Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Static task
static1
2 signatures
General
-
Target
数据软件y.zip
-
Size
2.4MB
-
MD5
688556eb9ffba755b82d1bc54b4036f5
-
SHA1
ca99836cf0c0b4e4ba48821fc0d525d17a6f49ab
-
SHA256
26bf49ec0080cb7ee808ce88b11133486aca9f7e70aff0e7e83daad6c2fb860c
-
SHA512
ab1bd2f25a6ce5e7afd5f5a5baf50af25795e63e9a6e7fcac5f55b8381df42b5e55909c3cf39ac40e4e521247355ecb53decadfb2a0f9513acf5990c7e9d7ae7
-
SSDEEP
49152:DsXB9I3WMsO4eHho3qkTHw7BDpJIxr/OpU5GW+r+ebND1MwXPIOi:Dt1d2qkTHeEr/OpU5R+Cep19XwV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/打开这个文件夹最后面的图标双击即可打开软件/Uninst.exe unpack002/$PLUGINSDIR/System.dll unpack002/$PLUGINSDIR/nsDialogs.dll -
NSIS installer 2 IoCs
resource yara_rule static1/unpack001/打开这个文件夹最后面的图标双击即可打开软件/Uninst.exe nsis_installer_1 static1/unpack001/打开这个文件夹最后面的图标双击即可打开软件/Uninst.exe nsis_installer_2
Files
-
数据软件y.zip.zip
-
打开这个文件夹最后面的图标双击即可打开软件/Base.dat
-
打开这个文件夹最后面的图标双击即可打开软件/Recovery.dat
-
打开这个文件夹最后面的图标双击即可打开软件/Reged.dat
-
打开这个文件夹最后面的图标双击即可打开软件/Uninst.exe.exe windows:4 windows x86 arch:x86
57e98d9a5a72c8d7ad8fb7a6a58b3daf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
user32
ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
advapi32
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 112KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 851B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 606B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-header.bmp
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:4 windows x86 arch:x86
ddbd50fe6279559edf7d1f1d89b42c2c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc
user32
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA
gdi32
SetTextColor
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
comdlg32
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
打开这个文件夹最后面的图标双击即可打开软件/YongZanHuiFu.exe.exe windows:5 windows x64 arch:x64
39483a8b5db3641c51847ebba713156b
Code Sign
05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2013, 12:00Not After15/01/2038, 12:00SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:ff:6a:84:fe:47:49:56:d7:ea:e9:37:d9:81:3b:7fCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before21/06/2022, 00:00Not After13/11/2023, 23:59SubjectSERIALNUMBER=91420100MA4KN92W72,CN=Wuhan Yousun Technology Co.\, Ltd.,O=Wuhan Yousun Technology Co.\, Ltd.,L=武汉市,ST=湖北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c1ee6ada6e6b189e4b89ce6b996e696b0e68a80e69cafe5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b996e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7f:22:b4:f4:30:a9:3e:0e:5f:69:59:d2:2a:f5:e3:ed:01:8a:5e:33:0e:aa:7a:31:6e:1e:49:e5:af:06:36:e4Signer
Actual PE Digest7f:22:b4:f4:30:a9:3e:0e:5f:69:59:d2:2a:f5:e3:ed:01:8a:5e:33:0e:aa:7a:31:6e:1e:49:e5:af:06:36:e4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Caokai\DataRecovery\6505YongZan\Output\x64ReleaseExe\UDataRecovery.pdb
Imports
kernel32
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetFileInformationByHandle
PeekNamedPipe
LCMapStringW
GetConsoleCP
IsDebuggerPresent
GetProcessHeap
WriteConsoleW
GetFullPathNameA
SetEnvironmentVariableA
HeapCreate
GetVersion
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
CreateFileA
GetFileAttributesA
GetModuleHandleExA
UnhandledExceptionFilter
TerminateProcess
GetConsoleMode
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
ExitThread
HeapReAlloc
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
ExitProcess
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
HeapAlloc
GetSystemTimeAsFileTime
FindFirstFileExW
DecodePointer
EncodePointer
HeapFree
GetStartupInfoW
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetProfileIntW
SearchPathW
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
SetErrorMode
GlobalFlags
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
LocalAlloc
FindNextFileW
WritePrivateProfileStringW
lstrcmpA
GetCurrentThread
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
lstrcmpiW
SuspendThread
ResumeThread
SetThreadPriority
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetThreadLocale
ReleaseActCtx
CreateActCtxW
CopyFileW
GlobalSize
FormatMessageW
LocalFree
MulDiv
GetPrivateProfileIntW
ActivateActCtx
DeactivateActCtx
SetLastError
GetPrivateProfileStringW
SetFileTime
GetSystemDirectoryW
GetVolumeInformationW
GetDriveTypeW
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
DeleteFileW
GetModuleHandleW
GetVersionExW
TerminateThread
CreateThread
SetEvent
SetUnhandledExceptionFilter
FlushFileBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetOverlappedResult
WaitForSingleObject
ReadFile
CreateEventW
CreateDirectoryW
GetTickCount
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
Sleep
CreateMutexW
GetUserDefaultUILanguage
CloseHandle
FreeResource
WriteFile
CreateFileW
FindClose
FindFirstFileW
IsBadWritePtr
GetProcAddress
LoadLibraryW
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetDiskFreeSpaceW
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileSize
GetDiskFreeSpaceExW
DeviceIoControl
GetLastError
GetTimeZoneInformation
SetFilePointer
DeleteFileA
user32
MessageBeep
RedrawWindow
EndPaint
BeginPaint
GetWindowDC
CharUpperW
GetWindowThreadProcessId
GetMessageW
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapVirtualKeyW
GetKeyNameTextW
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
MapDialogRect
GetDlgItem
GetDlgCtrlID
GetWindow
CharNextW
DestroyAcceleratorTable
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
DrawStateW
InflateRect
GetFocus
GetCapture
GetClassNameW
IsZoomed
GetNextDlgGroupItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SystemParametersInfoW
LoadImageW
DrawIconEx
CopyRect
SetWindowLongW
GetWindowLongW
SetWindowRgn
SetRectEmpty
UpdateWindow
OffsetRect
GetMessagePos
DestroyIcon
DrawIcon
GetSystemMetrics
IsIconic
SetParent
RegisterDeviceNotificationW
GetSystemMenu
DestroyCursor
LoadAcceleratorsW
EnableWindow
SendMessageW
SetForegroundWindow
CreatePopupMenu
AppendMenuW
SetMenuItemBitmaps
LoadBitmapW
GetCursorPos
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
FillRect
LoadIconW
SetTimer
KillTimer
ScreenToClient
SetWindowContextHelpId
ShowOwnedPopups
GetMenuItemInfoW
DestroyMenu
IntersectRect
LoadMenuW
WindowFromPoint
GetSysColorBrush
UnregisterClassW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
RealChildWindowFromPoint
WaitMessage
ReleaseCapture
SetCapture
SetCursor
PtInRect
LoadCursorW
GetKeyState
IsWindowVisible
InvalidateRect
SetRect
wsprintfW
GetWindowPlacement
IsWindow
DeleteMenu
EnumDisplayMonitors
SetLayeredWindowAttributes
PostThreadMessageW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetMenu
GetAsyncKeyState
CreateWindowExW
SetWindowLongPtrW
GetClientRect
GetWindowLongPtrW
DefWindowProcW
GetParent
PostMessageW
ClientToScreen
GetSysColor
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
ShowWindow
GetDoubleClickTime
CreateMenu
SubtractRect
CopyIcon
CharUpperBuffW
GetUpdateRect
FrameRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
IsClipboardFormatAvailable
MapVirtualKeyExW
IsCharLowerW
SetMenuDefaultItem
UpdateLayeredWindow
UnionRect
SetCursorPos
DrawFrameControl
DrawEdge
GetIconInfo
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetMenuDefaultItem
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
IsMenu
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
SetClassLongPtrW
NotifyWinEvent
UnhookWindowsHookEx
CreateAcceleratorTableW
GetWindowRgn
gdi32
Escape
GetTextMetricsW
ExtCreatePen
GetTextColor
CopyMetaFileW
CreateDCW
GetBkColor
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
ExtTextOutW
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetRgnBox
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
CreateRoundRectRgn
RealizePalette
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetWindowOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
RectVisible
TextOutW
PtVisible
ExtCreateRegion
GetDIBits
CreateICW
StretchBlt
CreateFontIndirectW
CreateRectRgnIndirect
EnumFontFamiliesExW
GetDeviceCaps
SetPixel
CreateCompatibleBitmap
CreateFontW
GetTextExtentPoint32W
CreatePen
CreateDIBSection
SetDIBColorTable
DeleteDC
CreateDIBitmap
BitBlt
GetObjectW
CreateCompatibleDC
PatBlt
GetClipBox
DeleteObject
Rectangle
SelectObject
CreateSolidBrush
SetDIBitsToDevice
SetWinMetaFileBits
SetEnhMetaFileBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetStockObject
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetFileTitleW
winspool.drv
OpenPrinterW
DocumentPropertiesW
ClosePrinter
advapi32
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
shell32
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ord727
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteW
DragFinish
SHGetMalloc
SHGetSpecialFolderLocation
comctl32
InitCommonControlsEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
shlwapi
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathFileExistsW
PathRemoveFileSpecW
ole32
CoUninitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoFreeUnusedLibraries
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
CoRevokeClassObject
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
CoFileTimeNow
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
oleaut32
VariantInit
SysAllocStringLen
OleCreateFontIndirect
VariantChangeType
VariantClear
SysFreeString
SafeArrayDestroy
VarBstrFromDate
SysAllocString
SysStringLen
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
oledlg
OleUIBusyW
gdiplus
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageI
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDisposeImage
ws2_32
htonl
ntohs
WSACleanup
closesocket
WSAGetLastError
recv
send
connect
socket
WSAStartup
inet_addr
htons
oleacc
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
wininet
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundW
Exports
Exports
CreatePlayerKernelPlugin
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 86KB - Virtual size: 207KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 169KB - Virtual size: 169KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
data Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 475KB - Virtual size: 474KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
打开这个文件夹最后面的图标双击即可打开软件/赠白嫖党的一段话.txt