8b285600e1516c3fb1e55a6e6c5d12e3

Sharing

Copy URL Twitter E-mail

General

Target

8b285600e1516c3fb1e55a6e6c5d12e3
Size

828KB
MD5

8b285600e1516c3fb1e55a6e6c5d12e3
SHA1

fd2b98a3ae2c5d6370f6f4e74765a83f10a25db8
SHA256

b6c519ec5cf2433a67408bcece7b246bddb1a7dba7093dcac10539873c46639d
SHA512

5c9f3525b5abfb46697c327ef0cf90c44f1dbe10a12bdcd82b92f34c56f79591b48368d17eace5cb256b19a3eb5bef1d18ad99815f2dd48f0676887747376790
SSDEEP

24576:d8rfP/1Thzun1UCbWwEa6TK6MIAEHmCY3:d8TWn13bUa6TKWAEGT

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/155/Expands/Expand1_Bank/ExpandBank.dll
unpack001/155/Expands/Expand2_IE/ExpandIE.dll
unpack001/155/Expands/Expand3_Game/ExpandGame.dll
unpack001/155/Expands/Expand4_Map/ExpandMap.dll
unpack001/155/Expands/Expand4_Map/ScreenCrop.exe
unpack001/155/Expands/Expand5_115/Expand115.dll
unpack001/155/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/155/uninst.exe	nsis_installer_1
static1/unpack001/155/uninst.exe	nsis_installer_2

Files

8b285600e1516c3fb1e55a6e6c5d12e3
.rar
155/115br.exe
.exe windows:4 windows x86 arch:x86

49587ecd3d2d3fb012410f00b38e75b7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2011, 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=WoSign Class 3 Code Signing,O=广东雨林木风计算机科技有限公司,L=东莞市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

63:18:0e:53:88:4a:14:d6:2b:f3:c1:f2:2b:54:1d:8a:05:3a:4d:02
Signer

Actual PE Digest

63:18:0e:53:88:4a:14:d6:2b:f3:c1:f2:2b:54:1d:8a:05:3a:4d:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringA
OutputDebugStringA
LocalFree
FormatMessageW
CompareStringW
GetSystemTime
MulDiv
FreeLibrary
GetLocalTime
GetTickCount
DeviceIoControl
CreateFileA
FreeResource
ResetEvent
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenEventW
CreateMutexW
IsBadReadPtr
ExpandEnvironmentStringsW
TerminateThread
SystemTimeToFileTime
SetLastError
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcessId
IsBadWritePtr
ExitProcess
GetModuleFileNameA
Process32FirstW
Process32NextW
GetSystemDefaultLCID
GlobalHandle
TlsFree
TlsAlloc
HeapDestroy
lstrcpynA
WinExec
InterlockedExchange
LocalAlloc
GetStartupInfoW
GetLastError
HeapAlloc
GetFileSize
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
GetWindowsDirectoryW
GetProcessHeap
HeapFree
GetTempPathW
DeleteFileW
CreateDirectoryW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileStringW
SetEvent
CreateEventW
ResumeThread
SetThreadPriority
WaitForSingleObject
CopyFileW
CloseHandle
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
lstrcpyW
WritePrivateProfileStringW
Sleep
VirtualProtect
VirtualQuery
lstrcmpiA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetProcAddress
LoadLibraryExW
LoadLibraryExA
lstrcmpW
LoadLibraryW
LoadLibraryA
GetModuleHandleA
OutputDebugStringW
DebugBreak
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
lstrcmpiW
TlsSetValue
TlsGetValue
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
ReadFile
RaiseException

user32

SetFocus
ShowWindow
IsWindow
LoadStringW
GetWindowTextW
UnhookWindowsHookEx
DefWindowProcW
SetTimer
DrawIconEx
BeginPaint
GetClipboardData
EndPaint
InvalidateRect
SendMessageW
GetParent
DestroyMenu
TrackPopupMenu
GetCursorPos
IsWindowVisible
GetKeyState
KillTimer
GetSubMenu
LoadMenuW
GetMonitorInfoW
LoadIconW
MonitorFromPoint
CallWindowProcW
DestroyWindow
SetMenuItemInfoW
EndDialog
SetWindowPos
GetMenuItemInfoW
SetMenuDefaultItem
LoadStringA
DialogBoxIndirectParamW
MessageBoxA
DrawFrameControl
DrawEdge
GetDlgItem
GetSysColorBrush
CheckMenuItem
OpenClipboard
EmptyClipboard
SetLayeredWindowAttributes
GetDesktopWindow
CopyRect
GetWindowTextLengthW
SetWindowTextW
ClientToScreen
wvsprintfW
CharNextW
CharLowerW
DestroyIcon
SetForegroundWindow
BringWindowToTop
GetWindowThreadProcessId
RedrawWindow
SendMessageTimeoutW
GetWindowDC
UpdateLayeredWindow
FillRect
SetWindowsHookExW
PostThreadMessageW
CallNextHookEx
CharUpperW
GetClassNameW
PostMessageW
RegisterWindowMessageW
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetClipboardData
CloseClipboard
GetMessageExtraInfo
SetDlgItemTextW
GetFocus
MessageBoxW
GetDlgItemTextW
MoveWindow
LoadImageW
ScreenToClient
DialogBoxParamW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
SetWindowLongW
GetMessagePos
CreateWindowExW
GetPropW
SetPropW
RemovePropW
IsMenu
GetMenuItemID
InsertMenuW
SetMenuInfo
TrackPopupMenuEx
GetMenuStringW
RegisterClipboardFormatW
CreateDialogParamW
RemoveMenu
PeekMessageW
GetSystemMenu
UnregisterHotKey
RegisterHotKey
CopyIcon
GetClassLongW
SetClassLongW
MonitorFromWindow
SetWindowRgn
GetSystemMetrics
LockWindowUpdate
DeleteMenu
DrawStateW
mouse_event
CreatePopupMenu
AppendMenuW
GetMenuItemCount
ModifyMenuW
IsIconic
SetScrollInfo
FrameRect
InflateRect
IsWindowEnabled
DrawFocusRect
DrawTextW
GetDlgCtrlID
MessageBeep
GetCapture
UpdateWindow
IsDlgButtonChecked
EqualRect
FindWindowW
EnableWindow
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
SetRect
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowExW
EnumChildWindows
GetForegroundWindow
WindowFromPoint
IsChild
EnableMenuItem
GetActiveWindow
PostQuitMessage
ReleaseDC
SetCursor
ReleaseCapture
SetCapture
GetDC
PtInRect
OffsetRect
SetRectEmpty
IsRectEmpty

gdi32

PatBlt
CreateBitmap
SetBrushOrgEx
EnumFontsW
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
CreateDCW
CreateRoundRectRgn
CombineRgn
GetTextExtentPoint32W
CreatePen
MoveToEx
LineTo
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateDIBSection
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetTextColor
SetBkMode
GetStockObject
CreatePatternBrush
CreateFontW
DPtoLP
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
GetUserNameW
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetSidIdentifierAuthority

shell32

SHGetPathFromIDListW
SHFileOperationW
Shell_NotifyIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoW
DragQueryFileW
SHCreateDirectoryExW
SHGetFolderLocation
SHBrowseForFolderW
ord155
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
DoDragDrop
CoGetObject
OleInitialize
OleUninitialize
StringFromGUID2
CoGetMalloc
ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleRun

oleaut32

SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SetErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
SysFreeString
GetErrorInfo
CreateErrorInfo

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_AddMasked

urlmon

UrlMkSetSessionOption
CoInternetGetSession

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathIsDirectoryW
PathRemoveFileSpecW
StrRetToStrW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathFindFileNameW
PathFileExistsW
PathFindFileNameA
SHGetValueW
PathMatchSpecW
PathFindExtensionW

gdiplus

GdipSetSmoothingMode
GdipDrawLinesI
GdipSetSolidFillColor
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreatePen1
GdipSetPageUnit
GdipDrawLineI
GdipDeletePen
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipCloneBrush
GdipCreateStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetPenStartCap
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipMeasureString
GdipFree
GdipGetDC
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipDisposeImage
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDeleteFont
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC2
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipSetPenMode
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGraphicsClear
GdiplusShutdown
GdipImageRotateFlip
GdiplusStartup
GdipSetStringFormatLineAlign

netapi32

Netbios

msvcrt

wcscmp
wcsstr
memcpy
??2@YAPAXI@Z
free
realloc
memmove
memset
wcspbrk
wcslen
iswdigit
_wtoi
wcschr
wcsncmp
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
swprintf
_itow
_CxxThrowException
memcmp
wcsncpy
_purecall
wcscat
_wcsicmp
_snwprintf
_ftol
_vsnprintf
strlen
_strtime
strcat
_strdate
_wcsrev
malloc
fopen
fclose
fwrite
ftell
fseek
_wtol
abs
fputs
_snprintf
wcsrchr
wcsncat
iswspace
sprintf
strncpy
strcpy
qsort
fgets
wcscpy
wcstol
fread
_wfopen
_strlwr
strncat
sqrt
isspace
isalnum
time
_wcsicoll
_beginthread
_wcsupr
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler

imagehlp

ImageDirectoryEntryToData

setupapi

SetupIterateCabinetW

dsound

ord1

winmm

waveOutWrite

rpcrt4

UuidCreateSequential

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
155/115聚合搜索.lnk
.lnk
155/DownLoad.xml
.xml
155/Expands/Expand1_Bank/Expand.ini
155/Expands/Expand1_Bank/ExpandBank.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f7db85f16581a03bd507d846d9ec35aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
lstrlenW
DisableThreadLibraryCalls
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

AppendMenuW
TrackPopupMenuEx
LoadIconW
CreatePopupMenu
DestroyIcon

atl

ord57
ord18
ord15
ord21
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PushBtn
SendFunList

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/Expand1_Bank/bank.png
.png
155/Expands/Expand2_IE/Expand.ini
155/Expands/Expand2_IE/ExpandIE.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7e8797f6fe3e06e0e4f3ff34505ba04a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

shell32

ShellExecuteW

atl

ord57
ord18
ord15
ord21
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PushBtn
SendFunList

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/Expand2_IE/ie.png
.png
155/Expands/Expand3_Game/Expand.ini
155/Expands/Expand3_Game/ExpandGame.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f7db85f16581a03bd507d846d9ec35aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
lstrlenW
DisableThreadLibraryCalls
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

AppendMenuW
TrackPopupMenuEx
LoadIconW
CreatePopupMenu
DestroyIcon

atl

ord57
ord18
ord15
ord21
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PushBtn
SendFunList

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/Expand3_Game/game.png
.png
155/Expands/Expand4_Map/Expand.ini
155/Expands/Expand4_Map/ExpandMap.dll
.dll regsvr32 windows:4 windows x86 arch:x86

19c09cf17fb839c71d07f3ea1ac4935a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
InterlockedDecrement
GetStringTypeExW
GetThreadLocale
GetVersionExW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemInfo
HeapAlloc
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress

user32

LoadStringW
wvsprintfW
DestroyIcon
CreatePopupMenu
AppendMenuW
TrackPopupMenuEx
ShowWindow
LoadIconW
CharNextW

shell32

ShellExecuteW

atl

ord57
ord18
ord15
ord21
ord16

shlwapi

PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PushBtn
SendFunList

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/Expand4_Map/ScreenCrop.exe
.exe windows:5 windows x86 arch:x86

f9f501d2783736c6a6bf985f027a7dec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
HeapSize
WideCharToMultiByte
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
InterlockedDecrement
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapReAlloc
HeapCreate
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
lstrcmpiW
LoadLibraryExW
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetLastError
GetCurrentProcess
FlushInstructionCache
SetLastError
lstrcpynW
GetVersionExW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
RaiseException
GetProfileIntW
DeleteCriticalSection
GetCurrentThreadId
FindResourceW
LoadResource
FreeResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
GlobalFree
GetOEMCP
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

SetRectEmpty
InflateRect
SetCursor
GetCursorPos
PtInRect
SetRect
ReleaseCapture
DispatchMessageW
GetMessageW
GetCapture
EqualRect
SendMessageW
GetWindowRect
ScreenToClient
LoadCursorW
ReleaseDC
UpdateWindow
GetDCEx
SetCapture
ShowWindow
GetActiveWindow
DefWindowProcW
DestroyWindow
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
CopyRect
GetDC
BeginPaint
GetParent
SetWindowLongW
FillRect
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendDlgItemMessageW
EndPaint
UnregisterClassA
EndDialog
DialogBoxParamW
wvsprintfW
CharNextW
InvalidateRgn

gdi32

CreateRectRgnIndirect
CreateRectRgn
GetPixel
CreateSolidBrush
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
SetWindowExtEx
GetViewportExtEx
SetViewportExtEx
CreateDCW
GetDeviceCaps
BitBlt
SetViewportOrgEx
DeleteDC
SetBkColor
ExtTextOutW
PatBlt
Rectangle
SetWindowOrgEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreatePen
SelectObject
GetStockObject
UnrealizeObject
CreateBitmap
CreatePatternBrush
DeleteObject
CombineRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipDeletePen
GdipGetPenBrushFill
GdipDeleteBrush
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipDrawImageRectRect
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImagePointRectI
GdipFillRectangleI
GdipCreateFromHDC
GdipGetPenFillType
GdipCloneBrush

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/Expand4_Map/map.png
.png
155/Expands/Expand5_115/115.png
.png
155/Expands/Expand5_115/Expand.ini
155/Expands/Expand5_115/Expand115.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f7db85f16581a03bd507d846d9ec35aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
lstrlenW
DisableThreadLibraryCalls
HeapReAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

AppendMenuW
TrackPopupMenuEx
LoadIconW
CreatePopupMenu
DestroyIcon

atl

ord57
ord18
ord15
ord21
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PushBtn
SendFunList

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
155/Expands/ExpandIni.ini
155/Expands/Expand_common_btn.png
.png
155/Expands/Expand_select_btn.png
.png
155/History.cache
.xml
155/IcoCache/www.52117.com_favicon.ico
155/IcoCache/www.baidu.com_favicon.ico
155/IcoCache/www.soft155.com_favicon.ico
155/IcoCache/www.taobao.com_favicon.ico
155/LocalFav.xml
.xml
155/Recent.ini
155/ThumbnailCache/u.115.com.jpeg
.jpg
155/ThumbnailCache/www.114la.com.jpeg
.jpg
155/ThumbnailCache/www.915.com.jpeg
.jpg
155/ThumbnailCache/www.xiazaiba.com.jpeg
.jpg
155/cfg.ini
155/except.log
155/html/404error.html
.html .js polyglot
155/html/config.html
.js
155/html/error.html
.html .js polyglot
155/html/last.html
.html .js polyglot
155/html/start.html
.html .js polyglot
155/html/static/css/config.css
155/html/static/css/last.css
155/html/static/css/reset.css
155/html/static/css/start.css
155/html/static/images/115.gif
.gif
155/html/static/images/194x136.jpg
.jpg
155/html/static/images/baidu.gif
.gif
155/html/static/images/c_btn.png
.png
155/html/static/images/c_left.png
.png
155/html/static/images/c_left_bg.png
.png
155/html/static/images/c_line.png
.png
155/html/static/images/c_plug.png
.png
155/html/static/images/c_top.png
.png
155/html/static/images/google.gif
.gif
155/html/static/images/mouse/MouseGesture_0.png
.png
155/html/static/images/mouse/MouseGesture_1.png
.png
155/html/static/images/mouse/MouseGesture_10.png
.png
155/html/static/images/mouse/MouseGesture_11.png
.png
155/html/static/images/mouse/MouseGesture_12.png
.png
155/html/static/images/mouse/MouseGesture_13.png
.png
155/html/static/images/mouse/MouseGesture_14.png
.png
155/html/static/images/mouse/MouseGesture_15.png
.png
155/html/static/images/mouse/MouseGesture_16.png
.png
155/html/static/images/mouse/MouseGesture_17.png
.png
155/html/static/images/mouse/MouseGesture_18.png
.png
155/html/static/images/mouse/MouseGesture_19.png
.png
155/html/static/images/mouse/MouseGesture_2.png
.png
155/html/static/images/mouse/MouseGesture_3.png
.png
155/html/static/images/mouse/MouseGesture_4.png
.png
155/html/static/images/mouse/MouseGesture_5.png
.png
155/html/static/images/mouse/MouseGesture_6.png
.png
155/html/static/images/mouse/MouseGesture_7.png
.png
155/html/static/images/mouse/MouseGesture_8.png
.png
155/html/static/images/mouse/MouseGesture_9.png
.png
155/html/static/images/mp3.gif
.gif
155/html/static/images/pic.gif
.gif
155/html/static/images/s_add.png
.png
155/html/static/images/s_bg.png
.png
155/html/static/images/s_btn.png
.png
155/html/static/images/s_con.png
.png
155/html/static/images/s_form.png
.png
155/html/static/images/s_ico.png
.png
155/html/static/images/s_ico_bg.png
.png
155/html/static/images/s_last.png
.png
155/html/static/images/s_load.gif
.gif
155/html/static/images/s_test_204_127.png
.png
155/html/static/images/s_top.png
.png
155/html/static/images/taobao.gif
.gif
155/html/static/images/video.gif
.gif
155/html/static/images/zhidao.gif
.gif
155/html/static/js/suggest.js
.js
155/setting.ini
155/skin/default/add.png
.png
155/skin/default/addr_go.png
.png
155/skin/default/addr_goframe.png
.png
155/skin/default/addr_history.png
.png
155/skin/default/addr_hover_left.png
.png
155/skin/default/addr_hover_right.png
.png
155/skin/default/addr_left.png
.png
155/skin/default/addr_right.png
.png
155/skin/default/addr_safe.png
.png
155/skin/default/addr_stop.png
.png
155/skin/default/ani_download.gif
.gif
155/skin/default/ani_webfav.gif
.gif
155/skin/default/arrow_down.png
.png
155/skin/default/arrow_up.png
.png
155/skin/default/bg.png
.png
155/skin/default/bitmap_fav.bmp
155/skin/default/bitmap_nodes.bmp
155/skin/default/bitmap_page.bmp
155/skin/default/bottom_left.PNG
.png
155/skin/default/bottom_right.PNG
.png
155/skin/default/button_bg.png
.png
155/skin/default/button_close.png
.png
155/skin/default/button_maxi.png
.png
155/skin/default/button_menu_bg.png
.png
155/skin/default/button_mini.png
.png
155/skin/default/button_restore.png
.png
155/skin/default/change_skin.png
.png
155/skin/default/chevron.png
.png
155/skin/default/close-tab.png
.png
155/skin/default/date.png
.png
155/skin/default/del.png
.png
155/skin/default/download_close.png
.png
155/skin/default/edit.png
.png
155/skin/default/edit_left.png
.png
155/skin/default/edit_right.png
.png
155/skin/default/filtrate.png
.png
155/skin/default/frame_left.png
.png
155/skin/default/frame_right.PNG
.png
155/skin/default/loading.png
.png
155/skin/default/move_tab.png
.png
155/skin/default/no_trace.png
.png
155/skin/default/page.png
.png
155/skin/default/pluginbar_bg.png
.png
155/skin/default/progress_bg.png
.png
155/skin/default/progress_fw.png
.png
155/skin/default/scrollbar_bg.png
.png
155/skin/default/scrollbar_thumb.png
.png
155/skin/default/search.png
.png
155/skin/default/search_botton.png
.png
155/skin/default/search_choose.png
.png
155/skin/default/side_band_top_bg.png
.png
155/skin/default/side_favorite.png
.png
155/skin/default/side_grip.png
.png
155/skin/default/side_history.png
.png
155/skin/default/side_leftband.png
.png
155/skin/default/side_top_bg.png
.png
155/skin/default/side_top_close.png
.png
155/skin/default/side_top_fixed.png
.png
155/skin/default/side_top_moved.png
.png
155/skin/default/site.png
.png
155/skin/default/skin.ini
155/skin/default/status_bg.png
.png
155/skin/default/status_curpage.png
.png
155/skin/default/status_download.png
.png
155/skin/default/status_loading.png
.png
155/skin/default/status_netuser.png
.png
155/skin/default/status_newpage.png
.png
155/skin/default/status_nonetuser.png
.png
155/skin/default/status_nosound.png
.png
155/skin/default/status_ok.png
.png
155/skin/default/status_sound.png
.png
155/skin/default/tab_add.png
.png
155/skin/default/tab_all.png
.png
155/skin/default/tab_background.png
.png
155/skin/default/tab_item.png
.png
155/skin/default/tab_left.png
.png
155/skin/default/tab_right.png
.png
155/skin/default/tab_sidebarbutton.png
.png
155/skin/default/tool_back.PNG
.png
155/skin/default/tool_browsermode.png
.png
155/skin/default/tool_forward.PNG
.png
155/skin/default/tool_home.PNG
.png
155/skin/default/tool_refresh.png
.png
155/skin/default/tool_restore.png
.png
155/skin/default/tool_showmenu.png
.png
155/skin/default/webzoom.png
.png
155/skin/default/上.png
.png
155/skin/default/下.png
.png
155/skin/default/换肤.png
.png
155/skin/default/高亮.png
.png
155/uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

49587ecd3d2d3fb012410f00b38e75b7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

63:18:0e:53:88:4a:14:d6:2b:f3:c1:f2:2b:54:1d:8a:05:3a:4d:02Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

shlwapi

gdiplus

netapi32

msvcrt

imagehlp

setupapi

dsound

winmm

rpcrt4

version

psapi

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 64KB - Virtual size: 68KB

.rsrc Size: 68KB - Virtual size: 67KB

f7db85f16581a03bd507d846d9ec35aa

Headers

File Characteristics

Imports

kernel32

user32

atl

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 3KB

7e8797f6fe3e06e0e4f3ff34505ba04a

Headers

File Characteristics

Imports

kernel32

shell32

atl

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

f7db85f16581a03bd507d846d9ec35aa

Headers

File Characteristics

Imports

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

63:18:0e:53:88:4a:14:d6:2b:f3:c1:f2:2b:54:1d:8a:05:3a:4d:02
Signer

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 68KB - Virtual size: 67KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 4KB - Virtual size: 3KB