper
__CxxFrameHandler
_stricmp
memmove
rename
remove
fgets
tolower
fopen
atol
fgetc
isspace
isalpha
ungetc
isdigit
_iob
fprintf
fclose
strtok
ceil
floor
atoi
sprintf
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
_read
_write
_unlink
_putenv
_strlwr
_getpid
strpbrk
_get_osfhandle
_fstat
_control87
_tell
_lseek
_sopen
_open
_creat
_close
_strcmpi
_getcwd
_chdir

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kernel32

GlobalMemoryStatus
WinExec
lstrcpyA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetVersion
GetVersionExA
CopyFileA
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
GetTempPathA
GetTempFileNameA
CloseHandle
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
GetLastError
UnmapViewOfFile
GetSystemInfo
MoveFileA
FindNextFileA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
GetDriveTypeA
FindFirstFileA
CreateDirectoryA
GetModuleFileNameA
GetWindowsDirectoryA
GetDiskFreeSpaceA
FindClose
GetFullPathNameA
GetTickCount
GetSystemDirectoryA

ole32

CoCreateGuid

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

RMACreateRMEdit
RMACreateRMEvents
RMACreateRMFF2Reader
RMACreateRMFFCopy
RMACreateRMFFDump
RMACreateRMFile
RMACreateRealMediaRegistration
SetDLLAccessPath

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.chm
.chm
help.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetNtpTime
HookAPI
HookCode
Inject
RemoteExecute
Uninject

Sections

CODE
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
js32.dll
.dll windows:4 windows x86 arch:x86

8a4081abc2c833f164926e41bfa8b681

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
DebugBreak

msvcrt

free
strlen
strcmp
_errno
_iob
fputc
fprintf
strchr
getenv
setlocale
atoi
ungetc
fgetc
strerror
fopen
strcpy
fgets
fflush
fwrite
fputs
_pctype
_isctype
__mb_cur_max
strncmp
memset
malloc
realloc
memcpy
memmove
_ftol
floor
fmod
fabs
acos
asin
atan
atan2
ceil
cos
exp
log
pow
sin
sqrt
tan
localeconv
_control87
_HUGE
sprintf
fclose
getc
tolower
calloc
exit
memcmp
log10
mktime
localtime
strftime
_initterm
_adjust_fdiv
_strdup
_putenv
_isatty
_fileno

Exports

Exports

@JS_DHashTableOperate@12
JSLL_MaxInt
JSLL_MinInt
JSLL_Zero
JS_AddArgumentFormatter
JS_AddExternalStringFinalizer
JS_AddNamedRoot
JS_AddNamedRootRT
JS_AddRoot
JS_AliasElement
JS_AliasProperty
JS_ArenaAllocate
JS_ArenaFinish
JS_ArenaFreeAllocation
JS_ArenaGrow
JS_ArenaRealloc
JS_ArenaRelease
JS_ArenaShutDown
JS_Assert
JS_BufferIsCompilableUnit
JS_CStringsAreUTF8
JS_CallFunction
JS_CallFunctionName
JS_CallFunctionValue
JS_CeilingLog2
JS_CheckAccess
JS_ClearAllTraps
JS_ClearAllWatchPoints
JS_ClearInterrupt
JS_ClearNewbornRoots
JS_ClearPendingException
JS_ClearRegExpRoots
JS_ClearRegExpStatics
JS_ClearScope
JS_ClearScriptTraps
JS_ClearTrap
JS_ClearWatchPoint
JS_ClearWatchPointsForObject
JS_CloneFunctionObject
JS_CompareStrings
JS_CompareValues
JS_CompileFile
JS_CompileFileHandle
JS_CompileFileHandleForPrincipals
JS_CompileFunction
JS_CompileFunctionForPrincipals
JS_CompileScript
JS_CompileScriptForPrincipals
JS_CompileUCFunction
JS_CompileUCFunctionForPrincipals
JS_CompileUCScript
JS_CompileUCScriptForPrincipals
JS_ConcatStrings
JS_ConstructObject
JS_ConstructObjectWithArguments
JS_ContextIterator
JS_ConvertArguments
JS_ConvertArgumentsVA
JS_ConvertStub
JS_ConvertValue
JS_DHashAllocTable
JS_DHashClearEntryStub
JS_DHashFinalizeStub
JS_DHashFreeStringKey
JS_DHashFreeTable
JS_DHashGetKeyStub
JS_DHashGetStubOps
JS_DHashMatchEntryStub
JS_DHashMatchStringKey
JS_DHashMoveEntryStub
JS_DHashStringKey
JS_DHashTableDestroy
JS_DHashTableEnumerate
JS_DHashTableFinish
JS_DHashTableInit
JS_DHashTableRawRemove
JS_DHashTableSetAlphaBounds
JS_DHashVoidPtrKeyStub
JS_DecodeBytes
JS_DecompileFunction
JS_DecompileFunctionBody
JS_DecompileScript
JS_DefineConstDoubles
JS_DefineElement
JS_DefineFunction
JS_DefineFunctions
JS_DefineObject
JS_DefineProperties
JS_DefineProperty
JS_DefinePropertyWithTinyId
JS_DefineUCFunction
JS_DefineUCProperty
JS_DefineUCPropertyWithTinyId
JS_DeleteElement
JS_DeleteElement2
JS_DeleteProperty
JS_DeleteProperty2
JS_DeleteUCProperty2
JS_DestroyContext
JS_DestroyContextMaybeGC
JS_DestroyContextNoGC
JS_DestroyIdArray
JS_DestroyScript
JS_DropExceptionState
JS_EncodeCharacters
JS_EnterLocalRootScope
JS_Enumerate
JS_EnumerateResolvedStandardClasses
JS_EnumerateStandardClasses
JS_EnumerateStub
JS_ErrorFromException
JS_EvalFramePrincipals
JS_EvaluateInStackFrame
JS_EvaluateScript
JS_EvaluateScriptForPrincipals
JS_EvaluateUCInStackFrame
JS_EvaluateUCScript
JS_EvaluateUCScriptForPrincipals
JS_ExecuteScript
JS_ExecuteScriptPart
JS_FinalizeStub
JS_Finish
JS_FinishArenaPool
JS_FlagScriptFilenamePrefix
JS_FlagSystemObject
JS_FloorLog2
JS_ForgetLocalRoot
JS_FrameIterator
JS_FreeArenaPool
JS_GC
JS_GetArrayLength
JS_GetClass
JS_GetClassObject
JS_GetConstructor
JS_GetContextPrivate
JS_GetElement
JS_GetEmptyStringValue
JS_GetExternalStringGCType
JS_GetFrameAnnotation
JS_GetFrameCallObject
JS_GetFrameCalleeObject
JS_GetFrameFunction
JS_GetFrameFunctionObject
JS_GetFrameObject
JS_GetFramePC
JS_GetFramePrincipalArray
JS_GetFrameReturnValue
JS_GetFrameScopeChain
JS_GetFrameScript
JS_GetFrameThis
JS_GetFunctionArity
JS_GetFunctionFlags
JS_GetFunctionId
JS_GetFunctionName
JS_GetFunctionNative
JS_GetFunctionObject
JS_GetFunctionScript
JS_GetFunctionTotalSize
JS_GetGlobalObject
JS_GetImplementationVersion
JS_GetInstancePrivate
JS_GetLocaleCallbacks
JS_GetMethod
JS_GetMethodById
JS_GetNaNValue
JS_GetNegativeInfinityValue
JS_GetObjectId
JS_GetObjectTotalSize
JS_GetOptions
JS_GetParent
JS_GetPendingException
JS_GetPositiveInfinityValue
JS_GetPrivate
JS_GetProperty
JS_GetPropertyAttributes
JS_GetPropertyAttrsGetterAndSetter
JS_GetPropertyDesc
JS_GetPropertyDescArray
JS_GetPrototype
JS_GetReservedSlot
JS_GetRuntime
JS_GetRuntimePrivate
JS_GetScopeChain
JS_GetScriptBaseLineNumber
JS_GetScriptFilename
JS_GetScriptFilenameFlags
JS_GetScriptLineExtent
JS_GetScriptObject
JS_GetScriptPrincipals
JS_GetScriptTotalSize
JS_GetScriptVersion
JS_GetScriptedCaller
JS_GetStringBytes
JS_GetStringChars
JS_GetStringLength
JS_GetTopScriptFilenameFlags
JS_GetTrapOpcode
JS_GetTypeName
JS_GetUCProperty
JS_GetUCPropertyAttributes
JS_GetUCPropertyAttrsGetterAndSetter
JS_GetVersion
JS_HandleTrap
JS_HasArrayLength
JS_HasElement
JS_HasInstance
JS_HasProperty
JS_HasUCProperty
JS_HashString
JS_HashTableAdd
JS_HashTableDestroy
JS_HashTableDump
JS_HashTableEnumerateEntries
JS_HashTableLookup
JS_HashTableRawAdd
JS_HashTableRawLookup
JS_HashTableRawRemove
JS_HashTableRemove
JS_IdToValue
JS_Init
JS_InitArenaPool
JS_InitClass
JS_InitStandardClasses
JS_InstanceOf
JS_InternString
JS_InternUCString
JS_InternUCStringN
JS_IsAboutToBeFinalized
JS_IsArrayObject
JS_IsAssigning
JS_IsConstructing
JS_IsConstructorFrame
JS_IsDebuggerFrame
JS_IsExceptionPending
JS_IsNativeFrame
JS_IsRunning
JS_IsSystemObject
JS_LeaveLocalRootScope
JS_LeaveLocalRootScopeWithResult
JS_LineNumberToPC
JS_Lock
JS_LockGCThing
JS_LockGCThingRT
JS_LookupElement
JS_LookupProperty
JS_LookupPropertyWithFlags
JS_LookupUCProperty
JS_MakeStringImmutable
JS_MapGCRoots
JS_MarkGCThing
JS_MaybeGC
JS_NewArrayObject
JS_NewContext
JS_NewDHashTable
JS_NewDependentString
JS_NewDouble
JS_NewDoubleValue
JS_NewExternalString
JS_NewFunction
JS_NewGrowableString
JS_NewHashTable
JS_NewNumberValue
JS_NewObject
JS_NewPropertyIterator
JS_NewRegExpObject
JS_NewScriptObject
JS_NewString
JS_NewStringCopyN
JS_NewStringCopyZ
JS_NewUCRegExpObject
JS_NewUCString
JS_NewUCStringCopyN
JS_NewUCStringCopyZ
JS_NextProperty
JS_Now
JS_ObjectIsFunction
JS_PCToLineNumber
JS_PopArguments
JS_PropertyIterator
JS_PropertyStub
JS_PushArguments
JS_PushArgumentsVA
JS_PutPropertyDescArray
JS_RemoveArgumentFormatter
JS_RemoveExternalStringFinalizer
JS_RemoveRoot
JS_RemoveRootRT
JS_ReportError
JS_ReportErrorFlagsAndNumber
JS_ReportErrorFlagsAndNumberUC
JS_ReportErrorNumber
JS_ReportErrorNumberUC
JS_ReportOutOfMemory
JS_ReportPendingException
JS_ReportWarning
JS_ResolveStandardClass
JS_ResolveStub
JS_RestoreExceptionState
JS_RestoreFrameChain
JS_SaveExceptionState
JS_SaveFrameChain
JS_SealObject
JS_SetArrayLength
JS_SetBranchCallback
JS_SetCallHook
JS_SetCallReturnValue2
JS_SetCheckObjectAccessCallback
JS_SetContextCallback
JS_SetContextPrivate
JS_SetDebugErrorHook
JS_SetDebuggerHandler
JS_SetDestroyScriptHookProc
JS_SetElement
JS_SetErrorReporter
JS_SetExecuteHook
JS_SetFrameAnnotation
JS_SetFrameReturnValue
JS_SetGCCallback
JS_SetGCCallbackRT
JS_SetGCParameter
JS_SetGlobalObject
JS_SetInterrupt
JS_SetLocaleCallbacks
JS_SetNewScriptHookProc
JS_SetObjectHook
JS_SetObjectPrincipalsFinder
JS_SetOptions
JS_SetParent
JS_SetPendingException
JS_SetPrincipalsTranscoder
JS_SetPrivate
JS_SetProperty
JS_SetPropertyAttributes
JS_SetPrototype
JS_SetRegExpInput
JS_SetReservedSlot
JS_SetRuntimePrivate
JS_SetSourceHandler
JS_SetThreadStackLimit
JS_SetThrowHook
JS_SetTrap
JS_SetUCProperty
JS_SetUCPropertyAttributes
JS_SetVersion
JS_SetWatchPoint
JS_ShutDown
JS_StackFramePrincipals
JS_StringToVersion
JS_ThrowReportedError
JS_ToggleOptions
JS_TypeOfValue
JS_UndependString
JS_Unlock
JS_UnlockGCThing
JS_UnlockGCThingRT
JS_ValueToBoolean
JS_ValueToConstructor
JS_ValueToECMAInt32
JS_ValueToECMAUint32
JS_ValueToFunction
JS_ValueToId
JS_ValueToInt32
JS_ValueToNumber
JS_ValueToObject
JS_ValueToString
JS_ValueToUint16
JS_VersionToString
JS_XDRBytes
JS_XDRCString
JS_XDRCStringOrNull
JS_XDRDestroy
JS_XDRDouble
JS_XDRFindClassById
JS_XDRFindClassIdByName
JS_XDRInitBase
JS_XDRMemDataLeft
JS_XDRMemGetData
JS_XDRMemResetData
JS_XDRMemSetData
JS_XDRNewMem
JS_XDRRegisterClass
JS_XDRScript
JS_XDRString
JS_XDRStringOrNull
JS_XDRUint16
JS_XDRUint32
JS_XDRUint8
JS_XDRValue
JS_dtobasestr
JS_dtostr
JS_free
JS_malloc
JS_realloc
JS_smprintf
JS_smprintf_free
JS_snprintf
JS_sprintf_append
JS_strdup
JS_strtod
JS_sxprintf
JS_vsmprintf
JS_vsnprintf
JS_vsprintf_append
JS_vsxprintf
js_AllocRawStack
js_AllocStack
js_AnyNameClass
js_AtomToPrintableString
js_Atomize
js_AtomizeChars
js_AttributeNameClass
js_CallDestroyScriptHook
js_CallNewScriptHook
js_CloseTokenStream
js_CompileTokenStream
js_DateGetDate
js_DateGetHours
js_DateGetMinutes
js_DateGetMonth
js_DateGetMsecSinceEpoch
js_DateGetSeconds
js_DateGetYear
js_DateIsValid
js_DateSetDate
js_DateSetHours
js_DateSetMinutes
js_DateSetMonth
js_DateSetSeconds
js_DateSetYear
js_FindProperty
js_FinishCodeGenerator
js_FreeAtomMap
js_FreeRawStack
js_FreeStack
js_FunctionClass
js_GetAtom
js_GetScriptLineExtent
js_GetSrcNoteOffset
js_InitAtomMap
js_InitCodeGenerator
js_Invoke
js_LookupProperty
js_MapKeywords
js_NamespaceClass
js_NewBufferTokenStream
js_NewDateObject
js_NewDateObjectMsec
js_NewFileTokenStream
js_NewScriptFromCG
js_ObjectOps
js_ParseTokenStream
js_ParseXMLTokenStream
js_QNameClass
js_ReportErrorAgain
js_ScriptClass
js_SearchScope
js_SrcNoteLength
js_SrcNoteSpec
js_ValueToPrintable
js_ValueToSource
js_ValueToString
js_WithObjectOps
js_XMLClass
js_XMLObjectOps
js_fgets
resolving_MatchEntry

Sections

.text
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libiconv-2.dll
.dll windows:4 windows x86 arch:x86

4b10c1ef119ea3d46439977b03f17e1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte

msvcrt

_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_errno
abort
fflush
free
malloc
memcpy
qsort
sprintf
strchr
strcmp
strcpy
strlen
strncmp

Exports

Exports

_libiconv_version
aliases2_lookup
aliases_lookup
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 536B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libintl-8.dll
.dll windows:4 windows x86 arch:x86

20f0bf0b7c3dee59835e4d9d93d2ad03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv-2

libiconv
libiconv_open
libiconv_set_relocation_prefix

kernel32

CloseHandle
CreateEventA
DeleteCriticalSection
EnterCriticalSection
GetACP
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetThreadLocale
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetEvent
Sleep
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fstat
_getcwd
_open
_read
_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_flsbuf
_iob
_isctype
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
bsearch
calloc
fclose
fflush
fgets
fopen
fputc
fputwc
free
fwrite
getenv
localeconv
malloc
memcpy
qsort
realloc
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strstr
strtoul
tolower
vfwprintf
wcschr
wcslen

Exports

Exports

__printf__
_get_output_format
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_msg
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
_nl_state_lock
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_hash_string
libintl_lock_destroy
libintl_lock_init
libintl_lock_lock
libintl_lock_unlock
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_once
libintl_recursive_lock_destroy
libintl_recursive_lock_init
libintl_recursive_lock_lock
libintl_recursive_lock_unlock
libintl_relocate
libintl_rwlock_destroy
libintl_rwlock_init
libintl_rwlock_rdlock
libintl_rwlock_unlock
libintl_rwlock_wrlock
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_version
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
textdomain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
magic1.dll
.dll windows:4 windows x86 arch:x86

d8adf44f90c973053779f7dd96649e25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

regex2

regcomp
regerror
regexec
regfree

zlib1

inflate
inflateEnd
inflateInit2_

kernel32

AddAtomA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetFileAttributesA
GetLastError
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep

msvcrt

_close
_dup2
_mktemp
_open
_read
_strdup
_unlink
_utime
_write
__dllonexit
__mb_cur_max
_access
_assert
_errno
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_iob
_isctype
_lseeki64
_pctype
_pipe
_stati64
abort
asctime
calloc
ctime
exit
fclose
fflush
fgets
fopen
fprintf
fputc
free
fwrite
getenv
gmtime
localtime
malloc
memcpy
memset
qsort
realloc
sprintf
strchr
strcpy
strcspn
strerror
strlen
strncmp
strrchr
strstr
strtod
strtol
strtoul
time
tolower
toupper
vfprintf
vsprintf

Exports

Exports

DllGetVersion
magic_buffer
magic_check
magic_close
magic_compile
magic_descriptor
magic_errno
magic_error
magic_file
magic_load
magic_open
magic_setflags

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
me.exe
.exe windows:4 windows x86 arch:x86

5b4ea56a3ce25cc1bf0ae8432c7ac704

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FormatMessageA
FreeLibrary
GetACP
GetAtomNameA
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalFree
MultiByteToWideChar
OpenProcess
PeekNamedPipe
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetLastError
SetPriorityClass
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_close
_creat
_fdopen
_fstat
_ftime
_lseek
_memccpy
_mkdir
_open
_putenv
_read
_setmode
_strdup
_stricmp
_swab
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthread
_beginthreadex
_cexit
_endthread
_endthreadex
_errno
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fstati64
_ftime
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_open_osfhandle
_pctype
_setjmp
_setmode
_stati64
_stricmp
_strnicmp
abort
acos
asin
atan
atan2
atexit
atof
atoi
atol
bsearch
calloc
ceil
clearerr
cos
cosh
ctime
exit
exp
fclose
fflush
fgetc
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
getc
getenv
getwc
gmtime
iswctype
ldexp
localeconv
localtime
log
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putc
putchar
puts
putwc
qsort
rand
realloc
rename
rewind
setbuf
setlocale
setvbuf
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
strxfrm
tan
tanh
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscoll
wcsftime
wcslen
wcstombs
wcsxfrm

ole32

CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

user32

DialogBoxParamA
EndDialog
GetDlgItemTextA
GetForegroundWindow

winmm

mciGetErrorStringA
mciSendCommandA
timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
ntohl
recv
select
send
setsockopt
socket

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mkv.exe
.exe windows:4 windows x86 arch:x86

e6afc71f30439c9ca8030c97e23bf4f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libiconv-2

libiconv
libiconv_close
libiconv_open

libintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_textdomain

magic1

magic_buffer
magic_close
magic_load
magic_open

zlib1

deflate
deflateEnd
deflateInit_
inflate
inflateEnd
inflateInit_

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
CreateHardLinkA
CreateHardLinkW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageA
GetACP
GetCommandLineW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetShortPathNameW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LocalFree
MoveFileA
MoveFileW
MultiByteToWideChar
ReadFile
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_fdopen
_fstat
_open
_read
_setmode
_strdup
_swab
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_atoi64
_cexit
_errno
_filbuf
_filelengthi64
_flsbuf
_ftime
_iob
_isctype
_lseeki64
_onexit
_pctype
_putenv
_setmode
_snprintf
_stricmp
_strnicmp
_wmkdir
_wstat
abort
acos
atan
atexit
atoi
atol
calloc
ceil
cos
exit
exp
fclose
ferror
fflush
fgetc
fgetpos
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwrite
getenv
getwc
iswctype
ldexp
log
malloc
memchr
memcpy
memmove
memset
perror
pow
putwc
qsort
rand
realloc
rename
setlocale
setvbuf
signal
sin
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strstr
strtod
strtol
strxfrm
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

rpcrt4

UuidCreate

shell32

CommandLineToArgvW
SHGetFolderPathW

wsock32

ntohl

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
regex2.dll
.dll windows:4 windows x86 arch:x86

034666ac012e8ddbed7c20dac60b4b4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_assert
_errno
_isctype
_pctype
_stricmp
abort
calloc
fflush
free
getenv
malloc
memcpy
memmove
memset
realloc
strchr
tolower
toupper

Exports

Exports

DllGetVersion
re_comp
re_compile_fastmap
re_compile_pattern
re_exec
re_match
re_match_2
re_search
re_search_2
re_set_registers
re_set_syntax
re_syntax_options
regcomp
regerror
regexec
regfree

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vjoin.dll
vjoin.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 460KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vjoin.exe.manifest
web.url
zlib1.dll
.dll windows:4 windows x86 arch:x86

07761085e6d5abbc4cbf0976d6b9a264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

_fdopen
__dllonexit
_errno
_filelengthi64
_vsnprintf
abort
clearerr
fclose
fflush
fgetpos
fopen
fprintf
fputc
fread
free
fsetpos
fwrite
malloc
memcpy
memset
sprintf
strcat
strcpy
strerror
strlen

Exports

Exports

DllGetVersion
_dist_code
_length_code
_tr_align
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gzclearerr
gzclose
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflatePrime
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
inflate_copyright
inflate_fast
inflate_table
uncompress
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 6KB - Virtual size: 5KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

9c51a81c62b0cd8050e46d4821dd31c0

Headers

File Characteristics

Imports

msvcrt

winmm

js32

kernel32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 168KB - Virtual size: 174KB

.rsrc Size: 4KB - Virtual size: 944B

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 168KB - Virtual size: 174KB

.rsrc
Size: 4KB - Virtual size: 944B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 32KB - Virtual size: 1004KB

.data1
Size: 4KB - Virtual size: 896B

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 32KB - Virtual size: 30KB