7fb449e7e61d7f7d41ef63d4b9df44ea

Sharing

Copy URL

Twitter E-mail

General

Target

7fb449e7e61d7f7d41ef63d4b9df44ea
Size

4.1MB
MD5

7fb449e7e61d7f7d41ef63d4b9df44ea
SHA1

c5de43bc182a5761b6ffe5216fae626afdb16887
SHA256

e015546d6fca3f7cf936aebccc85478bce64d6bef9250d75e0d7965f7ca6fcec
SHA512

d73c4e4475ea9db2f4e6c76f46dfb9b10747e6a5b6f047fa24970a24272c844baa1066670b9c81798bf5ceeddc9becc0cf6209f7c4b1fcc0254477ad18c837a4
SSDEEP

98304:AK4w4CbRZS2IKG1qeqH3kvI+ommXLl4QaU5GKdbNFbeIk:+w4w4OMqvH3SIj7BUKdb3bef

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/Manager/genHomevw.exe
unpack001/Server/AppSvr_n.exe
unpack001/Server/DBMgr.exe
unpack001/Server/DlxSvcS_n.exe
unpack001/Server/FCUtil.exe
unpack001/Server/HistoryDeleteSecondEdition.exe
unpack001/Server/MigrationDB.exe
unpack001/Server/Patcher.exe
unpack001/Server/PromptExecute.exe
unpack001/Server/Server_n.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7fb449e7e61d7f7d41ef63d4b9df44ea
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:bc:96:28:82:a4:9f:9b:c4:38:56:68:30:d4:72:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/11/2011, 00:00

Not After

08/12/2012, 23:59

Subject

CN=ACTSoft Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ACTSoft Co.\, Ltd,L=Bundang-gu,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

a49b0342971aa199fc6349725b90146d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
lstrcpynA
lstrlenA
LoadLibraryA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExA
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Manager/genHomevw.exe
.exe windows:4 windows x86 arch:x86

8f8903f37ca33b5581c58609d6b13e24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1979
ord6385
ord5186
ord354
ord5572
ord2915
ord4278
ord6877
ord2820
ord5710
ord4129
ord5856
ord6662
ord5583
ord6153
ord3790
ord5683
ord940
ord6883
ord3742
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3619
ord609
ord795
ord818
ord567
ord3626
ord3663
ord2414
ord1768
ord2078
ord2108
ord2116
ord2152
ord1175
ord1641
ord1233
ord283
ord2642
ord4299
ord2859
ord4284
ord6199
ord4275
ord5787
ord5981
ord3521
ord6402
ord1832
ord5651
ord350
ord2614
ord3698
ord3693
ord765
ord3571
ord640
ord2405
ord5678
ord6734
ord5785
ord5736
ord1640
ord323
ord3797
ord4133
ord4297
ord5788
ord1264
ord1679
ord1773
ord5009
ord1978
ord5181
ord3593
ord317
ord635
ord5200
ord1261
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord1787
ord6123
ord4291
ord5192
ord775
ord4099
ord2395
ord5658
ord1994
ord6322
ord1006
ord2609
ord5947
ord1961
ord3466
ord2803
ord1911
ord503
ord5697
ord5699
ord5703
ord5708
ord798
ord1997
ord6407
ord6010
ord5194
ord533
ord801
ord541
ord6197
ord3337
ord5465
ord939
ord1187
ord268
ord1567
ord665
ord6307
ord521
ord4167
ord6302
ord4168
ord711
ord413
ord1868
ord6334
ord2370
ord4224
ord2645
ord537
ord858
ord535
ord1200
ord2818
ord924
ord6215
ord926
ord2764
ord922
ord941
ord470
ord755
ord2379
ord2863
ord4160
ord1168
ord1146
ord4234
ord324
ord3597
ord4425
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord1134
ord2621
ord2514
ord641
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord823
ord3811
ord540
ord860
ord800
ord551
ord825
ord1576

msvcrt

??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__CxxFrameHandler
strncpy
_mkdir
_setmbcp
_iob
fprintf
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_mbscmp
_access
_CxxThrowException
strtok
sprintf
clock
atoi
strstr
tolower
rename
_snprintf
vsprintf
strrchr
malloc
free
_getpid
strncat
_ftol
_vsnprintf
_exit
_onexit
__dllonexit
calloc
_controlfp

kernel32

GetProcessHeap
HeapFree
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetWindowsDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
CreateDirectoryA
GetShortPathNameA
GetLastError
MoveFileExA
HeapAlloc
lstrlenA
lstrcpynA
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
FindFirstFileA
FindClose
CopyFileA
FindNextFileA
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
lstrcmpiA
GetPriorityClass
GetVersionExA
Module32Next
Module32First
GetDriveTypeA
GetCurrentProcess
GetModuleHandleA
GetStdHandle
SetStdHandle
AllocConsole
SetEndOfFile
CreateFileA
FlushFileBuffers
WriteFile
GetComputerNameA
GetVolumeInformationA
GetDiskFreeSpaceA
GlobalMemoryStatus
CreateThread
MultiByteToWideChar
GetSystemInfo

user32

GetDesktopWindow
MessageBeep
SetTimer
KillTimer
FillRect
DrawIcon
AppendMenuA
TranslateMessage
DispatchMessageA
RedrawWindow
IsWindowVisible
SetRect
IsWindow
GetSysColor
GetFocus
GetSystemMenu
GetClientRect
SendMessageA
LoadIconA
PeekMessageA
MessageBoxA
GetSystemMetrics
IsIconic
EnableWindow
ReleaseDC
GetDC
GetWindowRect
PtInRect
LoadCursorA
SystemParametersInfoA

gdi32

CreatePen
Rectangle
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
PatBlt
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/AppSvr_n.exe
.exe windows:4 windows x86 arch:x86

92625cdaa29f961de6441d207bcd3530

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
select
WSAAccept
gethostbyname
setsockopt
closesocket
send
recv
WSAGetLastError
getpeername
WSASocketA
htons
inet_addr
bind
getsockname
listen

mfc42

ord665
ord543
ord354
ord803
ord2393
ord6307
ord521
ord801
ord6883
ord541
ord926
ord1147
ord5572
ord2915
ord2820
ord551
ord3811
ord5440
ord6383
ord5450
ord6394
ord6877
ord940
ord1948
ord5303
ord4699
ord565
ord817
ord2726
ord4226
ord2370
ord6334
ord922
ord4129
ord4278
ord5710
ord939
ord2764
ord773
ord501
ord5621
ord1083
ord775
ord639
ord1994
ord3168
ord322
ord3466
ord5192
ord503
ord3337
ord5607
ord2762
ord1979
ord6385
ord5773
ord3318
ord6010
ord5186
ord3790
ord5683
ord2614
ord1997
ord5465
ord5194
ord798
ord533
ord6407
ord3584
ord3619
ord3742
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord609
ord795
ord818
ord567
ord3626
ord2414
ord2078
ord2108
ord2116
ord2152
ord1641
ord1233
ord283
ord2642
ord2859
ord4284
ord4275
ord5787
ord5981
ord6197
ord3521
ord6402
ord4224
ord6662
ord5583
ord6153
ord5651
ord3127
ord3616
ord5442
ord350
ord5645
ord5856
ord1868
ord413
ord711
ord4168
ord6302
ord4167
ord2803
ord3693
ord3698
ord765
ord3571
ord640
ord2405
ord5678
ord6734
ord5785
ord5736
ord1640
ord323
ord3797
ord4133
ord4297
ord5788
ord1832
ord1264
ord1679
ord1773
ord1576
ord1978
ord5181
ord3593
ord5200
ord1261
ord6143
ord4204
ord1228
ord2721
ord317
ord268
ord2818
ord1567
ord635
ord3663
ord1175
ord1644
ord6270
ord2438
ord3654
ord2584
ord4220
ord6199
ord860
ord470
ord755
ord2379
ord2863
ord4160
ord1106
ord4287
ord4299
ord1168
ord1146
ord4234
ord324
ord3597
ord4425
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord537
ord535
ord941
ord540
ord924
ord1200
ord1134
ord858
ord800
ord6117
ord1247
ord1199
ord2621
ord823
ord2086
ord1768
ord6215
ord2514
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord5009

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_purecall
_strnicmp
_vsnprintf
_mkdir
strncat
_getpid
_iob
fprintf
calloc
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
tolower
_splitpath
_setmbcp
_stricmp
strstr
__CxxFrameHandler
_mbsicmp
strncpy
_ftol
atoi
strtok
free
_mbscmp
malloc
sprintf
_snprintf
realloc
strncmp
clock
_access
vsprintf

kernel32

CloseHandle
GetCurrentProcess
GetVersionExA
lstrlenA
CreateThread
ReleaseMutex
CreateMutexA
GetProcAddress
GetCurrentProcessId
WritePrivateProfileStringA
GetComputerNameA
LoadLibraryA
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
FormatMessageA
lstrcpynA
LocalFree
GetTickCount
Sleep
GetFileAttributesA
DeleteFileA
InitializeCriticalSection
GetLastError
ResumeThread
GetCurrentThreadId
WaitForSingleObject
GetWindowsDirectoryA
GetSystemDirectoryA
GetStdHandle
SetStdHandle
AllocConsole
SetEndOfFile
CreateFileA
FlushFileBuffers
WriteFile
GlobalMemoryStatus
GetSystemInfo
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
GetStartupInfoA
CreateProcessA
FreeLibrary
CopyFileA
MoveFileA
CreateDirectoryA
MultiByteToWideChar
MoveFileExA
DeleteCriticalSection
GetShortPathNameA

user32

SystemParametersInfoA
GetDesktopWindow
LoadImageA
DispatchMessageA
TranslateMessage
MessageBoxA
PeekMessageA
IsWindow
GetCursorPos
LoadMenuA
GetSubMenu
InsertMenuA
KillTimer
SetTimer
PostMessageA
LoadIconA
GetWindowRect
FillRect
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
MessageBeep
wsprintfA
GetFocus
PtInRect
RedrawWindow
IsWindowVisible
SetRect
AppendMenuA
SendMessageA
GetDC
ReleaseDC
GetSysColor
SetForegroundWindow
LoadCursorA

gdi32

CreatePen
Rectangle
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
PatBlt
GetTextExtentPoint32A
CreateFontIndirectA

advapi32

RegQueryValueExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateGuid

wsock32

WSAAsyncSelect
accept
WSAStartup
WSACleanup
inet_ntoa
recvfrom
inet_addr
sendto
socket
htonl

wininet

HttpQueryInfoA
InternetSetStatusCallback
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetReadFile

netapi32

Netbios

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/DBMgr.exe
.exe windows:4 windows x86 arch:x86

506a592b88d18297dc6b063329aadba8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord6283
ord5645
ord5856
ord2393
ord350
ord703
ord603
ord2454
ord1969
ord2801
ord273
ord403
ord6383
ord1989
ord5440
ord2740
ord404
ord5683
ord2763
ord3398
ord3733
ord810
ord1941
ord4271
ord2652
ord1669
ord2864
ord2862
ord4506
ord3303
ord3287
ord4204
ord1099
ord3301
ord6007
ord3998
ord1848
ord4243
ord1133
ord1844
ord1140
ord4774
ord3619
ord4275
ord2860
ord3706
ord640
ord5678
ord4133
ord4297
ord5788
ord472
ord3079
ord924
ord5736
ord1640
ord323
ord6720
ord2567
ord6880
ord2859
ord6270
ord1574
ord4220
ord3654
ord3701
ord500
ord772
ord2438
ord6142
ord3571
ord3693
ord4277
ord2096
ord384
ord2408
ord5860
ord807
ord3289
ord4163
ord2120
ord554
ord2920
ord2012
ord1644
ord5787
ord1621
ord2919
ord2452
ord2405
ord6172
ord2753
ord5873
ord5785
ord1195
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord1134
ord2621
ord6117
ord3573
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord1200
ord535
ord5981
ord616
ord3092
ord6199
ord537
ord858
ord2302
ord2370
ord2289
ord567
ord540
ord3574
ord4424
ord3402
ord5290
ord4396
ord1776
ord6055
ord2575
ord6394
ord5450
ord823
ord2044
ord5834
ord4441
ord6403
ord6379
ord6197
ord6153
ord4202
ord6662
ord1175
ord4224
ord3178
ord940
ord356
ord2770
ord2781
ord4058
ord3181
ord1980
ord668
ord536
ord6407
ord533
ord3790
ord798
ord5194
ord5465
ord1997
ord2915
ord5572
ord5651
ord1832
ord1601
ord539
ord861
ord835
ord6282
ord4278
ord923
ord268
ord5583
ord1567
ord4476
ord5875
ord2754
ord1641
ord6334
ord2299
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3758
ord551
ord354
ord941
ord665
ord3337
ord934
ord355
ord2515
ord3499
ord2764
ord6663
ord5710
ord4129
ord5601
ord2777
ord3810
ord939
ord3880
ord3425
ord3054
ord3227
ord3408
ord547
ord6569
ord5622
ord2614
ord5933
ord932
ord836
ord2814
ord6877
ord926
ord3811
ord2820
ord922
ord2642
ord1105
ord2818
ord6453
ord470
ord755
ord2379
ord2863
ord4160
ord542
ord1168
ord1146
ord2584
ord3698
ord1161
ord2566
ord5782
ord1194
ord955
ord293
ord2513
ord5805
ord5883
ord2921
ord5884
ord2116
ord3730
ord5064
ord1715
ord1710
ord5086
ord4366
ord3295
ord4268
ord1929
ord3175
ord1664
ord3448
ord4317
ord6241
ord3721
ord4710
ord2086
ord4234
ord800
ord765
ord609
ord2448
ord802
ord860
ord2414
ord3663
ord3626
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord283
ord4080
ord5890
ord2937
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4123
ord4060
ord1719
ord4225
ord3577
ord3352
ord4397
ord2576
ord4376
ord5789
ord5265
ord4217
ord4644
ord4258
ord692
ord489
ord768
ord4835
ord5287
ord4854
ord4377
ord4358
ord4948
ord4976
ord4742
ord1576
ord4905
ord5160
ord5162
ord5161
ord3639
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord1907
ord3089
ord3084
ord1217
ord2571
ord2097
ord6825
ord1229
ord1829
ord656
ord3874
ord2089
ord1949
ord4530
ord4544
ord4523
ord5685
ord3274
ord3353
ord3579
ord818
ord2623
ord439
ord736
ord4021
ord5495
ord6442
ord613
ord289
ord2380
ord2634
ord6128
ord3752
ord3754
ord3753
ord5148
ord6129
ord729
ord2504
ord430
ord4042
ord3030
ord5053
ord6458
ord4287
ord3258
ord4003
ord3237
ord826
ord824
ord764
ord1871
ord1000
ord5589
ord2233
ord394
ord696
ord3435
ord909
ord3028
ord6571
ord2381
ord6467
ord1799
ord614
ord290
ord786
ord2461
ord6393
ord519
ord3174
ord5449
ord5510
ord1652
ord429
ord4020
ord6605
ord686
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5579
ord5571
ord6061
ord5864
ord3596
ord5781
ord3220
ord2713
ord6648
ord816
ord562
ord3138
ord1171
ord1232
ord3496
ord3495
ord326
ord2107
ord2841
ord1706
ord2727
ord2730
ord2729
ord3508
ord2714
ord2152
ord1233
ord3797
ord4270
ord4299
ord1572
ord3005
ord2135
ord3732
ord556
ord809
ord2122

msvcrt

_controlfp
__set_app_type
_CIpow
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler
_mbscmp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
_splitpath
strncmp
_mkdir
_access
strstr
__dllonexit
memmove
wcscmp
wcslen
wcscpy
_mbsstr
_strlwr
fclose
fprintf
fopen
_ftol
calloc
free
_strdup
printf
sprintf
rename
remove
malloc
ftell
fseek
_iob
_strtime
_strdate
fflush
_snprintf
strncpy
_mbsicmp
??1type_info@@UAE@XZ
_gcvt
_CxxThrowException
tolower
atoi
strtok
clock
wcsncpy
wcsstr
_wcslwr
sscanf
_purecall
strtod
swscanf
_wtoi
wcschr
_wcsicmp
strchr
floor
ceil
wcsncmp
qsort
_mbctype
_mbsnbcpy
abort
_setjmp3
fread
rand
_mbschr
longjmp
_itoa
_ltoa
_ultoa
_setmbcp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z

kernel32

GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
GetOEMCP
ResetEvent
ResumeThread
SetThreadPriority
CreateThread
SetEvent
GetTickCount
ReadFile
CreateFileA
SetFilePointer
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
LoadLibraryExA
lstrcmpA
GetStartupInfoA
GetCPInfo
lstrlenW
GetVersion
SetCurrentDirectoryA
WideCharToMultiByte
GetShortPathNameA
WritePrivateProfileStringA
MoveFileExA
FindResourceA
LoadResource
SizeofResource
LockResource
lstrcpynA
CreateEventA
GetModuleHandleA
CreateProcessA
WaitForSingleObject
lstrcatA
GetVersionExA
LocalFree
RemoveDirectoryA
ReleaseMutex
CreateMutexA
FormatMessageA
lstrlenA
LocalAlloc
GetSystemDirectoryA
GetWindowsDirectoryA
InterlockedIncrement
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentProcessId
SetLastError
GetCurrentThread
DuplicateHandle
DeleteCriticalSection
InterlockedDecrement
GetModuleFileNameA
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetLastError
OutputDebugStringA
CreateDirectoryA
CopyFileA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
CloseHandle
Process32Next
TerminateThread
EnterCriticalSection
GetFileAttributesA
FindNextFileA
FindClose
GetFileAttributesExA
MultiByteToWideChar
Sleep
GetExitCodeThread
LeaveCriticalSection
InitializeCriticalSection
FindFirstFileA
CompareStringA
MulDiv

user32

IsRectEmpty
OffsetRect
GetFocus
SetFocus
IsWindowVisible
IntersectRect
GetCapture
RedrawWindow
GetWindow
ShowScrollBar
GetNextDlgTabItem
GetKeyState
IsChild
IsWindow
EqualRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UnhookWindowsHookEx
SetWindowsHookExA
SetRectEmpty
InvertRect
GetDCEx
LockWindowUpdate
GetDesktopWindow
GetLastActivePopup
GetForegroundWindow
DefWindowProcA
GetWindowTextA
GetWindowTextLengthA
TabbedTextOutA
GrayStringA
ShowWindow
DrawStateA
SetWindowPos
WindowFromPoint
GetIconInfo
GetCursor
SetWindowRgn
LoadImageA
CreateIconFromResourceEx
DrawIconEx
CreateIconIndirect
CopyIcon
DestroyIcon
LoadBitmapA
LoadMenuA
LookupIconIdFromDirectoryEx
GetMenuStringW
DrawFocusRect
GetClassLongA
SetCursorPos
UnionRect
MapVirtualKeyA
ShowCaret
HideCaret
GetDlgCtrlID
GetWindowRgn
GetDoubleClickTime
DrawFrameControl
GetTabbedTextExtentA
SetParent
WaitMessage
SetWindowLongA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CallWindowProcA
GetMenuDefaultItem
CopyAcceleratorTableA
IsWindowEnabled
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
GetKeyboardLayout
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperA
IsClipboardFormatAvailable
MessageBoxA
SetMenu
GetMenu
IsZoomed
EndDeferWindowPos
BeginDeferWindowPos
IsDialogMessageA
GetClassNameA
MapWindowPoints
BringWindowToTop
GetDlgItem
GetClipboardFormatNameA
SendMessageTimeoutA
AdjustWindowRectEx
GetMessageA
RegisterClipboardFormatA
SetRect
EnableWindow
SendMessageA
MessageBeep
LoadIconA
SetTimer
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
SetCursor
LoadCursorA
UpdateWindow
SetWindowTextA
PostMessageA
RegisterWindowMessageA
InvalidateRect
wsprintfA
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseDC
GetDC
GetWindowRect
GetCursorPos
ReleaseCapture
SetCapture
GetParent
ClientToScreen
ScreenToClient
DestroyMenu
TrackPopupMenu
CreatePopupMenu
GetSysColor
PtInRect
GetWindowLongA
SystemParametersInfoA
DrawTextA
FillRect
CopyRect
InflateRect
GetSubMenu
IsMenu
GetMenuItemInfoA
DrawEdge
ModifyMenuA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuStringA
CallNextHookEx

gdi32

PatBlt
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
SetPixel
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreatePen
CreateRectRgnIndirect
GetObjectA
CreateFontIndirectA
GetDeviceCaps
CreateSolidBrush
GetViewportOrgEx
GetCurrentObject
GetTextColor
GetPixel
EnumFontFamiliesExA
GetStockObject
Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetBitmapBits
ExtCreateRegion
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
RoundRect
SetBkMode
PtInRegion
CreateRectRgn
GetTextMetricsA
GetViewportExtEx
GetWindowExtEx
Polyline
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
CombineRgn
ExtFloodFill
CreateFontA
CreatePatternBrush
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
CreateCompatibleBitmap

advapi32

CreateServiceA
RegQueryValueExA
RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
ChangeServiceConfigA
QueryServiceStatus
RegOpenKeyExA
CloseServiceHandle
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder

comctl32

ImageList_Draw
_TrackMouseEvent
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Remove
ImageList_AddMasked

ole32

CoCreateInstance
OleRun
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

SysAllocString
OleLoadPicturePath
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysFreeString

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

winmm

PlaySoundA
waveOutGetNumDevs

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/DlxSvcS_n.exe
.exe windows:4 windows x86 arch:x86

89fd0edaec8e018fa275e670a2c835be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

mfc42

ord6283
ord6153
ord4202
ord3178
ord940
ord2781
ord800
ord4058
ord3181
ord1980
ord6407
ord533
ord798
ord5194
ord5465
ord1997
ord2915
ord268
ord5583
ord1567
ord5710
ord3663
ord1832
ord1200
ord861
ord835
ord6282
ord4278
ord923
ord823
ord6877
ord2764
ord354
ord941
ord3790
ord665
ord836
ord3810
ord926
ord939
ord920
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord551
ord3811
ord3337
ord924
ord922
ord356
ord2770
ord668
ord542
ord547
ord2820
ord6569
ord802
ord5622
ord2614
ord2814
ord5933
ord5216
ord537
ord858
ord2818
ord535
ord1105
ord540
ord860

msvcrt

_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
_ultoa
_ltoa
_itoa
wcslen
_iob
calloc
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
tolower
atoi
strtok
free
malloc
strncpy
_gcvt
_CIpow
_mbsicmp
fopen
fprintf
fclose
_access
_mkdir
_ftol
strncmp
_splitpath
_mbscmp
__CxxFrameHandler
_CxxThrowException

kernel32

InterlockedDecrement
Sleep
CreateDirectoryA
CopyFileA
TerminateThread
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesExA
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
GetExitCodeThread
SetEvent
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
WaitForSingleObject
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
LocalAlloc
lstrlenA
FormatMessageA
GetWindowsDirectoryA
GetLastError
GetSystemDirectoryA
RemoveDirectoryA
LocalFree
CreateThread
lstrcpynA
GetVersionExA

user32

DispatchMessageA
TranslateMessage
PostMessageA
RegisterWindowMessageA
MessageBoxA
wsprintfA
PeekMessageA
GetDesktopWindow

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatus
StartServiceA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Server/FCUtil.exe
.exe windows:4 windows x86 arch:x86

7a1cd7e547a3e4b12ad47ee0fef68bfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord1200
ord858
ord939
ord2820
ord1168
ord6117
ord2621
ord1134
ord1199
ord1247
ord2379
ord755
ord470
ord5933
ord1679
ord1773
ord5009
ord5181
ord3593
ord317
ord635
ord1264
ord5200
ord1261
ord940
ord535
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord1787
ord6123
ord4291
ord4099
ord2395
ord5658
ord6322
ord1006
ord2609
ord5947
ord1961
ord4204
ord6877
ord5703
ord5701
ord5697
ord3337
ord1911
ord5699
ord5708
ord798
ord1997
ord6407
ord6010
ord5194
ord2512
ord3703
ord1598
ord1583
ord1600
ord1596
ord6152
ord1868
ord413
ord711
ord4168
ord6302
ord2915
ord4278
ord6283
ord6282
ord4167
ord521
ord6307
ord5651
ord350
ord3663
ord5465
ord3790
ord1832
ord2554
ord4486
ord6375
ord4274
ord354
ord5186
ord665
ord6385
ord2803
ord1979
ord4673
ord268
ord2818
ord2721
ord503
ord5192
ord3466
ord322
ord3168
ord551
ord1994
ord639
ord775
ord1567
ord537
ord823
ord3811
ord941
ord1978
ord540
ord860
ord800
ord4234
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord533
ord5265
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mkdir
_iob
fprintf
calloc
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_access
tolower
_setmbcp
__CxxFrameHandler
strncpy
free
malloc
strtok
strstr
_snprintf
sprintf
_purecall
strncat
clock
_CxxThrowException
_mbscmp
atoi
_controlfp
_getpid
_vsnprintf

kernel32

AllocConsole
CreateFileA
SetStdHandle
GetStdHandle
WriteFile
FreeLibrary
LoadLibraryA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
Sleep
CreateThread
GetLastError
GetModuleHandleA
MultiByteToWideChar
GetWindowsDirectoryA
GetSystemDirectoryA
SetEndOfFile
FlushFileBuffers
GetStartupInfoA
ReleaseMutex
CreateMutexA
lstrcpynA
lstrlenA
CloseHandle
GetCurrentThreadId

user32

GetDesktopWindow
MessageBoxA
EnableWindow
RegisterWindowMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
MessageBeep

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

wsock32

setsockopt
accept
select
inet_ntoa
connect
WSAGetLastError
gethostbyname
closesocket
getpeername
getsockname
WSAAsyncSelect
send
recv
socket
htons
bind
listen
WSAStartup
WSACleanup
ioctlsocket

odbc32

ord54
ord40
ord44

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/HistoryDeleteSecondEdition.exe
.exe windows:4 windows x86 arch:x86

ea9d3104ff64115cc9fb5d963f64c9aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4424
ord6741
ord6508
ord765
ord641
ord860
ord540
ord567
ord324
ord825
ord2302
ord2358
ord2370
ord4234
ord4710
ord2818
ord535
ord922
ord2820
ord3811
ord1200
ord1105
ord2642
ord3092
ord6334
ord6767
ord2645
ord858
ord823
ord2379
ord5710
ord5280
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord616
ord1134
ord2725
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1146
ord1168
ord2289
ord4160
ord2863
ord755
ord470
ord3317
ord4129
ord4202
ord4627
ord1567
ord1270
ord268
ord3663
ord2841
ord2448
ord6877
ord924
ord6283
ord6282
ord4277
ord2764
ord539
ord2044
ord2107
ord3903
ord5450
ord5440
ord6383
ord5834
ord6394
ord1832
ord3126
ord802
ord773
ord542
ord501
ord350
ord1083
ord665
ord603
ord1979
ord1969
ord6404
ord273
ord353
ord941
ord2915
ord1997
ord5465
ord5194
ord798
ord3790
ord533
ord6407
ord4278
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3698
ord3597
ord4425
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord800
ord537
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strtok
tolower
atoi
_iob
fprintf
calloc
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_setmbcp
__CxxFrameHandler
_mbscmp
_mbsnbcpy
_CxxThrowException
strncpy
_controlfp
_access
strrchr
malloc
free
_getpid
??0exception@@QAE@ABV0@@Z

kernel32

GetProcessHeap
HeapAlloc
Process32Next
lstrcpynA
CloseHandle
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetPriorityClass
GetVersionExA
Module32Next
HeapFree
GetModuleHandleA
GetStartupInfoA
OpenProcess
LoadLibraryA
GetProcAddress
ReleaseMutex
CreateMutexA
MultiByteToWideChar
lstrlenA
WaitForSingleObject
Sleep
GetUserDefaultLCID
GetWindowsDirectoryA
Module32First
GetLastError
GetSystemDirectoryA

user32

IsIconic
GetClientRect
DrawIcon
GetSystemMenu
SendMessageA
SetTimer
KillTimer
GetSystemMetrics
PostMessageA
AppendMenuA
LoadIconA
RegisterWindowMessageA
EnableWindow

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/MigrationDB.exe
.exe windows:4 windows x86 arch:x86

28842f989b8774e3fc9b99d97f2c88e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2393
ord4278
ord812
ord6144
ord559
ord5461
ord3452
ord6883
ord6143
ord541
ord4123
ord5856
ord3439
ord2915
ord1997
ord5465
ord5194
ord798
ord3790
ord533
ord859
ord703
ord2454
ord2801
ord403
ord3870
ord6195
ord2740
ord404
ord923
ord536
ord2763
ord6663
ord5583
ord2289
ord3719
ord1576
ord939
ord4204
ord2642
ord2358
ord3610
ord354
ord5186
ord6385
ord6569
ord926
ord551
ord2820
ord3811
ord940
ord3706
ord2859
ord323
ord1640
ord5785
ord640
ord4275
ord609
ord3574
ord4396
ord3571
ord3353
ord6571
ord1105
ord1133
ord6241
ord2301
ord765
ord3698
ord1083
ord350
ord501
ord542
ord773
ord802
ord3126
ord1832
ord5834
ord3903
ord2107
ord2044
ord539
ord2764
ord4277
ord6282
ord6283
ord6877
ord2448
ord2841
ord5594
ord913
ord860
ord4189
ord1270
ord700
ord398
ord2614
ord5683
ord5710
ord4202
ord4129
ord355
ord2515
ord3499
ord268
ord353
ord273
ord6404
ord1969
ord1979
ord603
ord665
ord535
ord1567
ord2818
ord5933
ord2754
ord1641
ord4476
ord5875
ord3092
ord4299
ord470
ord755
ord2379
ord2863
ord4160
ord3874
ord941
ord6199
ord1168
ord1146
ord3573
ord5289
ord1134
ord2621
ord2414
ord3626
ord2725
ord815
ord561
ord3738
ord4622
ord5714
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord6394
ord5450
ord6383
ord5440
ord1200
ord2645
ord656
ord793
ord823
ord2302
ord616
ord567
ord3663
ord3582
ord4424
ord3402
ord5290
ord4398
ord1776
ord6055
ord2578
ord4218
ord2023
ord2411
ord4710
ord922
ord924
ord858
ord6334
ord4234
ord2370
ord825
ord324
ord540
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord800
ord6407
ord537
ord5651
ord5642
ord3619
ord826
ord805
ord3030
ord4021
ord3438
ord912
ord4188
ord2381
ord824
ord3089
ord6880
ord1651
ord2867
ord6197
ord6379
ord2112
ord4284
ord3520
ord6401
ord2463
ord4083
ord3711
ord783
ord1816
ord326
ord6453
ord1269
ord1265
ord6672
ord2814
ord1949
ord4530
ord4544
ord5685
ord3274
ord3579
ord818
ord2623
ord439
ord736
ord2652
ord1669
ord2380
ord6129
ord613
ord289
ord816
ord562
ord1945
ord2864
ord2634
ord6128
ord2860
ord6157
ord6170
ord3138
ord3797
ord5981
ord3752
ord3753
ord5148
ord4694
ord729
ord786
ord2504
ord1706
ord2461
ord519
ord430
ord3174
ord4042
ord5053
ord4287
ord5510
ord1652
ord429
ord5989
ord801
ord845
ord857
ord1259
ord614
ord290
ord3258
ord4003
ord3237
ord1601
ord6605
ord5787
ord3754
ord2753
ord4133
ord4297
ord5788
ord472
ord2567
ord6876
ord6874
ord538
ord6662
ord1799
ord5781
ord3742
ord1233
ord936
ord5216
ord465
ord1770
ord844
ord1572
ord463
ord835
ord699
ord397
ord5593
ord5789
ord6172
ord2452
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord1176
ord2450
ord2233
ord2727
ord2730
ord2729
ord1153
ord6493
ord686
ord2096
ord384
ord3693
ord2405
ord3220
ord6648
ord1171
ord1232
ord5572
ord2919
ord3496
ord764
ord3028
ord1795
ord2714
ord1644
ord4163
ord6442
ord2152
ord4270
ord6467
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord1829
ord6215
ord2089
ord4047
ord2116
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord6380
ord3803
ord1847
ord4124
ord3920
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord882
ord876
ord878
ord879
ord3938
ord4226
ord3884
ord1229
ord2243
ord6242
ord2862
ord4020
ord1262
ord3876
ord6447
ord1000
ord6307
ord521
ord4167

msvcrt

_wtoi
_wcsicmp
abort
_setjmp3
fread
floor
swscanf
wcsncmp
_mbctype
longjmp
_setmbcp
calloc
strchr
strtod
wcsncpy
_wcslwr
wcscmp
_CIpow
wcsstr
wcschr
mbstowcs
_mbsstr
sscanf
qsort
_mbsspnp
strtoul
memmove
_snprintf
__CxxFrameHandler
__set_app_type
ceil
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
sprintf
fprintf
malloc
_iob
strncpy
_mbscmp
_purecall
_mbsnbcpy
_CxxThrowException
atoi
_ftol
wcslen
atof
_mbstok
strrchr
_getpid
_access
_mbsicmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
tolower
strtok
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ

kernel32

ReleaseMutex
CreateMutexA
FindResourceA
LoadResource
LockResource
SetEvent
WaitForMultipleObjects
GetModuleHandleA
HeapFree
HeapDestroy
WaitForSingleObject
HeapCreate
HeapAlloc
GetUserDefaultLCID
MultiByteToWideChar
lstrlenA
InterlockedIncrement
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
GetModuleFileNameA
InitializeCriticalSection
FreeLibrary
GetLastError
VirtualQuery
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
GetLocalTime
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
Sleep
GetProcessHeap
Process32Next
lstrcpynA
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetPriorityClass
GetVersionExA
Module32Next
Module32First
CreateEventA
WideCharToMultiByte
GetWindowsDirectoryA
GetSystemDirectoryA
GetStartupInfoA
LocalSize
GetSystemInfo
VirtualProtect
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetFileAttributesA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetTickCount
ReadFile
lstrcmpA
SizeofResource
GetExitCodeThread
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
ResetEvent
GetOEMCP
GetCPInfo
GetTimeFormatA
GetDateFormatA
GlobalAlloc
GlobalLock
OpenProcess
MulDiv
LocalFree
GlobalUnlock

user32

SetWindowLongW
CallWindowProcA
GetWindowLongW
IsWindowUnicode
GetWindowThreadProcessId
EnumWindows
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColorBrush
SetScrollPos
SetScrollInfo
FillRect
CallWindowProcW
DefWindowProcA
DefWindowProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefMDIChildProcA
DefMDIChildProcW
RegisterClassA
RegisterClassW
DrawFrameControl
DrawMenuBar
TrackPopupMenu
TrackPopupMenuEx
ReleaseDC
GetDesktopWindow
DrawStateA
GetMessageA
GetCapture
GetDCEx
LockWindowUpdate
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
GetSubMenu
LoadMenuA
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageA
GetMenuStringA
GetIconInfo
GetCursor
MapWindowPoints
CreateIconIndirect
CopyIcon
UnionRect
SetClassLongA
GetMenuState
GetMenu
GetMenuItemCount
SetMenuDefaultItem
GetMenuItemInfoA
GetWindowDC
GetMenuItemID
GetMenuDefaultItem
WaitMessage
CreateWindowExA
IsWindowEnabled
MoveWindow
GetDoubleClickTime
GetTabbedTextExtentA
PeekMessageA
MessageBoxA
EndPaint
KillTimer
SetTimer
SetWindowRgn
GetDC
InvalidateRect
LoadBitmapA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
RegisterWindowMessageA
PostMessageA
SendMessageA
EnableWindow
AdjustWindowRectEx
DrawIconEx
GetClassLongA
SendMessageTimeoutA
DrawEdge
EqualRect
WindowFromPoint
ReleaseCapture
SetCapture
mouse_event
DrawFocusRect
InflateRect
InvertRect
IntersectRect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
IsWindowVisible
GetCursorPos
ScreenToClient
ClientToScreen
UpdateWindow
EnableScrollBar
GetParent
SetRect
PtInRect
RegisterClipboardFormatA
DestroyIcon
SetRectEmpty
SetCursor
LoadCursorA
GetWindowLongA
SetWindowLongA
SetWindowPos
IsRectEmpty
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindow
GetWindowRect
CopyRect
OffsetRect
GetWindow
CallNextHookEx
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
SystemParametersInfoA
DispatchMessageA
TranslateMessage
MessageBeep
GetKeyState
BeginPaint
GetScrollInfo

gdi32

GetTextAlign
GetCharWidthA
ExtTextOutW
GetTextExtentPoint32W
OffsetViewportOrgEx
BeginPath
PolyBezierTo
LineTo
MoveToEx
CloseFigure
EndPath
StrokeAndFillPath
FillPath
StrokePath
Polyline
Ellipse
GetWindowExtEx
GetViewportExtEx
CreatePolygonRgn
CreateRectRgn
GetPixel
CombineRgn
GetObjectA
CreateCompatibleDC
BitBlt
CreateSolidBrush
SetBkMode
SelectPalette
CreateDIBitmap
CreatePalette
GetObjectType
DeleteObject
CreateFontIndirectA
GetTextColor
CreateBitmap
StretchBlt
CreateCompatibleBitmap
Polygon
GetTextExtentPoint32A
PatBlt
CreatePatternBrush
GetBkColor
SetPixel
Rectangle
GetTextMetricsA
GetDeviceCaps
GetTextCharsetInfo
OffsetRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
GetClipBox
SetBrushOrgEx
GetBoundsRect
GetDIBits
SetStretchBltMode
SetBkColor
SetTextColor
DeleteDC
ExtCreateRegion
GetBitmapBits
GetStockObject
CreatePen
CreateRectRgnIndirect
SelectObject
CreateDIBSection
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
Escape
GetCurrentPositionEx

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteExA

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetImageInfo
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_Draw
_TrackMouseEvent

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarCmp
OleLoadPicturePath
SysFreeString
SysAllocString
VariantClear
SafeArrayDestroy
GetErrorInfo
VariantChangeTypeEx

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

winmm

PlaySoundA
waveOutGetNumDevs

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 704KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/Patcher.exe
.exe windows:4 windows x86 arch:x86

a3e0f845616322ddfb74532dc1a49bce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord2864
ord1775
ord1175
ord3663
ord6877
ord1576
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord535
ord858
ord823
ord1134
ord2621
ord561
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord860
ord537
ord2818
ord941
ord1228
ord825
ord540
ord800

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
malloc
_stricmp
_setmbcp
__CxxFrameHandler
_except_handler3
strstr
_strlwr
_mbscmp
strncpy
strrchr
clock
free

kernel32

CloseHandle
Process32Next
Sleep
OutputDebugStringA
GetLastError
GetVersionExA
TerminateProcess
GetPriorityClass
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleA
lstrcpynA
GetWindowsDirectoryA
GetStartupInfoA
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
CreateProcessA
DeleteFileA
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
WriteFile
GetModuleFileNameA
CreateFileA

user32

PeekMessageA
GetDesktopWindow
EnableWindow
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
MessageBoxA
RegisterWindowMessageA
PostMessageA
wsprintfA
IsIconic

advapi32

OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle

shell32

SHFileOperationA

wininet

InternetCloseHandle
InternetSetOptionA
HttpOpenRequestA
InternetOpenA
HttpSendRequestA
InternetReadFile
InternetConnectA
InternetQueryOptionA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/PromptExecute.exe
.exe windows:4 windows x86 arch:x86

603fd066a6c02633986fd8515255837a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord1200
ord6877
ord537
ord858
ord860
ord1175
ord535
ord2915
ord1997
ord5465
ord5194
ord3825
ord3790
ord533
ord6407
ord823
ord665
ord354
ord3811
ord2818
ord4278
ord3663
ord922
ord923
ord926
ord6282
ord1832
ord924
ord2820
ord941
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord798
ord4673
ord1576

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
strtok
tolower
strncpy
_mkdir
fopen
fclose
_mbsicmp
atoi
malloc
strstr
__CxxFrameHandler
_setmbcp
wcslen
exit
_strlwr
clock
__setusermatherr
_access
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_iob
fprintf
free
calloc
_CxxThrowException
??0exception@@QAE@ABQBD@Z

kernel32

WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
LocalAlloc
lstrlenA
GetLastError
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleHandleA
GetStartupInfoA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
CloseHandle
Sleep
FormatMessageA
WinExec
LocalFree
Process32Next

user32

wsprintfA
LoadIconA
SendMessageA
EnableWindow
RegisterWindowMessageA
PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
PeekMessageA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

ole32

CoCreateInstance
OleRun
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
VariantChangeType
SysFreeString
VariantInit
VariantClear
VariantCopy
SysAllocString

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Server/Server_n.exe
.exe windows:4 windows x86 arch:x86

4b240af31d404e964055a2b3fad03745

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ws2_32

socket
setsockopt
htons
bind
closesocket
ioctlsocket
recvfrom
sendto
WSASocketA
htonl
ntohs
getservbyport
gethostbyaddr
inet_addr
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup
listen
ntohl
WSAAccept

mfc42

ord3742
ord818
ord4275
ord2784
ord791
ord1995
ord5479
ord2029
ord2077
ord523
ord1247
ord5797
ord967
ord6453
ord668
ord3181
ord3319
ord3178
ord2781
ord2770
ord3180
ord3789
ord3176
ord356
ord6143
ord3507
ord353
ord5861
ord2754
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord1787
ord6123
ord4291
ord1264
ord2395
ord6322
ord1006
ord2609
ord5947
ord1961
ord3466
ord1261
ord1228
ord1816
ord3567
ord3721
ord602
ord2393
ord1148
ord1147
ord4160
ord1168
ord5645
ord5583
ord2301
ord2362
ord6880
ord1106
ord773
ord501
ord639
ord3168
ord322
ord6929
ord4277
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord812
ord815
ord559
ord561
ord2621
ord1199
ord6117
ord5600
ord2725
ord1158
ord6197
ord1768
ord6874
ord6153
ord629
ord1975
ord4295
ord845
ord3164
ord4061
ord4293
ord1572
ord4039
ord5176
ord310
ord5174
ord623
ord304
ord548
ord690
ord5207
ord389
ord609
ord3310
ord6508
ord1832
ord3126
ord2363
ord4284
ord3693
ord6172
ord5788
ord2380
ord5787
ord2776
ord1083
ord5621
ord3619
ord4243
ord3998
ord6741
ord2358
ord2860
ord6767
ord6921
ord3613
ord5607
ord3584
ord543
ord803
ord1679
ord1773
ord5009
ord3593
ord6380
ord2808
ord1988
ord5808
ord5354
ord6869
ord2575
ord4396
ord3574
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord2294
ord4055
ord5807
ord5204
ord3229
ord3097
ord5953
ord1980
ord6255
ord5945
ord5657
ord6075
ord6074
ord3494
ord3493
ord5975
ord5974
ord3167
ord3166
ord3165
ord1744
ord2392
ord6321
ord2608
ord1005
ord2760
ord4289
ord5177
ord5178
ord1809
ord2478
ord2474
ord1911
ord5697
ord5699
ord5708
ord5703
ord5692
ord317
ord635
ord6379
ord6403
ord3522
ord5856
ord6662
ord1868
ord413
ord711
ord4168
ord6302
ord4167
ord521
ord6307
ord1175
ord2078
ord2108
ord2116
ord2152
ord1233
ord283
ord2859
ord3521
ord6402
ord703
ord2454
ord1969
ord2801
ord403
ord3870
ord6195
ord1989
ord2740
ord404
ord923
ord6927
ord4058
ord6779
ord6648
ord1187
ord2405
ord5678
ord6734
ord5736
ord3797
ord4133
ord4297
ord4538
ord384
ord686
ord3302
ord3754
ord6696
ord2862
ord3293
ord6905
ord5715
ord4694
ord5148
ord2582
ord693
ord6888
ord6675
ord3910
ord3996
ord1829
ord4480
ord5821
ord3662
ord414
ord713
ord6141
ord613
ord472
ord3920
ord289
ord5859
ord4083
ord4400
ord3630
ord682
ord5789
ord2567
ord3089
ord6654
ord5053
ord1265
ord6909
ord6720
ord3706
ord1270
ord1232
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord5701
ord5200
ord835
ord861
ord830
ord831
ord539
ord1601
ord349
ord6010
ord3703
ord1598
ord1583
ord1600
ord1596
ord6152
ord536
ord6407
ord533
ord3790
ord798
ord5194
ord5465
ord1997
ord4204
ord6928
ord6930
ord4476
ord5875
ord470
ord323
ord1640
ord5785
ord640
ord755
ord3571
ord836
ord5933
ord542
ord547
ord6569
ord802
ord5622
ord2814
ord3810
ord3408
ord3227
ord3054
ord3425
ord3880
ord1105
ord1641
ord765
ord3698
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord541
ord801
ord2642
ord6215
ord3573
ord795
ord5658
ord926
ord824
ord826
ord4287
ord6605
ord1161
ord4285
ord2566
ord5782
ord1194
ord955
ord293
ord2513
ord5805
ord2120
ord5883
ord2921
ord5884
ord554
ord3730
ord5064
ord1715
ord1710
ord5086
ord4366
ord3295
ord4268
ord1929
ord3175
ord1664
ord3448
ord1146
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord3286
ord6007
ord3874
ord3317
ord2864
ord6199
ord2645
ord2614
ord2044
ord5834
ord5683
ord5970
ord2448
ord922
ord350
ord3616
ord3127
ord5651
ord5181
ord2721
ord1978
ord940
ord924
ord355
ord2515
ord3499
ord4065
ord941
ord939
ord4224
ord3318
ord5442
ord5572
ord2289
ord3092
ord5981
ord859
ord567
ord3610
ord3402
ord4299
ord1200
ord2086
ord2302
ord656
ord2414
ord3626
ord2379
ord4710
ord6334
ord4234
ord2370
ord324
ord641
ord3597
ord4425
ord5261
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3301
ord6907
ord3640
ord4627
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648

msvcrt

_snprintf
_strlwr
strstr
memmove
_mbsicmp
_mbsnbcmp
strncmp
sprintf
_mbscmp
_ftol
atoi
strncpy
__CxxFrameHandler
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
isxdigit
_access
atof
strtok
rand
srand
time
_splitpath
strchr
_CxxThrowException
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_strnicmp
_snwprintf
_mbschr
ceil
qsort
_purecall
_rmdir
_gcvt
wcslen
_ismbcalnum
_ismbcdigit
_ismbcprint
_ismbcalpha
wcscmp
wcsstr
_wcslwr
wcsncpy
free
malloc
mbstowcs
sscanf
strtod
swscanf
_wtoi
wcschr
_wcsicmp
_controlfp
_mbctype
abort
strncat
_CIpow
fclose
fprintf
fopen
_timezone
atol
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
strtol
calloc
_strdup
printf
rename
remove
ftell
fseek
_iob
_strtime
_strdate
fflush
clock
isdigit
_mbsinc
tolower
_getpid
vsprintf
_ismbcspace
modf
strrchr
_mkdir
_vsnprintf
_setmbcp
_ultoa
_ltoa
_itoa
_stricmp
longjmp
_mbsrchr
_mbsnbcpy
wcsncmp
floor
fread
_setjmp3

kernel32

CreateMutexA
SetSystemTime
GetSystemTime
MultiByteToWideChar
GetConsoleCP
WideCharToMultiByte
GetDriveTypeA
LocalAlloc
LocalFree
ReleaseMutex
GetTempFileNameA
RemoveDirectoryA
MoveFileA
CreateEventA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
lstrcatA
GetCurrentThreadId
GetShortPathNameA
MoveFileExA
FindResourceA
LoadResource
SizeofResource
LockResource
lstrlenA
lstrcpynA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentProcessId
SetLastError
GetCurrentThread
DuplicateHandle
GetModuleFileNameA
SetUnhandledExceptionFilter
GetCurrentProcess
ReadProcessMemory
VirtualQuery
FormatMessageA
DeleteCriticalSection
GetQueuedCompletionStatus
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryA
GetVersionExA
SetThreadPriority
InitializeCriticalSection
WinExec
CreateThread
OutputDebugStringA
DeleteFileA
ResumeThread
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
IsDBCSLeadByte
GetFileAttributesExA
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
CreateDirectoryA
CopyFileA
GetExitCodeThread
CreateProcessA
WaitForSingleObject
TerminateProcess
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetPriorityClass
CloseHandle
Sleep
Process32Next
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetTickCount
InterlockedDecrement
CreateIoCompletionPort
InterlockedIncrement
lstrlenW
GlobalUnlock
GlobalLock
MulDiv
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetLocaleInfoA
SetFilePointer
GetCPInfo
GetOEMCP
ResetEvent
TerminateThread
SetEvent
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
LoadLibraryExA
lstrcmpA
GetPrivateProfileSectionNamesA
SetFileAttributesA
CompareStringA
GetVersion
GetWindowsDirectoryA
GetNumberFormatA
lstrcmpiA
Module32Next
Module32First
GetStdHandle
SetStdHandle
AllocConsole
SetEndOfFile
CreateFileA
FlushFileBuffers
WriteFile
ReadFile
GetComputerNameA
GetVolumeInformationA
GetDiskFreeSpaceA
GetProfileStringA
GlobalFree
GlobalAlloc
GlobalMemoryStatus
GetSystemInfo
GetLogicalDrives
SetErrorMode
GetSystemPowerStatus
GetACP
GetProcessAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
GetStartupInfoA
GetTempPathA
GetThreadPriority

user32

GetDlgCtrlID
RegisterWindowMessageA
MessageBeep
GetDesktopWindow
GetCursorPos
GetWindowRect
GetClientRect
RedrawWindow
EnableMenuItem
GetSubMenu
LoadMenuA
MessageBoxA
UpdateWindow
LoadBitmapA
InvalidateRect
LoadIconA
DrawIcon
GetSystemMetrics
IsIconic
SetCursor
LoadCursorA
GetKeyState
FindWindowA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetForegroundWindow
AppendMenuA
InsertMenuA
CheckMenuItem
GetFocus
PostQuitMessage
DrawStateA
GetClassNameA
ReleaseDC
GetDC
MsgWaitForMultipleObjects
SystemParametersInfoA
GetSysColor
IsWindowVisible
PtInRect
FindWindowExA
FillRect
LockWindowUpdate
DrawFocusRect
CopyRect
OffsetRect
GetNextDlgTabItem
GetParent
SetRectEmpty
InvertRect
InflateRect
ClientToScreen
ScreenToClient
ClipCursor
GetClipCursor
ReleaseCapture
GetCapture
SetCapture
GetWindowLongA
DefWindowProcA
GetClassInfoA
SetWindowRgn
TabbedTextOutA
DrawTextA
GrayStringA
EnumDisplaySettingsA
GetWindowDC
IsWindow
wsprintfA
SendMessageA
EnableWindow
SetTimer
PostMessageA
KillTimer
LoadImageA
RegisterClipboardFormatA
IsRectEmpty
SetFocus
IntersectRect
GetWindow
ShowScrollBar
IsChild
EqualRect
ShowWindow
SetWindowPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetDCEx
GetDialogBaseUnits
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
GetClipboardData
ShowCaret
HideCaret
CreateIconFromResourceEx
DrawIconEx
GetIconInfo
CreateIconIndirect
CopyIcon
DestroyIcon
WindowFromPoint
GetCursor
LookupIconIdFromDirectoryEx
GetMenuStringW
GetMenuStringA
LoadMenuIndirectA
GetClassLongA
SetCursorPos
IsClipboardFormatAvailable
GetMenuItemID
GetMenuItemCount
DrawEdge
GetSysColorBrush
UnionRect
CopyImage
GetMenuItemInfoA
IsMenu
MapVirtualKeyA
GetWindowRgn
GetTopWindow
WaitMessage
SetParent
DrawFrameControl
GetDoubleClickTime
GetTabbedTextExtentA
SetWindowLongA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CallWindowProcA
GetMenuDefaultItem
CopyAcceleratorTableA
LoadAcceleratorsA
IsWindowEnabled
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
GetKeyboardLayout
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperA
SetActiveWindow
GetActiveWindow
EndDeferWindowPos
BeginDeferWindowPos
SetMenu
GetMenuState
GetSystemMenu
GetMenu
SetClassLongA
BringWindowToTop
MoveWindow
DeferWindowPos
IsDialogMessageA
MapWindowPoints
GetDlgItem
CreatePopupMenu
GetScrollInfo
SendMessageTimeoutA
IsZoomed
GetClipboardFormatNameA
AdjustWindowRectEx
SetRect

gdi32

GetTextColor
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetCurrentPositionEx
GetTextAlign
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
CreateFontA
StretchDIBits
ExtFloodFill
GetWindowOrgEx
GetRgnBox
OffsetViewportOrgEx
CreateICA
DeleteDC
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePolygonRgn
CreateRectRgn
CombineRgn
GetCurrentObject
SelectObject
SetPixel
CreateCompatibleBitmap
GetStockObject
PatBlt
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
CreateFontIndirectA
Rectangle
CreatePen
GetObjectA
CreateCompatibleDC
BitBlt
CreateSolidBrush
BeginPath
PolyBezierTo
LineTo
MoveToEx
CloseFigure
EndPath
StrokeAndFillPath
FillPath
StrokePath
Polyline
Ellipse
GetWindowExtEx
GetViewportExtEx
PtInRegion
SetBkMode
GetBkColor
CreatePatternBrush
RoundRect
ExtCreateRegion
GetBitmapBits
GetDIBits
SetStretchBltMode
CreateDIBSection
SetBkColor
SetTextColor
CreateBitmap
StretchBlt
Polygon
EnumFontFamiliesExA
CreateRectRgnIndirect
GetPixel
GetViewportOrgEx

comdlg32

GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
EnumPrintersA
GetPrinterA

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
CloseServiceHandle
RegOpenKeyExA
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
ControlService
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
GetUserNameA
RegQueryValueA
RegEnumKeyExA
RegDeleteValueA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHAppBarMessage
ShellExecuteA

comctl32

ImageList_Draw
ImageList_DrawEx
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetIcon
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
PropertySheetA
ImageList_Remove
ImageList_GetIconSize

ole32

OleUninitialize
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
OleInitialize
CoCreateGuid

oleaut32

VariantCopy
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetElement
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SafeArrayCreateVector
VariantChangeTypeEx
GetErrorInfo
SetErrorInfo
CreateErrorInfo
OleLoadPicturePath
VariantInit

urlmon

URLDownloadToFileA

odbc32

ord40
ord44
ord54
ord72
ord48
ord49
ord26
ord13
ord4
ord18
ord11
ord75
ord24
ord9
ord8
ord31
ord36
ord41
ord7
ord43
ord20
ord16

wsock32

WSAAsyncSelect
getsockname
connect
send
getpeername
WSAGetLastError
select
recv

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@H@Z
?openprot@filebuf@@2HB
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??0ofstream@@QAE@XZ
?flush@ostream@@QAEAAV1@XZ
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ofstream@@QAE@PBDHH@Z

winmm

timeBeginPeriod
timeGetTime
PlaySoundA
timeGetDevCaps
timeSetEvent
waveOutGetNumDevs

wininet

InternetQueryOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetSetStatusCallback
InternetErrorDlg
HttpQueryInfoA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCloseHandle

iphlpapi

GetTcpTable

netapi32

Netbios

imm32

ImmAssociateContext

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 648KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

60:bc:96:28:82:a4:9f:9b:c4:38:56:68:30:d4:72:adCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 15KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

a49b0342971aa199fc6349725b90146d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 910B

.data Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 250B

8f8903f37ca33b5581c58609d6b13e24

Headers

File Characteristics

Imports

mfc42

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

60:bc:96:28:82:a4:9f:9b:c4:38:56:68:30:d4:72:ad
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 250B

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 28KB - Virtual size: 26KB

.rsrc
Size: 108KB - Virtual size: 104KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 188KB - Virtual size: 184KB

.data
Size: 56KB - Virtual size: 2.8MB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 8KB