a1a55be885faa367a0cc23178b7a3040

Sharing

Copy URL

Twitter E-mail

General

Target

a1a55be885faa367a0cc23178b7a3040
Size

2.1MB
MD5

a1a55be885faa367a0cc23178b7a3040
SHA1

fd954c4d9c64f09e4c572d7319263f3258671e78
SHA256

e6ff0b90662e2720c18345c30722ee6128c27dcc85acee4d8ee9c785b9bc44ff
SHA512

feafdc495d7bcee358c4755df520a3765d35eda860ffca4ab3853e19de982af99a2245e0a5b30462e174719f048943a79fab3204376845694b44a9b27cd2ba3f
SSDEEP

49152:ii8YFTyJbBt5V72djag5TRFYgtz/xUYgvZbk0uVoIE9fjk:Ol572dRJRFjp/+YgvG0uVoD97k

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RkSrv.exe
unpack001/hrk.dll
unpack001/irk.dll
unpack001/jpg.dll
unpack001/键盘屏幕全能记录2010.exe

Files

a1a55be885faa367a0cc23178b7a3040
.rar
Images/360Rksrv.jpg
.jpg
Images/360Start.jpg
.jpg
Images/360Winco.jpg
.jpg
Images/DataDir.jpg
.jpg
Images/MailContent.jpg
.jpg
Images/MailDir.jpg
.jpg
Images/MailSet.jpg
.jpg
Images/Main.jpg
.jpg
Images/PicContent.jpg
.jpg
Images/PicDir.jpg
.jpg
Images/QQInput.jpg
.jpg
Images/TextContent.jpg
.jpg
Images/新云软件.url
.url
RkSrv.exe
.exe windows:5 windows x86 arch:x86

0d05f0dfe1aa9eab0d33a0122092c65a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\KeyBoardRecord\Release\RkSrv.pdb

Imports

kernel32

QueryPerformanceCounter
CompareStringW
GetEnvironmentStringsW
CreateFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
IsValidCodePage
GetStdHandle
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
ExitProcess
CreateThread
ExitThread
HeapSize
HeapQueryInformation
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
HeapFree
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
lstrcpyA
GetACP
FindResourceA
FreeResource
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
GetUserDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
GlobalFlags
GlobalAddAtomA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
CreateFileA
lstrcmpiA
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
FreeLibrary
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetModuleHandleW
CompareStringA
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
FindResourceW
LockResource
SizeofResource
LoadResource
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
lstrlenA
GetLastError
WriteConsoleW
CloseHandle
GetProcessHeap

user32

GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
MapVirtualKeyA
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
IntersectRect
DestroyMenu
GetMenuItemInfoA
InflateRect
InvalidateRect
DeleteMenu
ShowOwnedPopups
SetCursor
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
SetRectEmpty
CreateDialogIndirectParamA
GetNextDlgTabItem
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
RegisterWindowMessageA
LoadIconW
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterClipboardFormatA
IsIconic
CopyImage
SetWindowPos
ShowWindow
MoveWindow
SetWindowLongA
IsWindow
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetUpdateRect
FrameRect
MessageBoxA
UnhookWindowsHookEx
GetMessageA
DispatchMessageA
LoadStringA
TranslateMessage
RegisterClassExA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfA
EndDialog
PostQuitMessage
DefWindowProcA
DestroyWindow
TranslateAcceleratorA
LoadImageA
GetNextDlgGroupItem
DrawIconEx
IsZoomed
SetWindowRgn
GetWindowRgn
DestroyCursor
DrawIcon
LoadAcceleratorsA
LoadIconA
LoadCursorA
KillTimer
SetTimer
EndPaint
BeginPaint
SendMessageA
DialogBoxParamA
CreateWindowExA
MapDialogRect
SubtractRect
GetDoubleClickTime
CharUpperBuffA
PostMessageA
CopyIcon
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
InsertMenuItemA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextA
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
WindowFromPoint
SetForegroundWindow
DestroyAcceleratorTable
PostThreadMessageA

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetTextExtentPoint32A
SetRectRgn
CombineRgn
PatBlt
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
DeleteObject
CreateDCA
DPtoLP
GetDeviceCaps
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
OpenProcessToken
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA

shell32

DragFinish
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileA
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoInitialize
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
SysAllocString
SysStringLen
SysFreeString

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

ws2_32

recv
closesocket
connect
htons
gethostbyname
WSACleanup
socket
WSAStartup
send

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hrk.dll
.dll windows:5 windows x86 arch:x86

aa74496db167796b479f918c1c7b2408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\KeyBoardRecord\Hook\Release\Hook.pdb

Imports

kernel32

CopyFileA
GlobalFree
lstrcmpW
LocalFree
ActivateActCtx
LoadLibraryA
LoadLibraryW
CompareStringA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
FindResourceA
FindClose
FindNextFileA
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalAlloc
GetModuleFileNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
ReleaseActCtx
GetModuleFileNameW
InterlockedDecrement
GetModuleHandleW
InterlockedIncrement
lstrcmpA
GlobalFlags
SetThreadPriority
ResumeThread
WaitForSingleObject
GetLocaleInfoA
GetUserDefaultUILanguage
GetCPInfo
GetOEMCP
GetACP
CreateFileA
GetFileAttributesExA
GetFileAttributesA
GetFileSizeEx
GetFileTime
lstrcmpiA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
GlobalSize
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetCurrentDirectoryA
lstrcpyA
GetNumberFormatA
GetTempFileNameA
GetTempPathA
GetTickCount
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
HeapQueryInformation
HeapSize
ExitThread
CreateThread
ExitProcess
SetStdHandle
GetFileType
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
GetStdHandle
HeapCreate
HeapDestroy
IsValidCodePage
GetStringTypeW
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeW
LCMapStringW
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
lstrlenW
MulDiv
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
SetEndOfFile
FormatMessageA
Sleep
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
GetLocalTime
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
RemoveDirectoryA
lstrlenA
WideCharToMultiByte
GetCurrentProcess
CloseHandle
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
MultiByteToWideChar
DeactivateActCtx
InterlockedExchange
GetProcessHeap

user32

IsDialogMessageA
MoveWindow
ValidateRect
GetCursorPos
PostQuitMessage
IntersectRect
CharUpperA
DestroyIcon
SetRectEmpty
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyA
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
GetNextDlgTabItem
OffsetRect
GetIconInfo
CopyImage
LoadImageA
GetNextDlgGroupItem
DrawIconEx
IsIconic
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
SetClassLongA
LoadMenuW
GetSystemMenu
DrawStateA
DrawEdge
DrawFrameControl
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
GetKeyNameTextA
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
GetMenuItemInfoA
CreateDialogIndirectParamA
PostThreadMessageA
WaitMessage
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
GetWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
CheckDlgButton
RealChildWindowFromPoint
UnhookWindowsHookEx
InflateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
EndPaint
GetWindowThreadProcessId
IsWindowEnabled
PostMessageA
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
GetClassNameA
GetWindowRect
GetDesktopWindow
GetForegroundWindow
SendMessageTimeoutA
RegisterWindowMessageA
EnumChildWindows
FindWindowExA
GetWindowTextA
GetActiveWindow
ShowWindow
KillTimer
SendMessageA
SetTimer
CallNextHookEx
TranslateMessage
SetMenu
EnableWindow
SetScrollRange
SetWindowTextA
SystemParametersInfoA
DestroyMenu
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
DispatchMessageA
GetMessageA
SetWindowsHookExA
EndDialog
GetClientRect

gdi32

GetLayout
MoveToEx
LineTo
SetTextAlign
SetLayout
CreateCompatibleDC
IntersectClipRect
SelectObject
GetObjectA
GetDeviceCaps
DeleteObject
CreateDIBSection
BitBlt
ExcludeClipRect
GetClipBox
SetMapMode
GetTextFaceA
SelectClipRgn
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
DeleteDC
CopyMetaFileA
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateDIBitmap
CreateCompatibleBitmap
DPtoLP
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
CreateRectRgn
GetViewportExtEx
CreateDCA

advapi32

RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

shell32

SHAppBarMessage
SHBrowseForFolderA
DragQueryFileA
DragFinish
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
SHGetFolderPathA

ole32

OleGetClipboard
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoLockObjectExternal
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysFreeString
VarBstrCmp
SysStringLen
VariantChangeType
VarBstrFromDate

imm32

ImmGetOpenStatus
ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

shlwapi

PathFindExtensionW
PathFileExistsA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathRemoveFileSpecW
PathFindExtensionA

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

gdiplus

GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc

oleacc

LresultFromObject
ObjectFromLresult
CreateStdAccessibleObject
AccessibleObjectFromWindow

wininet

InternetReadFile
InternetCanonicalizeUrlA
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCrackUrlA

winmm

PlaySoundA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

GetFileTitleA

Exports

Exports

EndRecordKey
StartRecordKey

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rkshare
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
irk.dll
.dll windows:5 windows x86 arch:x86

6c5a2d2ecf95d9f5d811cadaa0407717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\KeyBoardRecord\Dll\Release\Dll.pdb

Imports

kernel32

CreateThread
IsProcessorFeaturePresent
HeapSize
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW

winco

ord1
ord2

Exports

Exports

EndRecordKey
StartRecordKey

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jpg.dll
.exe windows:5 windows x86 arch:x86

23758c2bb4d1492ee77577b9c9c84374

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\KeyBoardRecord\Release\iexplorer.pdb

Imports

kernel32

GetConsoleMode
CreateFileW
SetEnvironmentVariableA
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
LCMapStringW
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
ExitProcess
CreateThread
CloseHandle
ExitThread
HeapSize
HeapQueryInformation
HeapReAlloc
EncodePointer
DecodePointer
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetConsoleCP
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FindResourceExW
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
lstrcpyA
GetACP
FindResourceA
FreeResource
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
GetUserDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
CompareStringW
GetStringTypeW
HeapFree
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
GlobalFlags
GlobalAddAtomA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
CreateFileA
lstrcmpiA
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
FreeLibrary
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetModuleHandleW
CompareStringA
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
lstrlenA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
FindResourceW
LockResource
SizeofResource
LoadResource
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetLastError
WriteConsoleW

user32

TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
PostThreadMessageA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
InsertMenuItemA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextA
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
LoadMenuW
SetClassLongA
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageA
CopyImage
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
MapVirtualKeyA
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
IntersectRect
DestroyMenu
InflateRect
KillTimer
SetTimer
InvalidateRect
DeleteMenu
ShowOwnedPopups
SetCursor
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
SetRectEmpty
CreateDialogIndirectParamA
GetNextDlgTabItem
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CreateMenu
RegisterWindowMessageA
LoadIconW
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
ShowWindow
MoveWindow
SetWindowLongA
IsWindow
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
FillRect
RegisterClipboardFormatA
SetWindowTextA
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EndDialog
PostQuitMessage
DefWindowProcA
DestroyWindow
TranslateAcceleratorA
LoadAcceleratorsA
LoadIconA
LoadCursorA
EndPaint
BeginPaint
SendMessageA
DialogBoxParamA
CreateWindowExA
RegisterClassExA
TranslateMessage
LoadStringA
DispatchMessageA
GetMessageA
GetMenuItemInfoA

gdi32

GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetTextExtentPoint32A
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
CreateRectRgnIndirect
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
SetViewportOrgEx
SelectObject
Escape
CreateFontIndirectA
CreateCompatibleBitmap
ExtTextOutA
CreateDIBitmap
CreateHatchBrush
OffsetViewportOrgEx
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
GetRgnBox
GetDeviceCaps
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
DeleteObject
CreateDCA
CopyMetaFileA
SetViewportExtEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
OpenProcessToken
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA

shell32

DragFinish
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileA
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantChangeType
VariantClear
SysStringLen

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
主界面.jpg
.jpg
使用帮助.html
键盘屏幕全能记录2010.exe
.exe windows:5 windows x86 arch:x86

912dafb1fa15b9616a20e83ac1265e3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\KeyBoardRecord\Release\UI.pdb

Imports

kernel32

QueryPerformanceCounter
CompareStringW
GetEnvironmentStringsW
CreateFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoW
GetTimeZoneInformation
IsValidCodePage
GetStdHandle
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetTickCount
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetACP
lstrcpyA
DeleteFileA
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomA
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindResourceA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
InterlockedExchange
lstrcmpA
GetModuleHandleW
FreeLibrary
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
SetLastError
MultiByteToWideChar
lstrlenA
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileA
GetWindowsDirectoryA
GetSystemDirectoryA
CopyFileA
CreateDirectoryA
GetCurrentDirectoryA
GetLastError
GetCurrentProcess
CloseHandle
GetProcAddress
GetModuleHandleA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
WriteConsoleW
FindResourceW
GetProcessHeap

user32

IsZoomed
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
GetSystemMenu
LoadMenuW
InflateRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
LoadCursorA
GetSysColorBrush
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetDoubleClickTime
IsDlgButtonChecked
CharUpperA
SendDlgItemMessageA
CheckDlgButton
GetClassNameA
InvalidateRect
UpdateWindow
DrawStateA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
GetFocus
GetWindowRect
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetUpdateRect
IsClipboardFormatAvailable
GetWindowThreadProcessId
GetLastActivePopup
LoadIconW
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
DestroyMenu
IsMenu
CreatePopupMenu
GetMenuItemInfoA
SetMenuDefaultItem
GetMenuDefaultItem
GetWindowRgn
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EnableWindow
wsprintfA
MessageBoxA
DrawIcon
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetKeyNameTextA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
DestroyIcon
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
IsDialogMessageA
UnregisterClassA
LoadImageW

gdi32

GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
GetTextExtentPoint32A
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetMapMode
SetTextColor
GetDeviceCaps

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumValueA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA
DragFinish
SHGetFileInfoA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathRemoveFileSpecW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
CoInitializeEx
RegisterDragDrop
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoRevokeClassObject
CoTaskMemFree
RevokeDragDrop
CoCreateInstance
CoLockObjectExternal
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysFreeString
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

ws2_32

recv
closesocket
connect
htons
gethostbyname
WSACleanup
socket
WSAStartup
send

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d05f0dfe1aa9eab0d33a0122092c65a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 23KB - Virtual size: 54KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 163KB - Virtual size: 163KB

aa74496db167796b479f918c1c7b2408

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

shlwapi

msimg32

comctl32

gdiplus

oleacc

wininet

winmm

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 23KB - Virtual size: 53KB

rkshare Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 167KB - Virtual size: 166KB

6c5a2d2ecf95d9f5d811cadaa0407717

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winco

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 23KB - Virtual size: 54KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 163KB - Virtual size: 163KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 23KB - Virtual size: 53KB

rkshare
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 167KB - Virtual size: 166KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 22KB - Virtual size: 50KB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 160KB - Virtual size: 160KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 281KB - Virtual size: 280KB

.data
Size: 26KB - Virtual size: 57KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 168KB - Virtual size: 167KB