7b7ca492e55fc3dae47e94d3d4582017

Sharing

Copy URL Twitter E-mail

General

Target

7b7ca492e55fc3dae47e94d3d4582017
Size

2.6MB
MD5

7b7ca492e55fc3dae47e94d3d4582017
SHA1

6f0c23947009dc57b9b2b4669e2b65c52ec0af5e
SHA256

81dc3cf348a72f7e6cd1d813bc9bcc0247330a32281f384d8fab94d8b50be5cf
SHA512

66ff3966cac0959742090531d418ca9d8d1d384294ab0c7ed9eaeedac587409a5c1534acd26f4c91d2b5e12f733eaedde9ca10e2e2f551e19dcc0740e822ef45
SSDEEP

49152:GlpiVvxeZ7BWjKA4EIJE1RobcMZ20Qg6uaXsQfhUPy72RTghAIf6RP:GiQZ8j8bgRacMZ20QHXsQfSy72hgSIiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/个人理财管理系统正式版/Command.oca
unpack001/个人理财管理系统正式版/Command.ocx
unpack001/个人理财管理系统正式版/SkinH_VB6.dll
unpack001/个人理财管理系统正式版/VBAniGIF.ocx
unpack001/个人理财管理系统正式版/VsMenu.ocx
unpack001/个人理财管理系统正式版/msado27.tlb
unpack001/个人理财管理系统正式版/shdocvw.dll
unpack001/个人理财管理系统正式版/stdole2.tlb
unpack001/个人理财管理系统正式版/个人理财管理系统.exe

Files

7b7ca492e55fc3dae47e94d3d4582017
.rar
个人理财管理系统正式版/COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/Command.oca
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/Command.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaFPException
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaFpI4
ord616
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fd
Signer

Actual PE Digest

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/Plug-Ins/update.html
.html
个人理财管理系统正式版/Plug-Ins/说明.txt
个人理财管理系统正式版/SkinH_VB6.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
个人理财管理系统正式版/Thumbs.db
个人理财管理系统正式版/VBAniGIF.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

5cdd231b09230a3b627e89609d7ca10f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

MethCallEngine
ord595
ord598
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord717
ord645
ord570
ord648
ord101
ord102
ord103
ord104
ord105
ord616
ord617

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/VsMenu.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

8acedade15fdb56bcc08c81510081696

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaCyMul
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaI4Sgn
__vbaI2Abs
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord556
ord665
__vbaLenVar
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarCmpGe
__vbaLateMemSt
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
__vbaExitProc
__vbaI4Abs
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaVarIndexStoreObj
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
__vbaStrFixstr
ord520
__vbaForEachCollVar
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
__vbaRefVarAry
__vbaVarTstLt
_CIsin
ord631
__vbaErase
ord525
__vbaVargVarMove
ord632
__vbaVarZero
__vbaChkstk
__vbaCyVar
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
__vbaCyI4
__vbaPrintObj
__vbaObjVar
__vbaNextEachCollVar
__vbaI2I4
ord562
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
__vbaRedimVar
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFailedFriend
__vbaVarDiv
ord607
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
ord535
__vbaI2Var
ord537
ord644
ord645
_CIlog
ord646
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
__vbaVarCmpEq
ord104
ord105
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaUnkVar
__vbaFpI4
__vbaVarCopy
__vbaRecDestructAnsi
__vbaLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaI4Cy
__vbaForEachVar
_allmul
__vbaLateIdSt
ord652
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/dao360.dll
.dll regsvr32 windows:4 windows x86 arch:x86

740d7cb11304862970f49454448a6e33

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:f7:ed:52:f4:77:7a:eb:e5:76:42:22:74:38:97:dc:f5:d4:5e:1a
Signer

Actual PE Digest

b5:f7:ed:52:f4:77:7a:eb:e5:76:42:22:74:38:97:dc:f5:d4:5e:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
wcscspn
_wcsnicmp
atoi
atol
_wtoi
wcslen
_ultow
wcsncpy
malloc
free
_ftol
wcstod
wcsstr
wcscpy
sprintf
swprintf
wcscat
toupper
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall

kernel32

DeleteCriticalSection
InitializeCriticalSection
GlobalFree
GlobalReAlloc
GlobalAlloc
GlobalLock
GetSystemDefaultLCID
CompareStringA
TlsSetValue
CompareStringW
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
WideCharToMultiByte
lstrlenW
TlsGetValue
TlsAlloc
lstrlenA
Sleep
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
TlsFree
GlobalUnlock

user32

PeekMessageW
GetDesktopWindow
wsprintfW
GetWindowLongA
DispatchMessageW
TranslateMessage
GetWindow
IsWindowVisible
GetWindowThreadProcessId

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey

ole32

CoInitialize
CoGetClassObject
CoGetMalloc
CoUninitialize

oleaut32

GetErrorInfo
CreateErrorInfo
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysReAllocString
VariantChangeTypeEx
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
VariantChangeType
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke
SysAllocString
VariantInit
SetErrorInfo
VariantClear
DispGetParam
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/msado27.tlb
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/mscomct2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

748b8691a0d45b447a059b7ae299a0a2

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
GetCPInfo
GetOEMCP
VirtualAlloc
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
IsBadReadPtr
GlobalReAlloc
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetSystemDefaultLCID
GetCurrentThreadId
GetCurrentProcessId
HeapCreate
HeapDestroy
FreeResource
LocalSize
RtlMoveMemory
CreateThread
Sleep
WaitForSingleObject
GetTimeFormatA
GlobalHandle
lstrcmpA
GetThreadLocale
MulDiv
LocalAlloc
GetProfileIntA
LocalReAlloc
LocalFree
GetTickCount
GetModuleHandleA
GlobalAddAtomA
GetACP
CompareStringW
CompareStringA
GlobalSize
GetVersionExA
IsDBCSLeadByte
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
lstrcmpiA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
IsBadWritePtr
GetDateFormatA
lstrcpyA
GetLocaleInfoA
GetLocalTime
CreateFileA
CloseHandle
GlobalAlloc
WriteFile
GlobalLock
HeapAlloc
DeleteCriticalSection
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
FreeLibrary
lstrlenA
GetProcessHeap
GlobalFree
GlobalUnlock

user32

GrayStringA
HideCaret
DestroyCaret
CreateCaret
GetAsyncKeyState
SetCaretPos
DrawTextExA
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
MapVirtualKeyA
ShowCaret
GetUpdateRgn
DestroyCursor
GetWindowRgn
ValidateRect
GetDCEx
LockWindowUpdate
CharNextExA
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
GetKeyboardLayout
GetUpdateRect
DeferWindowPos
BeginDeferWindowPos
FindWindowA
TrackPopupMenu
GetKeyNameTextA
RemovePropA
SendNotifyMessageA
FrameRect
ChildWindowFromPoint
DrawIcon
TranslateMessage
DispatchMessageA
MessageBeep
UnregisterClassA
CreateDialogIndirectParamA
IsChild
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ScrollWindowEx
InvalidateRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
RegisterClipboardFormatA
RegisterWindowMessageA
PeekMessageA
ScreenToClient
PostMessageW
PeekMessageW
RedrawWindow
InflateRect
AdjustWindowRectEx
CreatePopupMenu
DestroyMenu
DrawTextA
DrawFocusRect
AppendMenuA
AdjustWindowRect
IsZoomed
EnumChildWindows
GetDesktopWindow
ShowScrollBar
SetScrollRange
SetScrollPos
GetMessageA
GetScrollPos
IsRectEmpty
CallMsgFilterA
GetMessagePos
GetDoubleClickTime
InvertRect
GetSysColorBrush
SetCursor
GetWindowDC
UnionRect
SetTimer
SetScrollInfo
EnableScrollBar
UpdateWindow
KillTimer
LoadCursorA
GetMessageTime
GetDlgCtrlID
GetWindowThreadProcessId
WindowFromPoint
EndDeferWindowPos
EndDialog
ReleaseCapture
PtInRect
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
GetParent
ClientToScreen
GetWindowRect
GetActiveWindow
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
CharNextA
GetPropA
GetCursorPos
SetCursorPos
MapWindowPoints
DefWindowProcA
SetPropA
IsWindow
SetDlgItemTextA
CheckDlgButton
IsWindowEnabled
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SetWindowLongA
GetWindowLongA
SendDlgItemMessageA
IsDlgButtonChecked
GetClientRect
GetFocus
LoadIconA
FillRect
DrawIconEx
ShowWindow
DestroyIcon
SetDlgItemInt
GetDlgItemInt
MessageBoxA
SetFocus
GetWindowTextLengthA
SetWindowTextA
GetWindowTextA
EnableWindow
DialogBoxParamA
SendMessageA
GetKeyState
SetCapture
GetCapture
CallWindowProcA
PostMessageA
GetSysColor
SetRect
DrawEdge
GetSystemMetrics
GetClassInfoA
RegisterClassA
GetDlgItem
LoadStringA
wsprintfA
GetScrollInfo
GetClassNameA
DrawFrameControl
CopyRect

ole32

OleLoadFromStream
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleSaveToStream
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopy
SafeArrayUnaccessData
OleCreateFontIndirect
GetErrorInfo
OleCreatePictureIndirect
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
CreateErrorInfo
VariantCopyInd
SafeArrayCreateVector
OleCreatePropertyFrame
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleTranslateColor
VariantChangeTypeEx
VariantChangeType
SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
LoadRegTypeLi
VariantClear
SafeArrayRedim
SysFreeString

gdi32

ExcludeClipRect
SetBrushOrgEx
GetClipRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
CreateHalftonePalette
GetTextAlign
SetTextAlign
DeleteObject
GetDeviceCaps
SelectObject
CreateSolidBrush
PatBlt
Polyline
CreatePen
StretchDIBits
GetDIBits
GetSystemPaletteEntries
GetObjectA
CreateBitmap
DeleteDC
CreateCompatibleDC
CreateDCA
SetBkColor
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
GetTextMetricsA
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetTextColor
SelectClipRgn
CreateRectRgn
Rectangle
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
RealizePalette
SelectPalette
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
GetClipBox
TextOutA
SetBkMode
CreateFontA
CreatePatternBrush
ExtTextOutA
RestoreDC
IntersectClipRect
SaveDC
GetBkColor
GetCharWidthA
GetTextExtentPointA
Arc
RectVisible
Ellipse
LineTo
MoveToEx
GetPixel
CreateCompatibleBitmap
BitBlt
CombineRgn
GetTextColor

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/shdocvw.dll
.dll regsvr32 windows:5 windows x86 arch:x86

75884fa442918e86875fb47083137ed0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shdocvw.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA

crypt32

CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertCloseStore

cryptui

CryptUIDlgViewSignerInfoW

gdi32

DeleteObject
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SetPaletteEntries
GetPaletteEntries
RealizePalette
SelectPalette
GetStockObject
CreatePalette
SetBkColor
SetBkMode
SetTextColor
SelectObject
GetTextExtentPointW
IntersectClipRect
CreateDCA
CloseEnhMetaFile
CreateEnhMetaFileA
LineTo
MoveToEx
Rectangle
StretchBlt
CreateCompatibleDC
BitBlt
GetTextCharset
CreateCompatibleBitmap
GetTextExtentPoint32W
RestoreDC

kernel32

GetSystemDefaultLCID
CreateThread
CompareFileTime
GetSystemTimeAsFileTime
IsDBCSLeadByte
CreateDirectoryA
SetCurrentDirectoryA
SetFilePointer
ReadFile
GetFileSize
WriteFile
FindClose
WaitForSingleObject
SetEvent
CreateFileA
ReleaseMutex
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempPathA
SetDllDirectoryW
ExitProcess
GetCommandLineW
OpenMutexW
TlsGetValue
GetSystemTime
GetCurrentProcessId
GlobalFlags
GlobalSize
GlobalReAlloc
TlsSetValue
GetLocalTime
FileTimeToSystemTime
OpenMutexA
ReleaseSemaphore
UnhandledExceptionFilter
lstrcmpiA
GetCurrentDirectoryA
GetShortPathNameA
ResetEvent
HeapFree
GetSystemInfo
InterlockedExchange
TerminateThread
GetExitCodeThread
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetThreadContext
SetThreadContext
SuspendThread
GetCurrentThread
LoadLibraryA
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
HeapAlloc
GetLocaleInfoW
LoadLibraryW
DosDateTimeToFileTime
GetModuleHandleW
CreateEventA
VirtualFree
lstrcpynW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetProcAddress
LocalFree
LocalAlloc
MultiByteToWideChar
GetVersionExA
lstrcmpA
GetSystemDirectoryA
LocalReAlloc
GetDriveTypeW
CreateMutexA
lstrlenA
Sleep
WideCharToMultiByte
lstrcpynA
GetUserDefaultLCID
GlobalFree
LocalSize
GetTickCount
GetLastError
LoadLibraryExA
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
MulDiv
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
GetACP
CloseHandle
TlsFree
DeleteCriticalSection
FreeLibrary
InterlockedDecrement
GetProcessHeap
InterlockedIncrement
RaiseException
SetErrorMode

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_ftol
wcslen
free
_vsnprintf
_except_handler3
_wcsnicmp
wcsrchr
_ltow
memmove
malloc
realloc
_vsnwprintf

ole32

CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
OleSetClipboard
PropVariantCopy
CoGetMalloc
CoInitializeEx
CoCreateGuid
GetHGlobalFromStream
StringFromCLSID
CoRegisterMessageFilter
StgOpenStorage
MkParseDisplayName
CoFileTimeNow
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSave
OleInitialize
OleUninitialize
FreePropVariantArray
CoUnmarshalInterface
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
ProgIDFromCLSID
OleCreateFromData
OleRun
OleSetMenuDescriptor
OleDraw
CreateBindCtx
CoInitialize
CoUninitialize
CoCreateFreeThreadedMarshaler
StgCreateDocfile
GetRunningObjectTable
ReleaseStgMedium
CreateStreamOnHGlobal
CoAllowSetForegroundWindow
RevokeDragDrop
RegisterDragDrop
PropVariantClear
CoTaskMemFree
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
CoTaskMemAlloc
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoGetClassObject

oleaut32

SysFreeString
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysStringLen
SafeArrayUnaccessData
OleCreatePropertyFrameIndirect
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetLBound
RegisterTypeLi
LoadTypeLi
VariantCopyInd
SysAllocStringLen
SafeArrayCreateVector
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
VariantCopy
VariantInit
VariantTimeToDosDateTime
SetErrorInfo
SysAllocString

shlwapi

ord346
ord184
SHStrDupW
ord212
ord174
ord284
ord282
PathFileExistsW
ord384
ord287
ord83
ord318
SHRegGetUSValueW
StrCmpNIW
StrStrIW
StrDupW
ord15
SHQueryValueExW
ord120
ord302
ord192
ord303
ord139
ord558
ord564
ord436
ord128
ord123
ord193
PathQuoteSpacesW
ord75
PathCombineW
ord97
ord299
PathRemoveFileSpecW
ord60
ord116
ord394
ord538
ord149
ord135
ord74
ord104
ord389
ord426
ord427
ord425
ord106
ord108
ord401
ord402
StrCatBuffW
ord57
ord80
ord542
UrlCanonicalizeW
AssocQueryStringW
ord124
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegOpenUSKeyW
StrDupA
ord122
ord13
ord175
ord127
StrCmpW
StrCmpNW
ord158
ord562
ord146
ord40
PathUnquoteSpacesW
PathRemoveBlanksW
ord539
ord186
ord181
ord237
ord217
ord382
ord168
ord66
SHRegSetUSValueW
ord221
ord173
ord220
ord248
ord198
ord79
ord467
ord100
ord2
ord484
ord383
UrlGetPartW
StrStrW
StrChrIW
AssocGetPerceivedType
ord559
StrFormatByteSizeW
StrFromTimeIntervalW
ord336
ord99
PathAppendW
ord67
ord138
PathFindExtensionA
UrlCanonicalizeA
ord218
AssocIsDangerous
AssocCreate
ord130
PathUndecorateW
ord103
ord313
PathParseIconLocationW
ord52
ord165
ord16
PathCompactPathW
ord331
ord72
PathIsRelativeW
ord476
ord134
ord87
ord140
PathRemoveExtensionW
ord334
ord50
ord333
PathCommonPrefixW
UrlIsW
StrTrimW
ord36
PathAddBackslashW
SHQueryValueExA
StrCatBuffA
StrStrIA
PathFindFileNameA
StrCmpNIA
SHSetValueA
wnsprintfA
SHGetValueA
ord126
SHDeleteOrphanKeyA
PathRemoveFileSpecA
SHDeleteKeyA
SHDeleteValueA
ord433
SHDeleteValueW
ord294
ord90
ord129
StrToIntExW
ord372
ord373
ord371
ord286
UrlCombineW
ord376
UrlGetLocationW
StrToIntW
ord283
ord281
PathIsURLW
ord51
ord28
ord39
UrlHashW
StrRChrW
StrChrIA
ord41
ord352
ord351
ord350
wvnsprintfA
ord65
ord341
ord403
ord360
ord137
ord305
ord71
wvnsprintfW
SHOpenRegStream2W
ord187
ord471
ord270
ord263
PathIsPrefixW
StrChrW
ord73
ord298
ord296
PathRenameExtensionW
ord12
ord112
ord89
ord236
ord96
ord354
ord370
ord274
ord460
ord76
StrTrimA
ord98
ord260
ord49
PathCombineA
PathGetArgsW
ord347
ord366
ord121
ord43
ord362
SHRegDuplicateHKey
ord551
ord195
ord197
ord61
ord91
ord53
ord312
StrRetToBufW
ord279
ord479
StrPBrkW
ord113
SHCreateStreamOnFileW
PathCompactPathExW
ord338
ord142
ord182
ord428
ord132
ord355
SHSkipJunction
ord269
ord342
AssocQueryKeyW
PathIsContentTypeW
UrlEscapeW
ord316
PathCanonicalizeW
UrlCreateFromPathW
ord206
ord242
ord243
ord167
ord189
ord188
ord520
ord505
ord507
ord506
ord101
ord93
ord280
ord10
ord9
ord8
ord278
ord105
ord439
StrToIntExA
UrlUnescapeA
ord477
SHRegEnumUSValueW
UrlApplySchemeW
ord462
UrlIsNoHistoryW
StrCSpnW
StrSpnW
ord85
ord367
ord368
ord214
ord310
PathRemoveExtensionA
HashData
UrlUnescapeW
ord496
ord266
ord223
ord222
ord423
ord353
ord319
PathIsURLA
PathRemoveBackslashW
ord375
ord458
ord434
PathCreateFromUrlA
ord357
PathIsFileSpecW
PathIsDirectoryW
PathIsUNCW
SHAutoComplete
ord145
ord480
ord311
ord563
StrFormatKBSizeW
ChrCmpIW
ord229
ord560
SHRegGetValueW
ord157
StrRetToStrW
ord540
PathGetDriveNumberW
ord289
ord267
ord268
ord534
ord1
ord335
ord219
PathFindExtensionW
PathFindFileNameW
ord55
ord315
ord102
ord314
ord37
ord304
ord48
ord131
ord56
ord136
ord141
ord94
ord156
ord161
ord437
ord241
SHCreateShellPalette
ord239
ord461
SHSetValueW
SHGetValueW
StrCmpIW
ord68
ord95
ord340
ord418
ord549
ord276
ord125
ord309
ord406
ord416
ord398
ord414
ord107
ord378
PathCreateFromUrlW
ord249
ord171
ord84
ord178
ord240
ord154
ord133
ord163
SHRegGetBoolUSValueW
ord117
StrCpyNW
ord164
ord199
ord172
ord509
ord204
ord176
ord491
SHDeleteKeyW
ord446
ord517
ord516
ord24
wnsprintfW
ord231
ord561
PathSearchAndQualifyW
ord81
ord431
ord215
ord216
PathIsUNCServerShareW
PathStripToRootW
ord59
ord143
ord295

user32

ChildWindowFromPointEx
ScreenToClient
GetDlgCtrlID
IsDlgButtonChecked
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetSubMenu
CheckDlgButton
CheckRadioButton
EnableWindow
GetDlgItem
GetDesktopWindow
RemoveMenu
GetMenuState
CreateMenu
MessageBeep
InflateRect
MoveWindow
PostQuitMessage
MapWindowPoints
GetDoubleClickTime
WaitMessage
GetAsyncKeyState
GetSystemMenu
CreatePopupMenu
SetParent
GetWindow
AdjustWindowRect
GetSysColor
GetNextDlgTabItem
CheckMenuRadioItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MsgWaitForMultipleObjects
IsIconic
SetWindowPlacement
GetWindowPlacement
DdeCreateDataHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeFreeStringHandle
DdeUninitialize
DdeNameService
GetForegroundWindow
DdeFreeDataHandle
DdeGetData
CharLowerBuffA
RegisterWindowMessageA
CharNextA
GetActiveWindow
EnumWindows
ChildWindowFromPoint
SetMenuDefaultItem
GetMenuDefaultItem
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
ChangeClipboardChain
SetClipboardViewer
CopyRect
IsRectEmpty
UpdateWindow
GetMessagePos
SetRectEmpty
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowLongA
SendMessageTimeoutA
IsHungAppWindow
LoadMenuA
LoadMenuW
InsertMenuA
InsertMenuW
DrawFocusRect
ShowWindowAsync
GetShellWindow
ReleaseCapture
SetCapture
GetWindowDC
TrackMouseEvent
GetCursorPos
CharNextW
RegisterClipboardFormatW
DrawTextExW
SendMessageW
SetWindowTextW
TranslateMessage
GetMenuItemCount
GetCapture
GetLastActivePopup
IsWindowVisible
SetRect
SetForegroundWindow
SetCursor
IsWindowEnabled
GetWindowLongA
GetParent
SetFocus
wsprintfW
InvalidateRect
GetKeyState
DestroyAcceleratorTable
IsWindow
GetFocus
IsChild
BeginPaint
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
GetDC
ReleaseDC
LoadStringA
DestroyIcon
ShowWindow
KillTimer
SetWindowPos
AdjustWindowRectEx
GetClientRect
DestroyWindow
RedrawWindow
GetWindowRect
FillRect
GetSysColorBrush
SetTimer
PtInRect
UnionRect
EndDialog

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/skinh.she
个人理财管理系统正式版/stdole2.tlb
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/xiushb.gif
.gif
个人理财管理系统正式版/xiushb.mdb
个人理财管理系统正式版/个人理财管理系统.exe
.exe windows:4 windows x86 arch:x86

f0f3f4fe82096456b297fbfeb9e93187

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaNameFile
__vbaLenVar
_adj_fdiv_m32
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaVarForInit
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaBoolVar
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
__vbaVargVarMove
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaR4Cy
__vbaStrR8
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaFreeVarg
__vbaStrToAnsi
__vbaVerifyVarObj
ord613
__vbaVarCopy
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
__vbaLateIdSt
__vbaVarLateMemCallSt
ord652
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 624KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
个人理财管理系统正式版/新云软件.url
.url
个人理财管理系统正式版/绿化.bat

Sharing

General

Malware Config

Signatures

Files

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 4KB

.bss Size: - Virtual size: 4KB

.rsrc Size: 25KB - Virtual size: 28KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size:

9c37d3a9448c3699ad996f7b540eb577

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 7KB

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fdSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 512B - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.rsrc
Size: 25KB - Virtual size: 28KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size:

.text
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 7KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

d3:33:87:9d:a3:7d:db:aa:b4:12:4a:ae:67:2b:01:a6:0b:07:8a:fd
Signer

.text
Size: 690KB - Virtual size: 690KB

.data
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 279KB - Virtual size: 279KB

.reloc
Size: 38KB - Virtual size: 38KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.Hmily
Size: - Virtual size: 228KB

.52PoJie
Size: 96KB - Virtual size: 112KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 668B

.text
Size: 504KB - Virtual size: 503KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 32KB - Virtual size: 30KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate