9c11bca4a30e03119e4f9e2757649a51

Sharing

Copy URL Twitter E-mail

General

Target

9c11bca4a30e03119e4f9e2757649a51
Size

631KB
MD5

9c11bca4a30e03119e4f9e2757649a51
SHA1

852978af38b949d9e69ce89be486ed48f5188d69
SHA256

82a3fa00befd991fae344a09e96fa8b1de8d353b1820375a562bc765b6ed668d
SHA512

c0e35766e478da01f3bf3c96c5debb374b00820a2c6da438ba65906cceb3c67e2e121fba419af04c88a7653a09f838f8bc9a4f40d589651db48b0b31e0e63bd0
SSDEEP

12288:bqxgDJbUEcFVIp7yLDXNfNBUDmaBclYwKeiAa4UXDjrVt8pvn/qRmeUwwFISi:TbGj8s8mdCeiEUXzA5/6Gww5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ssk_setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/Core.dll
unpack002/SaveCan.exe
unpack002/Timer.dll
unpack002/savecan32.sys
unpack002/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/ssk_setup.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

9c11bca4a30e03119e4f9e2757649a51
.rar
ssk_setup.exe
.exe windows:4 windows x86 arch:x86

3c1b27083f9fe9eb9b4f9671a370a84d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Config/savecan.ini
Config/timer.dat
Core.dll
.dll regsvr32 windows:4 windows x86 arch:x86

11aad6c1d3aba10a8acb41558acf5e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetConnectedState

netapi32

Netbios

winmm

mixerGetLineControlsA
mixerOpen
mixerGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineInfoA
mixerClose
mixerGetDevCapsA

mfc42

ord537
ord2514
ord641
ord795
ord2614
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2302
ord4234
ord1768
ord6197
ord6380
ord4710
ord4853
ord858
ord2818
ord4160
ord6270
ord4376
ord4220
ord2584
ord3654
ord3663
ord2438
ord2863
ord1644
ord1146
ord2379
ord6055
ord1776
ord5290
ord3402
ord3721
ord567
ord1105
ord5572
ord2915
ord823
ord939
ord940
ord941
ord1575
ord2393
ord5808
ord1075
ord5204
ord3229
ord690
ord1228
ord389
ord1601
ord2763
ord1200
ord1168
ord860
ord2864
ord540
ord3874
ord4204
ord2764
ord535
ord800
ord825
ord6354
ord1131
ord6467
ord1132
ord5500
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1176
ord1116
ord6199
ord1988
ord1577

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
memcpy
strstr
abs
_mbsstr
realloc
sprintf
_ftol
strcpy
_inp
wcslen
_inpd
_outp
_outpw
_outpd
fclose
_purecall
atof
_CxxThrowException
strcat
_mbscmp
sscanf
memset
strlen
malloc
free
__CxxFrameHandler
_stricmp
_inpw

kernel32

GetFileAttributesA
SetFileAttributesA
WritePrivateProfileStringA
GetDevicePowerState
CloseHandle
ResumeThread
LoadLibraryExA
FreeLibrary
GetLastError
FormatMessageA
GetModuleFileNameA
CreateFileA
GetSystemInfo
GetFileSize
SetFilePointer
lstrlenA
SetThreadAffinityMask
GetCurrentProcess
GetTickCount
Sleep
OutputDebugStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
MultiByteToWideChar
Process32First
CreateToolhelp32Snapshot
DeleteFileA
lstrcpyA
WinExec
lstrcatA
ReadFile
LocalFree
LocalAlloc
WriteFile
GetCurrentThread
GetProcAddress
GetModuleHandleA
GetVersionExA
DeviceIoControl
InterlockedDecrement
lstrlenW
WideCharToMultiByte
GetLocalTime
Process32Next
lstrcpynA

user32

EnableWindow
IsWindowVisible
SetCursor
FindWindowA
ExitWindowsEx
LoadCursorA
ReleaseDC
wsprintfW
GetDC
SendMessageA
LockWorkStation
GetLastInputInfo
GetDesktopWindow
GetSystemMetrics
KillTimer
SetTimer
LoadMenuA
GetSubMenu
GetCursorPos
wsprintfA
GetForegroundWindow
GetWindowRect

gdi32

GetDeviceCaps

advapi32

ControlService
RegQueryValueA
RegEnumKeyExA
RegSetValueExA
CreateServiceA
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
VariantClear
VariantInit
SysFreeString
SysAllocString

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

setupapi

CM_Get_DevNode_Status
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

powrprof

SetActivePwrScheme
WritePwrScheme
CallNtPowerInformation
CanUserWritePwrScheme

rpcrt4

UuidFromStringA

Exports

Exports

?XSaveCan_CloseMonitor@@YGXXZ
?XSaveCan_GeTthrottleState@@YG?AVCString@@XZ
?XSaveCan_GetCo2@@YGNXZ
?XSaveCan_GetDeviceState@@YG?AUDeviceStatus@@W4DEVICE_GUID@@@Z
?XSaveCan_GetElectricity@@YGNXZ
?XSaveCan_GetFammbId@@YGHXZ
?XSaveCan_GetFammbsum@@YGHXZ
?XSaveCan_GetFamname@@YG?AVCString@@XZ
?XSaveCan_GetFamsdrank@@YGHXZ
?XSaveCan_GetFamsdsum@@YGNXZ
?XSaveCan_GetFrequency@@YGXPAK0@Z
?XSaveCan_GetOrder@@YG?AVCString@@XZ
?XSaveCan_GetPassword@@YG?AVCString@@XZ
?XSaveCan_GetRank@@YGNXZ
?XSaveCan_GetTree@@YGNXZ
?XSaveCan_GetUsergroup@@YG?AVCString@@XZ
?XSaveCan_GetUsername@@YG?AVCString@@XZ
?XSaveCan_InitModule@@YGXVCString@@@Z
?XSaveCan_OnTimer@@YGXI@Z
?XSaveCan_SaveElectricityToFile@@YGXXZ
?XSaveCan_SaveElectricityToServer@@YGXXZ
?XSaveCan_SetCallback@@YGXP6AXPAU_USER_STATUS@@@Z@Z
?XSaveCan_SetSafeHwnd@@YGXPAUHWND__@@@Z
?XSaveCan_StartAwayMode@@YGXXZ
?XSaveCan_UnInitModule@@YGXXZ
?XSaveCan_UpdateAwaymodeSeting@@YGXXZ
?XSaveCan_UpdateCpuSeting@@YGXXZ
?XSaveCan_UpdateDeviceState@@YGXXZ
?XSaveCan_UserLogin@@YGXVCString@@0@Z
?XSaveCan_UserRegisterID@@YGXVCString@@00000@Z
?XSaveCan_WindowProc@@YGJIIJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SaveCan.exe
.exe windows:4 windows x86 arch:x86

9775749e733104124f579181991a5996

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntry
InternetGetConnectedState

netapi32

Netbios

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6648
ord6663
ord4204
ord1232
ord6117
ord2621
ord1134
ord939
ord940
ord1988
ord2393
ord5808
ord1075
ord5204
ord3229
ord690
ord1228
ord389
ord2764
ord1601
ord2763
ord656
ord4299
ord922
ord1105
ord3830
ord4287
ord3870
ord3744
ord1146
ord3811
ord6172
ord5789
ord6270
ord4220
ord2584
ord3654
ord2438
ord2863
ord1644
ord5981
ord616
ord609
ord1871
ord3317
ord4486
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord6380
ord4123
ord3610
ord2575
ord4396
ord3574
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord4278
ord6930
ord6877
ord538
ord4129
ord4277
ord5683
ord2753
ord5781
ord3706
ord6375
ord4274
ord4673
ord1929
ord2859
ord2860
ord1641
ord3619
ord926
ord1200
ord2915
ord5572
ord941
ord6880
ord6358
ord3797
ord3874
ord2122
ord1088
ord5875
ord6215
ord535
ord4160
ord860
ord2818
ord556
ord2614
ord809
ord1168
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord6402
ord3521
ord2642
ord6111
ord6453
ord790
ord3716
ord3631
ord2864
ord1768
ord3226
ord1199
ord540
ord924
ord858
ord683
ord2379
ord2414
ord3663
ord3626
ord3571
ord470
ord755
ord4275
ord823
ord800
ord323
ord567
ord3721
ord4424
ord3402
ord5290
ord1776
ord6055
ord825
ord4853
ord4710
ord6379
ord6197
ord6199
ord537
ord4234
ord2302
ord795
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord2514
ord4998
ord4376
ord5265
ord3092
ord3831
ord6195
ord1576

msvcrt

_write
_close
_read
_filelength
_open
wcslen
abort
fprintf
_iob
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_CIfmod
__CxxLongjmpUnwind
_setjmp3
longjmp
strncmp
_CIpow
_CIacos
div
_mbslen
calloc
_mbsnbcpy
_CxxThrowException
floor
realloc
malloc
free
abs
atol
_itoa
memcpy
atof
sscanf
strncpy
strcpy
strcat
strlen
_mbscmp
_mbsstr
strstr
memset
sprintf
_ftol
getc
fputc
fflush
ftell
fseek
fwrite
fread
fclose
fopen
_purecall
__CxxFrameHandler
gmtime
strtod
_setmbcp
_lseek

kernel32

CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
GetCurrentProcess
lstrcpynA
MultiByteToWideChar
lstrlenW
CreateMutexA
GetLastError
GetCommandLineA
GetFileAttributesA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetProcAddress
GetPrivateProfileIntA
WritePrivateProfileStringA
DeleteFileA
GetModuleFileNameA
GetVersionExA
SetProcessWorkingSetSize
ResumeThread
GetTickCount
Sleep
GetVersion
LocalFree
MapViewOfFile
UnmapViewOfFile
ExitProcess
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
ReadFile
SetFilePointer
GetFileSize
LockResource
LoadResource
SizeofResource
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetModuleHandleA
GetStartupInfoA
FindResourceA
WideCharToMultiByte

user32

EnableWindow
SetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenuDefaultItem
GetMenuItemID
GetClientRect
InvalidateRect
wsprintfA
GetSubMenu
GetCursorPos
PostMessageA
IsIconic
DrawIcon
LoadIconA
KillTimer
SetTimer
RegisterWindowMessageA
GetForegroundWindow
GetSystemMetrics
ExitWindowsEx
wsprintfW
FindWindowA
GetClassInfoA
IsWindowVisible
SetCapture
RedrawWindow
GetWindowRect
InflateRect
PtInRect
LoadCursorA
CopyIcon
IsWindow
SetWindowLongA
SetCursor
ReleaseCapture
MessageBeep
GetUpdateRect
GetIconInfo
DrawTextA
LoadMenuA
GetSysColor
ReleaseDC
GetDC
SendMessageA
GetParent
UnregisterHotKey
RegisterHotKey

gdi32

SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
DeleteObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap
CreateRectRgn
GetCurrentObject
SelectObject
GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject
BitBlt
CombineRgn

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCloseKey
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

ole32

OleRun
CLSIDFromString
CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantClear
VariantInit
SetErrorInfo
VariantChangeType
CreateErrorInfo
GetErrorInfo

urlmon

URLDownloadToFileA

core

?XSaveCan_GetPassword@@YG?AVCString@@XZ
?XSaveCan_GetFammbId@@YGHXZ
?XSaveCan_SaveElectricityToFile@@YGXXZ
?XSaveCan_OnTimer@@YGXI@Z
?XSaveCan_SaveElectricityToServer@@YGXXZ
?XSaveCan_GetCo2@@YGNXZ
?XSaveCan_GetTree@@YGNXZ
?XSaveCan_UnInitModule@@YGXXZ
?XSaveCan_InitModule@@YGXVCString@@@Z
?XSaveCan_SetSafeHwnd@@YGXPAUHWND__@@@Z
?XSaveCan_GetUsername@@YG?AVCString@@XZ
?XSaveCan_GetOrder@@YG?AVCString@@XZ
?XSaveCan_GetUsergroup@@YG?AVCString@@XZ
?XSaveCan_GetFammbsum@@YGHXZ
?XSaveCan_GetFamname@@YG?AVCString@@XZ
?XSaveCan_GetFamsdsum@@YGNXZ
?XSaveCan_GetElectricity@@YGNXZ
?XSaveCan_UserLogin@@YGXVCString@@0@Z
?XSaveCan_CloseMonitor@@YGXXZ
?XSaveCan_StartAwayMode@@YGXXZ
?XSaveCan_UpdateAwaymodeSeting@@YGXXZ
?XSaveCan_UpdateCpuSeting@@YGXXZ
?XSaveCan_GeTthrottleState@@YG?AVCString@@XZ
?XSaveCan_GetFrequency@@YGXPAK0@Z
?XSaveCan_UpdateDeviceState@@YGXXZ
?XSaveCan_GetDeviceState@@YG?AUDeviceStatus@@W4DEVICE_GUID@@@Z
?XSaveCan_UserRegisterID@@YGXVCString@@00000@Z
?XSaveCan_SetCallback@@YGXP6AXPAU_USER_STATUS@@@Z@Z

timer

?XTimer_InitModule@@YGXVCString@@PAVCWnd@@@Z
?XTimer_OnTimer@@YGXI@Z
?XTimer_Setting@@YGXXZ
?XTimer_UnInitModule@@YGXXZ

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PBDK@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageGIF@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??0CxPoint2@@QAE@ABV0@@Z
??0CxPoint2@@QAE@MM@Z
??0CxPoint2@@QAE@XZ
??0CxRect2@@QAE@ABV0@@Z
??0CxRect2@@QAE@MMMM@Z
??0CxRect2@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageGIF@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4CxPoint2@@QAEAAV0@ABV0@@Z
??4CxRect2@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z
?Alloc@CxMemFile@@IAEXK@Z
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaGetPointer@CxImage@@QAEPAEJJ@Z
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z
?BlindAlphaGet@CxImage@@IAEEJJ@Z
?BlindGetPixelColor@CxImage@@IAE?AUtagRGBQUAD@@JJ@Z
?BlindGetPixelIndex@CxImage@@IAEEJJ@Z
?BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z
?Center@CxRect2@@QBE?AVCxPoint2@@XZ
?CircleTransform@CxImage@@QAE_NHJM@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?Crop@CxImage@@QAE_NJJJJPAV1@@Z
?CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z
?CrossSection@CxRect2@@QBE?AV1@ABV1@@Z
?Decode@CxImage@@QAE_NPAEKK@Z
?Decode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Decode@CxImage@@QAE_NPAVCxFile@@K@Z
?Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z
?DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z
?Destroy@CxImage@@QAE_NXZ
?Distance@CxPoint2@@QAEMMM@Z
?Distance@CxPoint2@@QAEMV1@@Z
?Dither@CxImage@@QAE_NJ@Z
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z
?Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z
?EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z
?EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Expand@CxImage@@QAE_NJJJJUtagRGBQUAD@@PAV1@@Z
?Expand@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z
?Flip@CxImage@@QAE_NXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?FreeMemory@CxImage@@QAEXPAX@Z
?GetAreaColorInterpolated@CxImage@@QAE?AUtagRGBQUAD@@MMMMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QAEKK@Z
?GetColorType@CxImage@@QAEEXZ
?GetComment@CxImageGIF@@QAEXPAD@Z
?GetDIB@CxImage@@QBEPAXXZ
?GetDisposalMethod@CxImageGIF@@QAEJXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPBDXZ
?GetLoops@CxImageGIF@@QAEJXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelColorInterpolated@CxImage@@QAE?AUtagRGBQUAD@@MMW4InterpolationMethod@1@W4OverflowMethod@1@QAU2@@Z
?GetPixelColorWithOverflow@CxImage@@QAE?AUtagRGBQUAD@@JJW4OverflowMethod@1@QAU2@@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetVersionNumber@CxImage@@QAE?BMXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?GifMix@CxImageGIF@@IAEXAAVCxImage@@AAUtag_image@1@@Z
?GifNextPixel@CxImageGIF@@IAEHXZ
?GrayScale@CxImage@@QAE_NXZ
?Height@CxRect2@@QBEMXZ
?IncreaseBpp@CxImage@@QAE_NK@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QBE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsSamePalette@CxImage@@QAE_NAAV1@_N@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?KernelBSpline@CxImage@@SAMM@Z
?KernelBessel@CxImage@@SAMM@Z
?KernelBessel_J1@CxImage@@SAMM@Z
?KernelBessel_Order1@CxImage@@SAMM@Z
?KernelBessel_P1@CxImage@@SAMM@Z
?KernelBessel_Q1@CxImage@@SAMM@Z
?KernelBlackman@CxImage@@SAMM@Z
?KernelBox@CxImage@@SAMM@Z
?KernelCatrom@CxImage@@SAMM@Z
?KernelCubic@CxImage@@SAMM@Z
?KernelGaussian@CxImage@@SAMM@Z
?KernelGeneralizedCubic@CxImage@@SAMMM@Z
?KernelHamming@CxImage@@SAMM@Z
?KernelHermite@CxImage@@SAMM@Z
?KernelLanczosSinc@CxImage@@SAMMM@Z
?KernelLinear@CxImage@@SAMM@Z
?KernelMitchell@CxImage@@SAMM@Z
?KernelQuadratic@CxImage@@SAMM@Z
?KernelSinc@CxImage@@SAMM@Z
?Load@CxImage@@QAE_NPBDK@Z
?LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Mirror@CxImage@@QAE_NXZ
?Negative@CxImage@@QAE_NXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?OverflowCoordinates@CxImage@@QAEXAAJ0W4OverflowMethod@1@@Z
?OverflowCoordinates@CxImage@@QAEXAAM0W4OverflowMethod@1@@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z
?QIShrink@CxImage@@QAE_NJJQAV1@@Z
?RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
?Resample@CxImage@@QAE_NJJHPAV1@@Z
?Rotate180@CxImage@@QAE_NPAV1@@Z
?Rotate2@CxImage@@QAE_NMPAV1@W4InterpolationMethod@1@W4OverflowMethod@1@PAUtagRGBQUAD@@_N4@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z
?SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z
?SelectionAddPixel@CxImage@@QAE_NHH@Z
?SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z
?SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z
?SelectionClear@CxImage@@QAE_NXZ
?SelectionCopy@CxImage@@QAE_NAAV1@@Z
?SelectionCreate@CxImage@@QAE_NXZ
?SelectionDelete@CxImage@@QAE_NXZ
?SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z
?SelectionInvert@CxImage@@QAE_NXZ
?SelectionIsInside@CxImage@@QAE_NJJ@Z
?SelectionIsValid@CxImage@@QAE_NXZ
?SelectionSplit@CxImage@@QAE_NPAV1@@Z
?SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAE_NKK@Z
?SetComment@CxImageGIF@@QAEXPBD@Z
?SetDisposalMethod@CxImageGIF@@QAEXH@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetLoops@CxImageGIF@@QAEXH@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Skew@CxImage@@QAE_NMMJJ_N@Z
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?Surface@CxRect2@@QBEMXZ
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Thumbnail@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Width@CxRect2@@QBEMXZ
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
?char_out@CxImageGIF@@IAEXH@Z
?cl_hash@CxImageGIF@@IAEXJ@Z
?compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z
?flush_char@CxImageGIF@@IAEXXZ
?get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z
?get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z
?get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@PAUtag_dscgif@1@@Z
?init_exp@CxImageGIF@@IAEFF@Z
?out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z
?output@CxImageGIF@@IAEXF@Z
?rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z
?rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_compute_triangle_count@CxImageGIF@@IAEIII@Z
?rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_isqrt@CxImageGIF@@IAEII@Z
?rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_write_block@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?seek_next_image@CxImageGIF@@IAEJPAVCxFile@@J@Z

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Skins/Thumbs.db
Skins/blue/main.png
.png
Skins/blue/mainDown.png
.png
Skins/blue/progress1.png
.png
Skins/blue/skin.xml
.xml
Skins/blue/tool.png
.png
Skins/blue/tool.xml
.xml
Skins/blue/tool2.png
.png
Timer.dll
.dll windows:4 windows x86 arch:x86

da802eeaa17fd3f9de94597137ebbcb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord567
ord324
ord825
ord795
ord2302
ord4234
ord800
ord6215
ord3092
ord6199
ord2818
ord540
ord1168
ord5953
ord1768
ord6197
ord6380
ord4710
ord771
ord665
ord1979
ord6385
ord5773
ord5442
ord5186
ord354
ord2528
ord1008
ord497
ord6467
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord2379
ord3663
ord4376
ord4853
ord823
ord1907
ord3610
ord3719
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord5287
ord4835
ord793
ord656
ord768
ord4407
ord489
ord4998
ord2299
ord2298
ord2301
ord2294
ord2362
ord4258
ord858
ord537
ord6334
ord2642
ord3499
ord2515
ord355
ord4854
ord654
ord341
ord924
ord6140
ord5858
ord1200
ord2086
ord693
ord686
ord2582
ord4402
ord3370
ord3640
ord384
ord2862
ord2096
ord3996
ord6007
ord6888
ord6907
ord3998
ord3286
ord6675
ord2453
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord565
ord817
ord2726
ord4226
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3953
ord3738
ord561
ord815
ord6741
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6508
ord2370
ord6920
ord3874
ord6453
ord535
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1775
ord4078
ord6052
ord860
ord2514
ord1578
ord600
ord826
ord269
ord5265
ord3721
ord3402
ord4424
ord5290
ord1776
ord2358
ord6055
ord1116

msvcrt

_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_beginthread
__CxxFrameHandler
__dllonexit

kernel32

LocalFree
GetCurrentProcess
GetLocalTime
LocalAlloc

user32

GetCursorPos
GetWindowRect
SendMessageA
EnableWindow
DestroyIcon
LoadImageA
GetSubMenu
KillTimer
SetTimer
ExitWindowsEx
LoadIconA
LoadMenuA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove

Exports

Exports

?XTimer_InitModule@@YGXVCString@@PAVCWnd@@@Z
?XTimer_OnTimer@@YGXI@Z
?XTimer_Setting@@YGXXZ
?XTimer_UnInitModule@@YGXXZ

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
savecan32.sys
.sys windows:5 windows x86 arch:x86

d59e50c6cd75833d71fdc947a1cca675

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Programming\WINDDK\Drivers\OMCDrv\lib\i386\OSCI_DRVNT.pdb

Imports

ntoskrnl.exe

WRITE_REGISTER_BUFFER_USHORT
WRITE_REGISTER_BUFFER_ULONG
WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
WRITE_REGISTER_USHORT
READ_REGISTER_USHORT
WRITE_REGISTER_ULONG
READ_REGISTER_ULONG
IoDisconnectInterrupt
KeClearEvent
ExFreePoolWithTag
IoCreateNotificationEvent
RtlFreeUnicodeString
WRITE_REGISTER_BUFFER_UCHAR
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
ExAllocatePoolWithTag
ZwClose
IoConnectInterrupt
KeSetEvent
IofCompleteRequest
IoStartNextPacket
KeInsertQueueDpc
IoDeleteSymbolicLink
KeInitializeDpc
_except_handler3
MmMapIoSpace
READ_REGISTER_BUFFER_ULONG
READ_REGISTER_BUFFER_USHORT
READ_REGISTER_BUFFER_UCHAR
MmUnmapIoSpace
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
IoDeleteDevice

hal

HalSetBusDataByOffset
HalGetBusDataByOffset
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalGetInterruptVector

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

3c1b27083f9fe9eb9b4f9671a370a84d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

3c1b27083f9fe9eb9b4f9671a370a84d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 272KB

.rsrc Size: 17KB - Virtual size: 20KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

11aad6c1d3aba10a8acb41558acf5e91

Headers

File Characteristics

Imports

wininet

netapi32

winmm

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

setupapi

powrprof

rpcrt4

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 272KB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 292KB - Virtual size: 288KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 384B - Virtual size: 337B

.data
Size: 128B - Virtual size: 68B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 306B