8e4342300efa0320f7c742008bf1c29a

Sharing

Copy URL

Twitter E-mail

General

Target

8e4342300efa0320f7c742008bf1c29a
Size

423KB
MD5

8e4342300efa0320f7c742008bf1c29a
SHA1

816344140e2da5666179e0974b36b0a7481685fe
SHA256

3d21dfa9f199f495aa956ac9dab889a5e95db2508dcf65ccc131346037288859
SHA512

aa590c7a52174a36b961a0d00cdb4a46bca0e89e06a358ce8bda64a96bbf0e32b618fcb3bfec97fa4b9e086ea1cef753d92a633375e09766344fe800de572524
SSDEEP

12288:/ajV68wUELK5YqYMM/XIS4xMhaB8Dd8HhRNJf0haT:/a9wUFrE4S4hB8d8lJf0w

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/35256345/Appendix/BroadCast/MultiCastChat.exe
unpack001/35256345/Appendix/NetAnts/Download.exe
unpack001/35256345/Appendix/chat/NetClient.exe
unpack001/35256345/Appendix/chat/NetServer.exe
unpack001/35256345/chap2/Local/Chapter5.exe

Files

8e4342300efa0320f7c742008bf1c29a
.rar
35256345/Appendix/BroadCast/AddDialog.cpp
35256345/Appendix/BroadCast/AddDialog.h
35256345/Appendix/BroadCast/CntrItem.cpp
35256345/Appendix/BroadCast/CntrItem.h
35256345/Appendix/BroadCast/MainFrm.cpp
35256345/Appendix/BroadCast/MainFrm.h
35256345/Appendix/BroadCast/MultiCast.cpp
35256345/Appendix/BroadCast/MultiCast.h
35256345/Appendix/BroadCast/MultiCastChat.aps
35256345/Appendix/BroadCast/MultiCastChat.clw
35256345/Appendix/BroadCast/MultiCastChat.cpp
35256345/Appendix/BroadCast/MultiCastChat.dsp
35256345/Appendix/BroadCast/MultiCastChat.dsw
35256345/Appendix/BroadCast/MultiCastChat.exe
.exe windows:4 windows x86 arch:x86

8a435ef01258714df38be46a9c14eb9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4710
ord2514
ord6052
ord4998
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2363
ord2370
ord4234
ord823
ord1915
ord6571
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2957
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4389
ord4669
ord4490
ord4345
ord4338
ord1730
ord4647
ord5022
ord4495
ord4492
ord4512
ord4962
ord4655
ord4382
ord972
ord2059
ord4645
ord2548
ord5508
ord5957
ord4037
ord3268
ord3353
ord4622
ord4424
ord5824
ord512
ord780
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord642
ord674
ord554
ord529
ord327
ord366
ord807
ord2494
ord2627
ord2626
ord2087
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord3663
ord2915
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord4376
ord4853
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord5914
ord520
ord4159
ord6117
ord5265
ord1134
ord1199
ord1205
ord5122
ord4563
ord5092
ord1917
ord4254
ord3853
ord4957
ord4861
ord4826
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord4652
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3515
ord6345
ord5627
ord1003
ord3449
ord3788
ord3251
ord4697
ord3060
ord3066
ord6336
ord2510
ord2542
ord5245
ord5742
ord1747
ord5577
ord3172
ord5654
ord4423
ord4956
ord4860
ord2403
ord4387
ord3454
ord3198
ord6032
ord4093
ord6082
ord6177
ord3261
ord3280
ord4623
ord4430
ord514
ord748
ord4825
ord5827
ord2818
ord939
ord537
ord535
ord941
ord6199
ord3874
ord3092
ord2864
ord4614
ord4613
ord1918
ord4261
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord3282
ord4432
ord5828
ord515
ord813
ord640
ord654
ord5257
ord5937
ord4722
ord2535
ord2371
ord4504
ord6136
ord6134
ord3876
ord5302
ord5300
ord2621
ord1168
ord1576

msvcrt

__p__fmode
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_exit
_XcptFilter
__set_app_type
_setmbcp
_controlfp
__dllonexit
_mbscmp
__CxxFrameHandler
__p__commode
_except_handler3
_onexit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

UpdateWindow
EnableWindow
SendMessageA
GetParent

ws2_32

WSARecvFrom
bind
htons
setsockopt
WSASocketA
WSASendTo
WSAGetLastError
WSAIoctl
WSAStartup
WSACleanup
WSAStringToAddressA
WSAJoinLeaf
WSAAsyncSelect

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
35256345/Appendix/BroadCast/MultiCastChat.h
35256345/Appendix/BroadCast/MultiCastChat.ncb
35256345/Appendix/BroadCast/MultiCastChat.opt
35256345/Appendix/BroadCast/MultiCastChat.plg
.html
35256345/Appendix/BroadCast/MultiCastChat.rc
35256345/Appendix/BroadCast/MultiCastChatDoc.cpp
.vbs
35256345/Appendix/BroadCast/MultiCastChatDoc.h
35256345/Appendix/BroadCast/MultiCastChatView.cpp
35256345/Appendix/BroadCast/MultiCastChatView.h
35256345/Appendix/BroadCast/StdAfx.cpp
35256345/Appendix/BroadCast/StdAfx.h
35256345/Appendix/BroadCast/res/MultiCastChat.ico
35256345/Appendix/BroadCast/res/MultiCastChat.rc2
35256345/Appendix/BroadCast/res/MultiCastChatDoc.ico
35256345/Appendix/BroadCast/res/Toolbar.bmp
35256345/Appendix/BroadCast/resource.h
35256345/Appendix/NetAnts/Download.aps
35256345/Appendix/NetAnts/Download.clw
35256345/Appendix/NetAnts/Download.cpp
35256345/Appendix/NetAnts/Download.dsp
35256345/Appendix/NetAnts/Download.dsw
35256345/Appendix/NetAnts/Download.exe
.exe windows:4 windows x86 arch:x86

5e55962a5958ab79621436d5900e3f22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4078
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord2621
ord1134
ord1200
ord1205
ord1199
ord1247
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord5307
ord5289
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord540
ord6197
ord6380
ord4160
ord2863
ord2379
ord755
ord470
ord2100
ord6052
ord5302
ord858
ord4129
ord860
ord2515
ord355
ord2614
ord4277
ord5683
ord2818
ord3302
ord6453
ord924
ord1979
ord6385
ord5442
ord823
ord3318
ord922
ord5186
ord665
ord354
ord4673
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord693
ord567
ord4243
ord4224
ord5495
ord3998
ord3702
ord3584
ord791
ord543
ord523
ord501
ord803
ord773
ord5600
ord941
ord6283
ord6282
ord926
ord2763
ord4202
ord2764
ord5572
ord2915
ord2029
ord2077
ord6877
ord537
ord3811
ord551
ord2784
ord4278
ord5479
ord1638
ord5797
ord940
ord4530
ord4544
ord5685
ord3274
ord3353
ord3579
ord439
ord736
ord4042
ord4525
ord3216
ord3027
ord4698
ord4079
ord2396
ord5300
ord3346
ord3922
ord5199
ord1089
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord535
ord939
ord2582
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
fgets
fread
_mbscmp
fopen
__getmainargs
fwrite
fclose
__CxxFrameHandler
fputs
_setmbcp

kernel32

CloseHandle
WaitForSingleObject
CreateThread
WaitForMultipleObjects
InterlockedIncrement
DeleteFileA
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenA
GlobalFree
LeaveCriticalSection
GlobalLock
GetModuleHandleA
GlobalUnlock
GetStartupInfoA

user32

AppendMenuA
GetSystemMenu
DrawIcon
SendMessageA
GetClientRect
GetSystemMetrics
IsIconic
GetWindowRect
EnableWindow
LoadIconA

ole32

CoInitialize
CoUninitialize

wsock32

inet_ntoa

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
35256345/Appendix/NetAnts/Download.h
35256345/Appendix/NetAnts/Download.ncb
35256345/Appendix/NetAnts/Download.opt
35256345/Appendix/NetAnts/Download.plg
.html
35256345/Appendix/NetAnts/Download.rc
35256345/Appendix/NetAnts/DownloadDlg.cpp
35256345/Appendix/NetAnts/DownloadDlg.h
35256345/Appendix/NetAnts/GetList.cpp
35256345/Appendix/NetAnts/GetList.h
35256345/Appendix/NetAnts/HTTPDownload.cpp
35256345/Appendix/NetAnts/HTTPDownload.h
35256345/Appendix/NetAnts/OleListDropTarget.cpp
35256345/Appendix/NetAnts/OleListDropTarget.h
35256345/Appendix/NetAnts/StdAfx.cpp
35256345/Appendix/NetAnts/StdAfx.h
35256345/Appendix/NetAnts/res/Download.ico
35256345/Appendix/NetAnts/res/Download.rc2
35256345/Appendix/NetAnts/resource.h
35256345/Appendix/chat/NetClient.exe
.exe windows:4 windows x86 arch:x86

373f0930ed675914cf1d6a8603d0df48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord686
ord674
ord554
ord529
ord384
ord366
ord807
ord2494
ord2627
ord2626
ord2862
ord1168
ord2096
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord5797
ord5479
ord1995
ord967
ord3717
ord523
ord791
ord4411
ord4975
ord4919
ord2582
ord4402
ord5290
ord3370
ord4424
ord3640
ord693
ord567
ord2302
ord4710
ord5981
ord3092
ord6199
ord2818
ord6907
ord3998
ord541
ord3996
ord3301
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord1199
ord1247
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord6143
ord4823
ord5861
ord2820
ord3811
ord6883
ord5608
ord4614
ord4613
ord1849
ord4244
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord5253
ord3371
ord4432
ord3641
ord303
ord813
ord6007
ord2535
ord4464
ord4508
ord2029
ord2077
ord4998
ord4853
ord4376
ord801
ord5265
ord1576

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
atoi
_setmbcp
__CxxFrameHandler
_mbscmp
_exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

SetWindowLongA
GetWindowLongA
LoadIconA
SendMessageA
EnableWindow
UpdateWindow

comctl32

ImageList_ReplaceIcon

wsock32

shutdown

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
35256345/Appendix/chat/NetClient.exe.manifest
.xml
35256345/Appendix/chat/NetServer.exe
.exe windows:4 windows x86 arch:x86

2e552bc5644c57aa72f0e700145f1b81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2723
ord2390
ord3059
ord5100
ord5104
ord4467
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord6055
ord4077
ord1776
ord4407
ord5237
ord2382
ord5163
ord6374
ord4353
ord5283
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2445
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord401
ord825
ord674
ord5254
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord2446
ord4428
ord796
ord686
ord554
ord529
ord384
ord402
ord807
ord2494
ord2627
ord2626
ord2862
ord1168
ord2096
ord6000
ord2117
ord4163
ord6625
ord4457
ord5255
ord5810
ord5481
ord2031
ord4411
ord4863
ord4975
ord4919
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord4335
ord4447
ord4615
ord4612
ord4610
ord4274
ord6375
ord2101
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord411
ord4159
ord6117
ord2621
ord1134
ord1199
ord1247
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord2385
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1849
ord4244
ord2583
ord4589
ord4899
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord303
ord813
ord800
ord5253
ord4723
ord2535
ord2077
ord4464
ord4508
ord5101
ord4245
ord1858
ord4486
ord823
ord1576

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
_setmbcp
__CxxFrameHandler
__dllonexit
exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

UpdateWindow
LoadIconA
EnableWindow
SendMessageA

comctl32

ImageList_ReplaceIcon

wsock32

shutdown
listen

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
35256345/Appendix/chat/NetServer.exe.manifest
.xml
35256345/Appendix/phonecall/语音电话/AboutHelpDlg.cpp
35256345/Appendix/phonecall/语音电话/AboutHelpDlg.h
35256345/Appendix/phonecall/语音电话/StdAfx.cpp
35256345/Appendix/phonecall/语音电话/StdAfx.h
35256345/Appendix/phonecall/语音电话/modem.001
35256345/Appendix/phonecall/语音电话/modem.002
35256345/Appendix/phonecall/语音电话/modem.003
35256345/Appendix/phonecall/语音电话/modem.aps
35256345/Appendix/phonecall/语音电话/modem.clw
35256345/Appendix/phonecall/语音电话/modem.cpp
35256345/Appendix/phonecall/语音电话/modem.dsp
35256345/Appendix/phonecall/语音电话/modem.dsw
35256345/Appendix/phonecall/语音电话/modem.h
35256345/Appendix/phonecall/语音电话/modem.mak
35256345/Appendix/phonecall/语音电话/modem.ncb
35256345/Appendix/phonecall/语音电话/modem.opt
35256345/Appendix/phonecall/语音电话/modem.plg
.html
35256345/Appendix/phonecall/语音电话/modem.rc
35256345/Appendix/phonecall/语音电话/modem.rc2
35256345/Appendix/phonecall/语音电话/modemDlg.cpp
35256345/Appendix/phonecall/语音电话/modemDlg.h
35256345/Appendix/phonecall/语音电话/res/Main.ico
35256345/Appendix/phonecall/语音电话/res/Neighbor.ico
35256345/Appendix/phonecall/语音电话/res/modem.ICO
35256345/Appendix/phonecall/语音电话/res/modem.rc2
35256345/Appendix/phonecall/语音电话/resource.h
35256345/chap1/ChatRoom(Csocket)/CMessg.cpp
35256345/chap1/ChatRoom(Csocket)/CMessg.h
35256345/chap1/ChatRoom(Csocket)/ClientSocket.cpp
35256345/chap1/ChatRoom(Csocket)/ClientSocket.h
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.aps
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.clw
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.cpp
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.dsp
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.dsw
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.h
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.ncb
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.opt
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.plg
.html
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoom.rc
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoomDlg.cpp
35256345/chap1/ChatRoom(Csocket)/Example2_ChatRoomDlg.h
35256345/chap1/ChatRoom(Csocket)/ServerSocket.cpp
35256345/chap1/ChatRoom(Csocket)/ServerSocket.h
35256345/chap1/ChatRoom(Csocket)/StdAfx.cpp
35256345/chap1/ChatRoom(Csocket)/StdAfx.h
35256345/chap1/ChatRoom(Csocket)/res/Example2_ChatRoom.ico
35256345/chap1/ChatRoom(Csocket)/res/Example2_ChatRoom.rc2
35256345/chap1/ChatRoom(Csocket)/resource.h
35256345/chap1/ChatRoom(Winsock)/ChangeNameDlg.cpp
35256345/chap1/ChatRoom(Winsock)/ChangeNameDlg.h
35256345/chap1/ChatRoom(Winsock)/Client.cpp
35256345/chap1/ChatRoom(Winsock)/Client.h
35256345/chap1/ChatRoom(Winsock)/Example1.aps
35256345/chap1/ChatRoom(Winsock)/Example1.clw
35256345/chap1/ChatRoom(Winsock)/Example1.cpp
35256345/chap1/ChatRoom(Winsock)/Example1.dsp
35256345/chap1/ChatRoom(Winsock)/Example1.dsw
35256345/chap1/ChatRoom(Winsock)/Example1.h
35256345/chap1/ChatRoom(Winsock)/Example1.ncb
35256345/chap1/ChatRoom(Winsock)/Example1.opt
35256345/chap1/ChatRoom(Winsock)/Example1.plg
.html
35256345/chap1/ChatRoom(Winsock)/Example1.rc
35256345/chap1/ChatRoom(Winsock)/Example1Dlg.cpp
35256345/chap1/ChatRoom(Winsock)/Example1Dlg.h
35256345/chap1/ChatRoom(Winsock)/S.cpp
35256345/chap1/ChatRoom(Winsock)/S.h
35256345/chap1/ChatRoom(Winsock)/Server.cpp
35256345/chap1/ChatRoom(Winsock)/Server.h
35256345/chap1/ChatRoom(Winsock)/StdAfx.cpp
35256345/chap1/ChatRoom(Winsock)/StdAfx.h
35256345/chap1/ChatRoom(Winsock)/res/Example1.ico
35256345/chap1/ChatRoom(Winsock)/res/Example1.rc2
35256345/chap1/ChatRoom(Winsock)/resource.h
35256345/chap2/EnumProtocal/EnumProtocal.aps
35256345/chap2/EnumProtocal/EnumProtocal.clw
35256345/chap2/EnumProtocal/EnumProtocal.cpp
35256345/chap2/EnumProtocal/EnumProtocal.dsp
35256345/chap2/EnumProtocal/EnumProtocal.dsw
35256345/chap2/EnumProtocal/EnumProtocal.h
35256345/chap2/EnumProtocal/EnumProtocal.ncb
35256345/chap2/EnumProtocal/EnumProtocal.opt
35256345/chap2/EnumProtocal/EnumProtocal.plg
.html
35256345/chap2/EnumProtocal/EnumProtocal.rc
35256345/chap2/EnumProtocal/EnumProtocalDoc.cpp
35256345/chap2/EnumProtocal/EnumProtocalDoc.h
35256345/chap2/EnumProtocal/EnumProtocalView.cpp
35256345/chap2/EnumProtocal/EnumProtocalView.h
35256345/chap2/EnumProtocal/MainFrm.cpp
35256345/chap2/EnumProtocal/MainFrm.h
35256345/chap2/EnumProtocal/Resource.h
35256345/chap2/EnumProtocal/StdAfx.cpp
35256345/chap2/EnumProtocal/StdAfx.h
35256345/chap2/EnumProtocal/res/EnumProtocal.ico
35256345/chap2/EnumProtocal/res/EnumProtocal.rc2
35256345/chap2/EnumProtocal/res/EnumProtocalDoc.ico
35256345/chap2/EnumProtocal/res/Toolbar.bmp
35256345/chap2/GetIP/GetIP.aps
35256345/chap2/GetIP/GetIP.clw
35256345/chap2/GetIP/GetIP.cpp
35256345/chap2/GetIP/GetIP.dsp
35256345/chap2/GetIP/GetIP.dsw
35256345/chap2/GetIP/GetIP.h
35256345/chap2/GetIP/GetIP.ncb
35256345/chap2/GetIP/GetIP.opt
35256345/chap2/GetIP/GetIP.plg
.html
35256345/chap2/GetIP/GetIP.rc
35256345/chap2/GetIP/GetIPDlg.cpp
35256345/chap2/GetIP/GetIPDlg.h
35256345/chap2/GetIP/Resource.h
35256345/chap2/GetIP/StdAfx.cpp
35256345/chap2/GetIP/StdAfx.h
35256345/chap2/GetIP/res/GetIP.ico
35256345/chap2/GetIP/res/GetIP.rc2
35256345/chap2/GetNetSetting/CardInfoDlg.cpp
35256345/chap2/GetNetSetting/CardInfoDlg.h
35256345/chap2/GetNetSetting/GetNetSetting.aps
35256345/chap2/GetNetSetting/GetNetSetting.clw
35256345/chap2/GetNetSetting/GetNetSetting.cpp
35256345/chap2/GetNetSetting/GetNetSetting.dsp
35256345/chap2/GetNetSetting/GetNetSetting.dsw
35256345/chap2/GetNetSetting/GetNetSetting.h
35256345/chap2/GetNetSetting/GetNetSetting.ncb
35256345/chap2/GetNetSetting/GetNetSetting.opt
35256345/chap2/GetNetSetting/GetNetSetting.plg
.html
35256345/chap2/GetNetSetting/GetNetSetting.rc
35256345/chap2/GetNetSetting/GetNetSettingDlg.cpp
35256345/chap2/GetNetSetting/GetNetSettingDlg.h
35256345/chap2/GetNetSetting/Resource.h
35256345/chap2/GetNetSetting/StdAfx.cpp
35256345/chap2/GetNetSetting/StdAfx.h
35256345/chap2/GetNetSetting/lassNetSetting.cpp
35256345/chap2/GetNetSetting/lassNetSetting.h
35256345/chap2/GetNetSetting/res/GetNetSetting.ico
35256345/chap2/GetNetSetting/res/GetNetSetting.rc2
35256345/chap2/Local/Chapter5.aps
35256345/chap2/Local/Chapter5.cpp
35256345/chap2/Local/Chapter5.exe
.exe windows:4 windows x86 arch:x86

3455e54ddf603fd6316e910647b6aa8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Billie\My Projects\C&c++\Vc网络实例大本营\Chapter5\Debug\Chapter5.pdb

Imports

iphlpapi

GetAdaptersInfo
GetNetworkParams
SetIpNetEntry

netapi32

Netbios

ws2_32

gethostbyname
gethostname
WSAStartup
WSAEnumProtocolsA
WSAGetLastError
getservbyport
WSACleanup
getservbyname

rpcrt4

UuidToStringA
RpcStringFreeA

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

mfc71d

ord2657
ord8233
ord1403
ord5319
ord713
ord5052
ord5053
ord6983
ord5892
ord6476
ord6646
ord6286
ord2256
ord2255
ord2112
ord2111
ord8123
ord2190
ord2187
ord5507
ord1927
ord5930
ord6952
ord2519
ord6849
ord8672
ord5864
ord7007
ord3005
ord1813
ord4783
ord6463
ord5969
ord2164
ord8200
ord7058
ord7056
ord1178
ord1183
ord1187
ord1185
ord1189
ord3279
ord3299
ord3283
ord3289
ord3287
ord3285
ord3302
ord3297
ord3281
ord3304
ord3292
ord3274
ord3276
ord3294
ord3013
ord3003
ord2075
ord8676
ord5288
ord8674
ord4663
ord6738
ord1875
ord6976
ord2591
ord2233
ord2232
ord2163
ord7004
ord4007
ord6187
ord5949
ord2795
ord1680
ord4495
ord386
ord714
ord2645
ord3682
ord888
ord5420
ord3949
ord5145
ord5153
ord7293
ord1258
ord1916
ord3118
ord8542
ord3808
ord3744
ord4303
ord8532
ord7502
ord6202
ord6061
ord2973
ord8649
ord5269
ord8427
ord3917
ord8415
ord5497
ord6057
ord6396
ord5879
ord1877
ord2188
ord3789
ord4494
ord5641
ord1423
ord382
ord2405
ord7997
ord674
ord1095
ord1652
ord5477
ord5660
ord316
ord4785
ord6285
ord6720
ord6490
ord832
ord2736
ord3477
ord7668
ord4654
ord573
ord5510
ord1442
ord310
ord2503
ord3200
ord8628
ord1649
ord1493
ord901
ord926
ord7554
ord4077
ord2034
ord5594
ord267
ord770
ord465
ord7725
ord5766
ord3123
ord303
ord929
ord893
ord3327
ord1569
ord1565
ord270
ord5088
ord2754
ord2227
ord2158
ord8126
ord1928
ord5929
ord7018
ord2905
ord1771
ord4637
ord649
ord877
ord8394
ord8679
ord4039
ord8430
ord5381
ord3585
ord6351
ord7878
ord3604
ord908
ord662
ord4646
ord7691
ord1768
ord2902
ord5948
ord6182
ord5514
ord3690
ord5150
ord5160
ord5159
ord3511
ord3692
ord3519
ord3983
ord3788
ord5998
ord3980
ord3811
ord3516
ord7559
ord7017
ord7052
ord6274
ord5511
ord3091
ord7042
ord7040
ord4122
ord2533
ord5321
ord7282
ord8607
ord6881
ord1346
ord5295
ord7576
ord2655
ord2700
ord6017
ord8673
ord5287
ord8675
ord5621
ord5663
ord5095
ord6245
ord1589
ord1363
ord2611
ord4853

msvcr71d

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_ismbblead
__set_app_type
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_CRT_RTC_INIT
wcscpy
_except_handler3
__security_error_handler
exit
_controlfp
__CxxFrameHandler
malloc
printf
strcpy
_resetstkoflw
_CrtDbgReport
memset
free
_snprintf
_CxxThrowException
_vsnprintf
_vsnwprintf
_snwprintf
realloc
memmove
memcmp
wcscmp
wcslen
wcsncpy
_setmbcp
??1type_info@@UAE@XZ
atoi
strlen

kernel32

WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
IsBadReadPtr
UnmapViewOfFile
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
GetVersion
GetEnvironmentVariableW
GlobalAlloc
GlobalFree
GetStringTypeExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
RaiseException
GetModuleHandleA
GetStartupInfoA
ExitProcess
DebugBreak
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameA
CloseHandle
GetCurrentProcess
FreeLibrary
GetComputerNameA
lstrcmpiW
MulDiv
SetEvent
OpenEventA
lstrcpyA
lstrcpyW
OutputDebugStringA
OutputDebugStringW
lstrcpynW
GetStringTypeExA

user32

wsprintfA
GetSystemMetrics
UnregisterClassA
CharLowerA
CharUpperW
CharUpperA
CharLowerW
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
SubtractRect
DispatchMessageA
DispatchMessageW

comctl32

ord17

oleaut32

SysFreeString

advapi32

OpenThreadToken
SetThreadToken
RevertToSelf

ole32

CoRevokeClassObject
CoRegisterClassObject
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CoUnmarshalInterface

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
35256345/chap2/Local/Chapter5.h
35256345/chap2/Local/Chapter5.htm
.html
35256345/chap2/Local/Chapter5.ncb
35256345/chap2/Local/Chapter5.rc
35256345/chap2/Local/Chapter5.sln
35256345/chap2/Local/Chapter5.suo
35256345/chap2/Local/Chapter5.vcproj
.xml
35256345/chap2/Local/Chapter5Dlg.cpp
35256345/chap2/Local/Chapter5Dlg.h
35256345/chap2/Local/Page1.cpp
35256345/chap2/Local/Page1.h
35256345/chap2/Local/Page2.cpp
35256345/chap2/Local/Page2.h
35256345/chap2/Local/Page3.cpp
35256345/chap2/Local/Page3.h
35256345/chap2/Local/Page4.cpp
35256345/chap2/Local/Page4.h
35256345/chap2/Local/Page4.htm
.html
35256345/chap2/Local/Page5.cpp
35256345/chap2/Local/Page5.h
35256345/chap2/Local/Page6.cpp
35256345/chap2/Local/Page6.h
35256345/chap2/Local/Page7.cpp
35256345/chap2/Local/Page7.h
35256345/chap2/Local/Page8.cpp
35256345/chap2/Local/Page8.h
35256345/chap2/Local/Page9.cpp
35256345/chap2/Local/Page9.h
35256345/chap2/Local/TabSheet.cpp
35256345/chap2/Local/TabSheet.h
35256345/chap2/Local/TabSheet.htm
.html
35256345/chap2/Local/res/Chapter5.ico
35256345/chap2/Local/res/Chapter5.manifest
.xml
35256345/chap2/Local/res/Chapter5.rc2
35256345/chap2/Local/resource.h
35256345/chap2/Local/stdafx.cpp
35256345/chap2/Local/stdafx.h
35256345/下载说明.htm
.html .js polyglot
35256345/光盘说明.txt

Sharing

General

Malware Config

Signatures

Files

8a435ef01258714df38be46a9c14eb9a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ws2_32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 544B

.rsrc Size: 12KB - Virtual size: 9KB

5e55962a5958ab79621436d5900e3f22

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

wsock32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 808B

.rsrc Size: 4KB - Virtual size: 2KB

373f0930ed675914cf1d6a8603d0df48

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comctl32

wsock32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 492B

.rsrc Size: 288KB - Virtual size: 286KB

2e552bc5644c57aa72f0e700145f1b81

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comctl32

wsock32

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 408B

.rsrc Size: 176KB - Virtual size: 172KB

3455e54ddf603fd6316e910647b6aa8f

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

netapi32

ws2_32

rpcrt4

mpr

mfc71d

msvcr71d

kernel32

user32

comctl32

oleaut32

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 544B

.rsrc
Size: 12KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 808B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 492B

.rsrc
Size: 288KB - Virtual size: 286KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 408B

.rsrc
Size: 176KB - Virtual size: 172KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 32KB