c4239527e497ef86b8e6699264166e4a

Sharing

Copy URL Twitter E-mail

General

Target

c4239527e497ef86b8e6699264166e4a
Size

1.6MB
MD5

c4239527e497ef86b8e6699264166e4a
SHA1

fd178ef78ac6cc7e6a1933060ce17a7f553cd4ee
SHA256

0d4091af0eecf851c38c42b6d10f565d845af99dc35a402c3878c58f75a28590
SHA512

68082a28a5531e611f8482f6d9e1c062b986e307cc4e84d48f62d3fe2d7aefaa895b423f6bb5cf37896f6c17d838da75f3faaacdbf0f0c37633a9ad6806c96dd
SSDEEP

24576:wDGdo3XCUEpg0g3yjBvj3MiyQoZHrn7UCc+qosnHR3R2q7CmbPcwOPQpW5vPpO3R:Jdo1E4ytr3tyzdMGzstkMPcwdW5pER

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cyd-v2.2b0113.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/services.dll
unpack002/CyMon.dll
unpack002/CyU.exe
unpack002/Cyd.exe
unpack002/URLChecker.dll
unpack002/uninst.exe
unpack003/$PLUGINSDIR/KillProcDLL.dll
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/services.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/Cyd-v2.2b0113.exe	nsis_installer_1
static1/unpack001/Cyd-v2.2b0113.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

c4239527e497ef86b8e6699264166e4a
.rar
Cyd-v2.2b0113.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/services.dll
.dll windows:4 windows x86 arch:x86

caddd9e268e5bc2a8b67248bc1f72836

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
WideCharToMultiByte
FormatMessageA
LocalFree
HeapAlloc
MultiByteToWideChar
GetProcessHeap
GetCurrentThread
HeapReAlloc
HeapFree
GlobalAlloc
GetLastError
GetCurrentProcess
lstrcpyA

advapi32

LsaRemoveAccountRights
LsaAddAccountRights
OpenProcessToken
OpenThreadToken
ControlService
DeleteService
StartServiceA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
LsaEnumerateAccountRights
EnumServicesStatusA
LsaNtStatusToWinError
LsaClose
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
LsaFreeMemory
LsaOpenPolicy
LookupAccountNameW

msvcrt

malloc
wcslen
memset
free
strstr
_except_handler3
_strlwr
_stricmp
_itoa

Exports

Exports

GetServiceNameFromDisplayName
GrantLogonAsAService
HasLogonAsAService
IsProcessUserAdministrator
IsServiceInstalled
IsServiceRunning
RemoveLogonAsAService
SendServiceCommand

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chinese.ini
CyMon.dll
.dll windows:4 windows x86 arch:x86

0f7d64e9397362c79e4e144d3c3b2719

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord858
ord4124
ord2755
ord6919
ord537
ord665
ord1971
ord5438
ord3313
ord5180
ord354
ord826
ord600
ord4272
ord6466
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord5679
ord6655
ord6921
ord4197
ord1179
ord1570
ord1165
ord1568
ord1173
ord1115
ord2756
ord538
ord6920
ord2910
ord535
ord942
ord2810
ord800
ord540
ord823
ord2717
ord3948
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord269
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord1571
ord4269

msvcrt

fopen
realloc
strcpy
strncat
_strnicmp
_strupr
__p___argc
_vsnprintf
memcpy
strcmp
__CxxFrameHandler
malloc
free
wcsrchr
strstr
sprintf
fwrite
fread
fclose
strcat
_stat
wcsncat
sscanf
memcmp
strtok
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strncpy
wcsstr
_wcsicmp
memset
wcslen
wcsncpy
_except_handler3
strlen
wcscpy
wcscat
_stricmp

kernel32

GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
VirtualProtect
ReleaseSemaphore
Sleep
WaitForSingleObject
WriteProcessMemory
OutputDebugStringA
GetVersion
SetLastError
GetCurrentDirectoryA
CreateThread
CreateSemaphoreA
OpenSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameW
ReadFile
GetFileSize
CreateFileA
UnmapViewOfFile
OpenSemaphoreW
MapViewOfFile
OpenFileMappingW
GetPrivateProfileIntW
ExpandEnvironmentStringsA
GetVolumeInformationA
GetLogicalDrives
GetLogicalDriveStringsA
GetModuleHandleA
ExpandEnvironmentStringsW
GetCurrentDirectoryW
CreateFileW
SetEvent
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
EnterCriticalSection
OpenProcess
LoadLibraryW

user32

wsprintfW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
wsprintfA
BroadcastSystemMessage

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

wininet

InternetCloseHandle

ws2_32

recv
send
connect
inet_addr
socket
htons
closesocket

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext

shlwapi

StrStrIW
PathFileExistsW

Exports

Exports

InitializeShareMEMName
StartHook
StartMon
StopHook
StopMon
UpdateAllLib

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CySvc.exe
.exe windows:4 windows x86 arch:x86

d67c5fd954e5f77024c91e6bf23b5c6f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:fb:c2:fa:fd:4d:b3:60:fd:52:ce:64:fe:f4:57:72
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/10/2008, 08:01

Not After

20/10/2010, 08:01

Subject

CN=ShenZhen DaChengTianXia Information Technology Co.\, Ltd.,OU=Secure Application Development,O=ShenZhen DaChengTianXia Information Technology Co.\, Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetModuleHandleW
GetProcAddress
GetVersionExW
Sleep
GetCurrentProcess
GetLastError
SetEvent
GetSystemTime
CreateProcessA
CreateThread
WaitForSingleObject
CloseHandle
GetModuleFileNameW
GetPrivateProfileIntW
CreateEventW
GetCPInfo
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
SetFilePointer
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapReAlloc
TerminateProcess
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

CloseWindowStation
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
CloseDesktop

advapi32

DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
LockServiceDatabase
CreateServiceW
UnlockServiceDatabase
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegisterServiceCtrlHandlerW
SetServiceStatus
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
StartServiceCtrlDispatcherW

ws2_32

bind
closesocket
htons
WSAStartup
WSACleanup
socket
send
recv
accept
connect
listen
inet_addr

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CyU.exe
.exe windows:4 windows x86 arch:x86

9e54ec0e3fbe53bff2bd4d77e340e4c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\畅游精灵\cyjl\cyupdata\cyupdata\release\CyU.pdb

Imports

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
GlobalFlags
GetFileTime
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
TlsGetValue
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
InterlockedIncrement
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
FreeResource
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GlobalDeleteAtom
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
SetLastError
GetExitCodeThread
TerminateThread
OutputDebugStringW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetFullPathNameW
GetPrivateProfileStringW
GetFileAttributesW
ReadFile
GetFileSize
WinExec
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
RemoveDirectoryW
DeleteFileW
MoveFileExW
SetFileAttributesW
CreateDirectoryW
SetEvent
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetVersionExW
HeapFree
GetProcessHeap
HeapAlloc
DeviceIoControl
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
CloseHandle
WaitForSingleObject
CreateEventW
ReleaseMutex
GetLastError
GetEnvironmentStrings
CreateMutexW

user32

RegisterClipboardFormatW
PostThreadMessageW
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
DestroyMenu
CopyRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DispatchMessageW
TranslateMessage
PeekMessageW
GetDesktopWindow
EnableWindow
GetClientRect
GetSystemMetrics
SendMessageW
IsIconic
PostMessageW
LoadIconW
UnregisterClassA

gdi32

DeleteDC
GetStockObject
GetWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
ExtSelectClipRgn
GetMapMode
GetViewportExtEx
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetRgnBox
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

StartServiceW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

iphlpapi

GetAdaptersInfo

ws2_32

recv
connect
gethostbyname
inet_addr
socket
__WSAFDIsSet
WSAGetLastError
select
WSACleanup
WSAStartup
htons
closesocket
send

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Cyd.exe
.exe windows:4 windows x86 arch:x86

84b7c28ced4e38b81c8b1a554233423e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2634
ord6193
ord2859
ord692
ord693
ord2444
ord6867
ord927
ord5949
ord6375
ord1143
ord1165
ord2350
ord6871
ord6211
ord4155
ord2858
ord1105
ord4282
ord755
ord470
ord1980
ord5201
ord1775
ord940
ord4272
ord2756
ord4294
ord2574
ord6051
ord1768
ord4396
ord5286
ord3365
ord3635
ord567
ord3991
ord798
ord6003
ord6898
ord3993
ord5461
ord5188
ord533
ord3296
ord6451
ord1989
ord2800
ord6388
ord3281
ord6920
ord6918
ord4219
ord3092
ord801
ord2755
ord6874
ord541
ord5929
ord3494
ord2507
ord355
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3397
ord3634
ord2910
ord5679
ord537
ord3798
ord2855
ord3172
ord4197
ord922
ord4270
ord3737
ord818
ord4215
ord2576
ord3649
ord2430
ord1637
ord1929
ord2579
ord4400
ord804
ord4262
ord6698
ord2746
ord613
ord6168
ord5871
ord5785
ord289
ord3566
ord2078
ord2854
ord640
ord1633
ord323
ord4768
ord1787
ord2567
ord4390
ord609
ord3701
ord5777
ord5778
ord5781
ord3792
ord4118
ord6777
ord3312
ord5790
ord283
ord4312
ord5784
ord1921
ord2706
ord4238
ord6238
ord1854
ord2606
ord5568
ord2914
ord2447
ord2558
ord6266
ord1941
ord5714
ord1761
ord6437
ord2108
ord2070
ord703
ord404
ord1908
ord6919
ord2862
ord4279
ord3716
ord795
ord941
ord1933
ord4266
ord5869
ord3291
ord4688
ord5142
ord4128
ord4292
ord6589
ord6791
ord6642
ord6583
ord6798
ord6848
ord6814
ord6846
ord6823
ord6850
ord6858
ord6838
ord6830
ord6837
ord6849
ord6807
ord6806
ord6803
ord6836
ord6847
ord6826
ord4583
ord4582
ord4893
ord4364
ord4886
ord6808
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5277
ord3743
ord1718
ord5256
ord6606
ord6683
ord4426
ord6510
ord860
ord6475
ord6691
ord6805
ord1594
ord668
ord1972
ord3176
ord3173
ord4053
ord2773
ord2762
ord356
ord6278
ord4199
ord4273
ord3579
ord711
ord803
ord5579
ord6330
ord2293
ord6868
ord1131
ord2613
ord925
ord3313
ord5438
ord1971
ord815
ord561
ord3733
ord4418
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord4704
ord4229
ord641
ord324
ord3875
ord3420
ord3049
ord3568
ord2371
ord389
ord538
ord3224
ord5198
ord1075
ord5804
ord5352
ord823
ord2810
ord6655
ord4124
ord6921
ord5706
ord2385
ord690
ord3871
ord535
ord858
ord540
ord861
ord942
ord354
ord5180
ord6381
ord665
ord800
ord1634
ord3087
ord6195
ord2294
ord2406
ord3621
ord3658
ord825
ord3614
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord1569

msvcrt

_controlfp
_onexit
_strnicmp
__CxxFrameHandler
fopen
exit
_wcsnicmp
_except_handler3
_CxxThrowException
_wcslwr
??0exception@@QAE@ABV0@@Z
strrchr
atoi
strstr
vswprintf
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
wcscpy
strcpy
memset
wcscmp
strlen
swprintf
wcstok
_wsplitpath
memcpy
wcscat
fclose
fread
fseek
_wfopen
rand
srand
time
__p___wargv
__p___argc
_wtoi
wcslen
localtime
strcat
wcsncpy
sprintf
isalnum
_wcsicmp
fwrite
strtok
_wstat
memcmp
wcstombs
setlocale
strtod
pow
_ftol
fabs
_setjmp3
abort
_iob
fprintf
longjmp
strncpy
strncmp
malloc
free
sscanf
mbstowcs

kernel32

SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSize
CreateFileW
GetTempFileNameW
GetTempPathW
GetFileAttributesW
GetFullPathNameW
GetTickCount
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
TerminateThread
SetLastError
DeviceIoControl
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
CreateDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
LoadLibraryW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
CloseHandle
ReleaseMutex
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEvent
GetLastError
CreateEventW
CreateMutexW
CreateProcessW
GetModuleFileNameW
lstrlenW
lstrlenA
WaitForSingleObject
Sleep
GetModuleFileNameA
DeleteFileW
WinExec
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringW
GetSystemTime
FreeLibrary
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
UnmapViewOfFile
LocalFree

user32

SetWindowLongW
OffsetRect
GetWindowLongW
GetMenuStringW
GetMenuItemCount
CallNextHookEx
UnhookWindowsHookEx
PtInRect
InflateRect
GetDC
CallWindowProcW
SetWindowRgn
IsZoomed
GetWindow
GetClassNameW
DrawIconEx
DrawEdge
DispatchMessageW
TranslateMessage
PeekMessageW
FillRect
FrameRect
GetSysColor
CopyRect
SetWindowsHookExW
LoadMenuW
GetSubMenu
ModifyMenuW
GetMenuItemID
GetMenuState
GetCursorPos
TrackPopupMenuEx
GetDesktopWindow
LoadBitmapW
RedrawWindow
MessageBoxW
SystemParametersInfoW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
KillTimer
UnregisterHotKey
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
RegisterWindowMessageW
GetSystemMenu
AppendMenuW
SetTimer
RegisterHotKey
LoadIconW
PostMessageW
GetParent
GetWindowRect
SetForegroundWindow
SendMessageW
LoadCursorW
ScreenToClient
SetCursor
DrawTextW
ReleaseDC
MessageBoxA
EnableWindow

gdi32

CreateRectRgn
CombineRgn
SetBkMode
TextOutW
GetTextExtentPoint32W
FillRgn
CreateDIBSection
CreateRoundRectRgn
FrameRgn
CreateCompatibleBitmap
CreateBitmap
BitBlt
SetStretchBltMode
SetBrushOrgEx
SetBkColor
SetTextColor
DeleteDC
CreateCompatibleDC
StretchBlt
SelectObject
DeleteObject
GetObjectW
CreateSolidBrush
CreateFontW
CreatePolygonRgn

advapi32

ChangeServiceConfigA
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerW
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegCloseKey
StartServiceW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW

comctl32

ImageList_GetImageInfo
_TrackMouseEvent

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SafeArrayDestroy

urlmon

IsValidURL

msvcp60

?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathRemoveFileSpecA

wininet

InternetCrackUrlW

ws2_32

connect
socket
inet_addr
htons
WSAStartup
recv
__WSAFDIsSet
WSAGetLastError
select
send
ioctlsocket
gethostbyname
closesocket
WSACleanup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SScanner.dll
.dll windows:4 windows x86 arch:x86

ca27ade99a17f8f59d92765d553f1911

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:1d:93:1d:41:92:a0:ab:36:4c:3d:a6:96:46:0c:c5
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

23/10/2011, 23:59

Subject

CN=深圳市大成天下信息技术有限公司,O=深圳市大成天下信息技术有限公司,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:80:f6:30:50:78:66:cf:46:e2:42:e1:9e:bd:f4:34:2f:d0:f9:0c
Signer

Actual PE Digest

45:80:f6:30:50:78:66:cf:46:e2:42:e1:9e:bd:f4:34:2f:d0:f9:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

mfc42

ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord800
ord941
ord538
ord4079
ord6928
ord860
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1168
ord1182
ord1575
ord1176
ord1116
ord540
ord1577

msvcrt

malloc
sprintf
strpbrk
strtol
strtok
_ftol
strchr
tolower
exit
printf
_except_handler3
_strnicmp
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_isctype
_purecall
toupper
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
isspace
??0exception@@QAE@ABV0@@Z
strncpy
memchr
memmove
calloc
free
_strdup
_strlwr
atoi
strncmp
__CxxFrameHandler
_mbsstr
strstr

kernel32

InterlockedIncrement
CreateThread
OutputDebugStringA
Sleep
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
VirtualProtect
VirtualAlloc
VirtualFree
GetVersionExA
GetSystemInfo
VirtualQuery
LocalFree
LocalAlloc
CloseHandle
VirtualProtect
ExitProcess

msvcp60

??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??_7bad_alloc@std@@6B@
wctype
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
??_7logic_error@std@@6B@
??0logic_error@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

Exports

Exports

SS_SDK_Close
SS_SDK_Init
SS_SDK_Scan
SS_SDK_SetConfig

Sections

.text
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SuCop0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SuCop1
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SuCop2
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
URLChecker.dll
.dll windows:4 windows x86 arch:x86

fe58cccc9cb0a8fb1ce28b8a3844035f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1980
ord860
ord3181
ord4058
ord2781
ord2770
ord356
ord924
ord6663
ord537
ord6930
ord1158
ord2915
ord538
ord2512
ord2554
ord4486
ord6375
ord4274
ord668
ord858
ord941
ord354
ord5186
ord3318
ord823
ord5442
ord1979
ord665
ord3953
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord540
ord535
ord800
ord2818
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731

msvcrt

isdigit
strpbrk
sprintf
realloc
isspace
getenv
strchr
exit
vsprintf
memmove
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
atoi
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strncmp
_strlwr
strtok
_itoa
strncpy
strtol
putchar
strrchr
toupper
rename
sscanf
wcscpy
__CxxFrameHandler
_splitpath
strstr
free
memchr

kernel32

SetFileTime
FormatMessageA
SetConsoleCtrlHandler
Sleep
SetErrorMode
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetStdHandle
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
IsBadReadPtr
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
LocalAlloc
LocalFree
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
CloseHandle
DeviceIoControl
CreateFileW
IsDBCSLeadByte
GetCPInfo
GetVersionExA
GetLastError

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

user32

CharLowerA
OemToCharBuffA
OemToCharA
CharToOemA
ExitWindowsEx
CharUpperA
CharToOemBuffA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

CheckBlacklyURL
CheckWhiteURL
FreeURLLib
InitializeURLLib
UpDateLib

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
cy.news
cya.exe
.exe windows:4 windows x86 arch:x86

abc93eeb5be795ee30a709595ed3b5f3

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:fb:c2:fa:fd:4d:b3:60:fd:52:ce:64:fe:f4:57:72
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/10/2008, 08:01

Not After

20/10/2010, 08:01

Subject

CN=ShenZhen DaChengTianXia Information Technology Co.\, Ltd.,OU=Secure Application Development,O=ShenZhen DaChengTianXia Information Technology Co.\, Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3871
ord3087
ord823
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord3733
ord561
ord815
ord2613
ord1131
ord1143
ord1165
ord1196
ord1244
ord798
ord1989
ord2800
ord6388
ord3313
ord5188
ord533
ord5949
ord861
ord6193
ord6376
ord2444
ord1634
ord2406
ord6211
ord4155
ord2858
ord2371
ord755
ord470
ord3568
ord3621
ord3658
ord2293
ord2933
ord1775
ord1971
ord2385
ord6649
ord5438
ord3502
ord6872
ord1074
ord5198
ord3224
ord690
ord665
ord1197
ord5180
ord354
ord389
ord537
ord5679
ord3614
ord6051
ord1768
ord5286
ord567
ord4270
ord5871
ord2854
ord640
ord1633
ord323
ord4768
ord1787
ord2567
ord4390
ord858
ord3701
ord3566
ord5777
ord5778
ord5781
ord2855
ord3792
ord6871
ord2859
ord4118
ord5785
ord3312
ord5790
ord283
ord4312
ord5784
ord1921
ord6168
ord2706
ord4238
ord6238
ord1854
ord4215
ord2576
ord3649
ord2430
ord5568
ord2910
ord2447
ord1637
ord2558
ord6266
ord1941
ord2108
ord6375
ord2070
ord703
ord404
ord1908
ord3397
ord6868
ord4294
ord2862
ord4279
ord4282
ord3716
ord795
ord941
ord1929
ord2579
ord4400
ord804
ord4262
ord1933
ord4266
ord5869
ord3291
ord4688
ord5142
ord4128
ord4292
ord6195
ord538
ord4704
ord4229
ord641
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord535
ord942
ord2606
ord2810
ord940
ord800
ord825
ord609
ord540
ord1569

msvcrt

__wgetmainargs
_initterm
_XcptFilter
_strnicmp
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_wcmdln
__CxxFrameHandler
wcscmp
swprintf
_wsplitpath
free
strchr
malloc
strstr
wcslen
localtime
time
strncpy
_except_handler3
sprintf
longjmp
fprintf
_iob
abort
_setjmp3
fread
_ftol
_CIpow
strtod
exit
_exit

kernel32

GetStartupInfoW
lstrlenA
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
LoadLibraryW
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileStringW
ExitProcess
GetPrivateProfileIntW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
WritePrivateProfileStringW
CloseHandle
DeviceIoControl
CreateFileW
GetProcAddress
GetVersionExW
GetModuleHandleW

user32

SetCursor
ReleaseDC
GetDC
CallWindowProcW
SetWindowRgn
GetCursorPos
GetWindow
LoadBitmapW
GetClassNameW
LoadMenuW
DrawIconEx
KillTimer
DrawEdge
ScreenToClient
LoadCursorW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
ModifyMenuW
GetMenuState
GetMenuStringW
GetWindowLongW
SetWindowLongW
OffsetRect
PtInRect
InflateRect
FillRect
FrameRect
RedrawWindow
GetParent
InvalidateRect
GetSysColor
CopyRect
DrawTextW
SystemParametersInfoW
SetForegroundWindow
IsIconic
EnableWindow
LoadIconW
SetTimer
GetSystemMetrics
FindWindowW
GetWindowRect
SendMessageW
AppendMenuW
GetSystemMenu
GetClientRect
DrawIcon
IsZoomed

gdi32

CombineRgn
CreatePolygonRgn
CreateRectRgn
SetBkMode
CreateFontW
TextOutW
GetTextExtentPoint32W
FillRgn
CreateDIBSection
CreateRoundRectRgn
FrameRgn
CreateCompatibleBitmap
CreateBitmap
BitBlt
SetStretchBltMode
SetBrushOrgEx
SetBkColor
SetTextColor
DeleteDC
GetObjectW
CreateSolidBrush
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject

comctl32

_TrackMouseEvent

wsock32

WSAStartup
htons
ioctlsocket
socket
connect
WSACleanup
send
closesocket

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
phsite.lib
secnw.lib
site.lib
site2.lib
site3.lib
site4.lib
sitew.lib
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/services.dll
.dll windows:4 windows x86 arch:x86

caddd9e268e5bc2a8b67248bc1f72836

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
WideCharToMultiByte
FormatMessageA
LocalFree
HeapAlloc
MultiByteToWideChar
GetProcessHeap
GetCurrentThread
HeapReAlloc
HeapFree
GlobalAlloc
GetLastError
GetCurrentProcess
lstrcpyA

advapi32

LsaRemoveAccountRights
LsaAddAccountRights
OpenProcessToken
OpenThreadToken
ControlService
DeleteService
StartServiceA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
LsaEnumerateAccountRights
EnumServicesStatusA
LsaNtStatusToWinError
LsaClose
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
LsaFreeMemory
LsaOpenPolicy
LookupAccountNameW

msvcrt

malloc
wcslen
memset
free
strstr
_except_handler3
_strlwr
_stricmp
_itoa

Exports

Exports

GetServiceNameFromDisplayName
GrantLogonAsAService
HasLogonAsAService
IsProcessUserAdministrator
IsServiceInstalled
IsServiceRunning
RemoveLogonAsAService
SendServiceCommand

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.ini
˵.txt
Э.txt
Э2.txt
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 20KB - Virtual size: 20KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 512B - Virtual size: 408B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 18KB

.code
Size: 4KB - Virtual size: 2KB

.Share
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 4KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2c:fb:c2:fa:fd:4d:b3:60:fd:52:ce:64:fe:f4:57:72
Certificate

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 19KB

.sxdata
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 1008B