cad9fbed50cc9546f9c681ad9909e780

Sharing

Copy URL Twitter E-mail

General

Target

cad9fbed50cc9546f9c681ad9909e780
Size

1.6MB
MD5

cad9fbed50cc9546f9c681ad9909e780
SHA1

df59b5db0b4b75bfb6dda14445304158d1ff96d4
SHA256

2355901e12aa9702baa7010cd4ab25290792b4fe9200245f8489dcd3f830162f
SHA512

6662bf086a7e8db874154cbfaa9778cbfe5665b79a93e66477ef133f5c0874e157965c81da1869091f41b5e5bcb0a5b524e4e69277869ae7eb787ce1e4e00a27
SSDEEP

49152:juxpmS94yWZhwg8pqW8gHNuXJBw+EynDT1p:Kx9+ZitAFZBw+Eyn1p

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/U盘专杀助手/fix.exe	aspack_v212_v242

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/U盘专杀助手/COMCAT.DLL
unpack001/U盘专杀助手/GAPI32.DLL
unpack001/U盘专杀助手/MPDLL.dll
unpack001/U盘专杀助手/MSCMCCHS.DLL
unpack001/U盘专杀助手/MyTubrTray.ocx
unpack001/U盘专杀助手/TransInfo.dll
unpack001/U盘专杀助手/U盘专杀助手.exe
unpack001/U盘专杀助手/VB6STKIT.DLL
unpack001/U盘专杀助手/Vb6chs.dll
unpack001/U盘专杀助手/asycfilt.dll
unpack001/U盘专杀助手/bkDLControl.ocx
unpack001/U盘专杀助手/fix.exe
unpack001/U盘专杀助手/oleaut32.dll
unpack001/U盘专杀助手/olepro32.dll
unpack001/U盘专杀助手/updata.exe

Files

cad9fbed50cc9546f9c681ad9909e780
.rar
U盘专杀助手/COMCAT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/GAPI32.DLL
.dll windows:4 windows x86 arch:x86

624c84a04948cdb010eaf9695c0efffd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GlobalSize
GlobalFree
GlobalHandle
GlobalUnlock
GetACP
GetSystemDefaultLangID
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetCPInfo
EnterCriticalSection
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
CreateMutexA
CloseHandle
ReleaseMutex
ExitThread
WaitForSingleObject
GetProcAddress
FreeLibrary
LoadLibraryA
MultiByteToWideChar
lstrcatA
lstrcmpA
LockResource
LoadResource
FindResourceA
lstrcpyA
CreateThread
GlobalReAlloc
lstrlenA

user32

SystemParametersInfoA
SendMessageA
RegisterClipboardFormatA
GetWindowLongA
GetKeyboardLayout
DefWindowProcA
ClientToScreen
MessageBoxA
PeekMessageA
PostMessageA
ReleaseDC
GetDC
EnableMenuItem
CreatePopupMenu
LoadStringA
AppendMenuA
DestroyMenu

gdi32

GetObjectA
DeleteObject
GetStockObject
GetDeviceCaps
EnumFontFamiliesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

??0CHAROP@@QAE@XZ
??0CONV@@QAE@XZ
??0IME@@QAE@PAXP6GH0IIJQAUCOMPOSITIONtag@@0@ZK@Z
??0LANG@@QAE@GG@Z
??0LANG@@QAE@XZ
??0PUNCT@@QAE@XZ
??1CHAROP@@QAE@XZ
??1CONV@@QAE@XZ
??1IME@@QAE@XZ
??1LANG@@QAE@XZ
??1PUNCT@@QAE@XZ
??2CHAROP@@SGPAXI@Z
??2CONV@@SGPAXI@Z
??2IME@@SGPAXI@Z
??2LANG@@SGPAXI@Z
??2PUNCT@@SGPAXI@Z
??3CHAROP@@SGXPAX@Z
??3CONV@@SGXPAX@Z
??3IME@@SGXPAX@Z
??3LANG@@SGXPAX@Z
??3PUNCT@@SGXPAX@Z
?CbSzLen@CHAROP@@QAGKPBD@Z
?CchSzLen@CHAROP@@QAGKPBD@Z
?FAddPunct@PUNCT@@QAGHFPBD@Z
?FAlign@CHAROP@@QAGHPBD0@Z
?FAssociate@IME@@QAGHPAX@Z
?FCheck@LANG@@QAGHGPBD@Z
?FFlushComposition@IME@@QAGHH@Z
?FFree@IME@@QAGHXZ
?FGetActiveStatus@IME@@QAGHXZ
?FGetConversionStatus@IME@@QAGHPAK0@Z
?FGetLangInfo@LANG@@QAGHGPAX@Z
?FGetLangInfo@LANG@@QAGHPAULANGINFOtag@@@Z
?FGetOpenStatus@IME@@QAGHXZ
?FGetOpenStatusWindow@IME@@QAGHXZ
?FInitPunct@PUNCT@@QAGHFPBD@Z
?FLeadByte@CHAROP@@QAGHD@Z
?FLeadByte@CHAROP@@QAGHPBD@Z
?FMessage@IME@@QAGJIIJPAX@Z
?FPunct@PUNCT@@QAGHFPBD@Z
?FRegDecodeProc@CONV@@QAGHGP6GHPBDK@ZP6GK00PAKPADK2@Z0@Z
?FRegDecodeProc@CONV@@QAGHGPBDP6GK00PAKPADK1@Z0@Z
?FRegDecodeProcEx@CONV@@QAGHGPBDP6GH0K@ZP6GK00PAKPADK2@Z0@Z
?FRegEncodeProc@CONV@@QAGHGPAGP6GKPBDPAKPADK2@Z1@Z
?FRemoveDecodeProc@CONV@@QAGHP6GKPBD0PAKPADK1@Z@Z
?FRemoveEncodeProc@CONV@@QAGHP6GKPBDPAKPADK1@Z@Z
?FRemovePunct@PUNCT@@QAGHFPBD@Z
?FSetActiveStatus@IME@@QAGHH@Z
?FSetComposition@IME@@QAGHKPBXK0K@Z
?FSetConversionStatus@IME@@QAGHKK@Z
?FSetFont@IME@@QAGHPAUtagLOGFONTA@@@Z
?FSetFont@IME@@QAGHPAX@Z
?FSetLangInfo@LANG@@QAGHGPAX@Z
?FSetOpenStatus@IME@@QAGHH@Z
?FSetOpenStatusWindow@IME@@QAGHH@Z
?FSetWndProc@IME@@QAGHP6GHPAXIIJQAUCOMPOSITIONtag@@0@Z@Z
?FSetWordBreakProc@PUNCT@@QAGHP6GHXZ@Z
?FValidString@CHAROP@@QAGHPBD@Z
?FWordRegister@IME@@QAGHPBD0@Z
?GetLastError@CONV@@QAGKXZ
?IWordBreakProc@PUNCT@@QAGHPBDHHH@Z
?LpGetComposition@IME@@QAGPAUCOMPOSITIONtag@@XZ
?LpGetCriticalSection@IME@@QAGPAU_RTL_CRITICAL_SECTION@@XZ
?LpGetWndProc@IME@@QAGP6GHPAXIIJQAUCOMPOSITIONtag@@0@ZXZ
?LpGetWordBreakProc@PUNCT@@QAGP6GHXZXZ
?NCheckMessage@IME@@QAGHIIJ@Z
?NGetDecodeProcList@CONV@@QAGHPAUDEODEPROCLISTtag@@H@Z
?NGetDecodeProcNum@CONV@@QAGHXZ
?NGetEncodeProcList@CONV@@QAGHPAUENCODEPROCLISTtag@@H@Z
?NGetEncodeProcNum@CONV@@QAGHXZ
?ResetDecodingStatus@CONV@@QAGXXZ
?ResetEncodingStatus@CONV@@QAGXXZ
?SetCandidatePos@IME@@QAGXUtagPOINT@@PAUtagRECT@@1PAUtagSIZE@@@Z
?SzAlign@CHAROP@@QAGPADPBD0@Z
?SzCombine@CHAROP@@QAGPADPADG@Z
?SzCombine@CHAROP@@QAGPADPADPBD@Z
?SzConvToDBCS@CHAROP@@QAGPADPADPBD@Z
?SzConvToSBCS@CHAROP@@QAGPADPADPBD@Z
?SzCopy@CHAROP@@QAGPADPADG@Z
?SzCopy@CHAROP@@QAGPADPADPBD@Z
?SzDecode@CONV@@QAGPADPADKPBDPAK2@Z
?SzEncode@CONV@@QAGPADPADKPBDPAK2@Z
?SzFind@CHAROP@@QAGPADPBD0@Z
?SzFind@CHAROP@@QAGPADPBDG@Z
?SzFindBack@CHAROP@@QAGPADPBD00@Z
?SzFindBack@CHAROP@@QAGPADPBD0G@Z
?SzLower@CHAROP@@QAGPADPADPBD@Z
?SzNext@CHAROP@@QAGPADPBD@Z
?SzPrev@CHAROP@@QAGPADPBD0@Z
?SzUpper@CHAROP@@QAGPADPADPBD@Z
?UlCharType@CHAROP@@QAGKPBD@Z
?UlGetComposition@IME@@QAGKGPAXK@Z
?UlGetLang@LANG@@QAGKXZ
?UlGetMask@PUNCT@@QAGKH@Z
?UlGetMode@IME@@QAGKXZ
?UlSetLang@LANG@@QAGKGG@Z
?UlSetMask@PUNCT@@QAGKHK@Z
?UlSetMode@IME@@QAGKK@Z
?UsCharSize@CHAROP@@QAGGPBD@Z
?UsDecChar@CHAROP@@QAGGG@Z
?UsGetBreakOption@PUNCT@@QAGGXZ
?UsGetPunct@PUNCT@@QAGGFPADG@Z
?UsIncChar@CHAROP@@QAGGG@Z
?UsPunct@PUNCT@@QAGGPBD@Z
?UsSetBreakOption@PUNCT@@QAGGG@Z
CbGSzLen@4
CbVSzLen@8
CchGSzLen@4
CchVSzLen@8
EntryFunc@12
FDeinitIME@4
FEucCodeE@8
FEucCodeS@8
FFlushIMEComposition@8
FGAddPunct@8
FGAlign@8
FGCheckLang@8
FGGetDefFont@8
FGGetLangInfo@8
FGGetLangInfos@4
FGInitPunct@8
FGLeadByte@4
FGLeadBytep@4
FGPunct@8
FGRemovePunct@8
FGSetLangInfo@8
FGSetWordBreakProc@4
FGSyncSys@0
FGValidString@4
FGetActiveIMEStatus@4
FGetConversionStatus@12
FGetOpenIMEStatus@4
FGetOpenIMEStatusWindow@4
FIMEMessage@20
FIMEWordRegister@12
FInitIME@12
FRedefCommand@8
FRegisterHelpID@12
FSJISCode@8
FSetActiveIMEStatus@8
FSetConversionStatus@12
FSetIMEFont@8
FSetIMEFontH@8
FSetIMEWndProc@8
FSetOpenIMEStatus@8
FSetOpenIMEStatusWindow@8
FTerminatorCode@8
FVAddPunct@12
FVAlign@12
FVCheckLang@12
FVFreeCharObject@4
FVFreeConvObject@4
FVFreeLangObject@4
FVFreePunctObject@4
FVGetLangInfo@12
FVGetLangInfos@8
FVInitPunct@12
FVLeadByte@8
FVLeadBytep@8
FVPunct@12
FVRegDecodeProc@20
FVRegDecodeProcEx@20
FVRegEncodeProc@20
FVRemoveDecodeProc@8
FVRemoveEncodeProc@8
FVRemovePunct@12
FVSetLangInfo@12
FVSetWordBreakProc@8
FVValidString@8
FValidateLogfont@12
FreeAllIMEObject@0
HConvDlg@8
HConvDlgTemplate@4
HFreeDlg@4
HFreeDlgTemplate@4
IGetValidFontSize@8
IVWordBreakProc@20
IWordBreakProc@16
LpConvDlgTemplate@4
LpConvLockDlg@8
LpConvPropSheet@4
LpFreeDlg@4
LpFreeDlgTemplate@4
LpFreePropSheet@4
LpGetIMEComposition@4
LpGetIMECriticalSection@4
LpGetIMEWndProc@4
LpVCreateCharObject@0
LpVCreateConvObject@0
LpVCreateLangObject@0
LpVCreatePunctObject@0
LpVGetWordBreakProc@4
NCheckIMEMessage@16
NDetectCodeFromESC@4
NDetectCodeFromSz@4
NGetFontInfo@12
NGetIMEType@0
NVGetDecodeProcList@12
NVGetDecodeProcNum@4
NVGetEncodeProcList@12
NVGetEncodeProcNum@4
REDEFCALL_New@20
REDEFCALL_Release@4
RedefOnCommand@8
SetIMECandidatePos@24
SzGAlign@8
SzGCombine@8
SzGCombineCh@8
SzGConvToDBCS@8
SzGConvToSBCS@8
SzGCopy@8
SzGCopyCh@8
SzGFind@8
SzGFindBack@12
SzGFindBackCh@12
SzGFindCh@8
SzGLower@8
SzGNext@4
SzGPrev@8
SzGUpper@8
SzVAlign@12
SzVCombine@12
SzVCombineCh@12
SzVConvToDBCS@12
SzVConvToSBCS@12
SzVCopy@12
SzVCopyCh@12
SzVDecode@24
SzVEncode@24
SzVFind@12
SzVFindBack@16
SzVFindBackCh@16
SzVFindCh@12
SzVLower@12
SzVNext@8
SzVPrev@12
SzVUpper@12
UlDecodeEUC_JIS@24
UlDecodeGB2312_1980@24
UlDecodeISO8859_1@24
UlDecodeISO8859_7@24
UlDecodeJISX0201_1976@24
UlDecodeJISX0208_1978@24
UlDecodeJISX0208_1983@24
UlDecodeJISX0208_NEC@24
UlDecodeJISX0212_1990@24
UlDecodeKSC5601_1987@24
UlDecodeTerminator@24
UlEncodeEUC_JIS@20
UlEncodeGB2312_1980@20
UlEncodeISO8859_1@20
UlEncodeISO8859_7@20
UlEncodeJISX0201K_1976@20
UlEncodeJISX0201R_1976@20
UlEncodeJISX0201_1976@20
UlEncodeJISX0208S_1978@20
UlEncodeJISX0208S_1983@20
UlEncodeJISX0208S_NEC@20
UlEncodeJISX0208_1978@20
UlEncodeJISX0208_1983@20
UlEncodeJISX0208_NEC@20
UlEncodeJISX0212S_1990@20
UlEncodeJISX0212_1990@20
UlEncodeKSC5601_1987@20
UlEncodeTerminator@20
UlGCharType@4
UlGGetLang@0
UlGGetPunctMask@4
UlGSetLang@8
UlGSetPunctMask@8
UlGetIMEComposition@16
UlGetIMEMode@4
UlSetIMEMode@8
UlVCharType@8
UlVGetLang@4
UlVGetPunctMask@8
UlVSetLang@12
UlVSetPunctMask@12
UsGCharSize@4
UsGDecChar@4
UsGGetBreakOption@0
UsGGetPunct@12
UsGIncChar@4
UsGPunct@4
UsGSetBreakOption@4
UsVCharSize@8
UsVDecChar@8
UsVGetBreakOption@4
UsVGetPunct@16
UsVIncChar@8
UsVPunct@8
UsVSetBreakOption@8
VGetLastError@4
VResetDecodingStatus@4
VResetEncodingStatus@4

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MCI32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

13fa0cf96dc804ea3f3d2f71b1bcf4aa

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

winmm

mciGetErrorStringA
sndPlaySoundA
mciSendCommandA

kernel32

CompareStringW
GlobalSize
lstrcmpA
CompareStringA
LockResource
FindResourceA
LoadResource
InterlockedDecrement
GetLastError
HeapReAlloc
GetLocaleInfoA
InterlockedIncrement
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetWindowsDirectoryA
GetVersion
lstrcatA
lstrcpynA
GlobalAlloc
DisableThreadLibraryCalls
GlobalFree
lstrcpyA
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetFileAttributesA
lstrcmpiA
lstrlenA
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
GetTickCount
lstrlenW
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap

user32

ReleaseCapture
SetCursorPos
MapWindowPoints
ScreenToClient
GetClipboardFormatNameA
IsChild
InvalidateRect
UpdateWindow
GetActiveWindow
DialogBoxParamA
GetKeyState
CreateDialogIndirectParamA
SetTimer
EnableWindow
GetClientRect
IsWindowEnabled
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
EndDialog
GetWindowLongA
SetWindowPos
CreateWindowExA
SetWindowLongA
GetParent
CallWindowProcA
GetDlgCtrlID
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
PtInRect
SetWindowRgn
EndDeferWindowPos
EqualRect
ClientToScreen
DeferWindowPos
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
CharNextA
BeginDeferWindowPos
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
RegisterClipboardFormatA
MessageBoxA
wsprintfA
PostMessageA
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
GetCursorPos
IsWindow
ShowWindow
SetCursor
IsWindowVisible
LoadIconA
CopyRect
GetSysColor
DrawIcon
OffsetRect
GetFocus
InflateRect
DrawFocusRect
DefWindowProcA
SetFocus
SendMessageA
FillRect
LoadCursorA
RegisterClassA
KillTimer
LoadStringA
GetWindowRect
GetDC
IntersectRect

ole32

CreateOleAdviseHolder
RevokeDragDrop
CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
OleSaveToStream
OleLoadFromStream
DoDragDrop
CoCreateInstance
CoTaskMemAlloc

advapi32

RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantCopyInd
VariantCopy
VariantInit
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
VariantChangeType
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
GetErrorInfo
LoadRegTypeLi
OleLoadPicture
SysAllocStringLen
OleTranslateColor
OleCreatePictureIndirect
VariantClear
SysFreeString
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SetViewportOrgEx
SetMapMode
SetWindowExtEx
DeleteDC
StretchBlt
GetNearestColor
SetViewportExtEx
GetBitmapBits
CreateDIBitmap
CreatePalette
SelectPalette
RealizePalette
GetObjectA
GetPaletteEntries
CreateBitmap
GetDIBits
CopyMetaFileA
CreateDCA
CopyEnhMetaFileA
GetObjectType
DeleteObject
SetWindowOrgEx
GetStockObject
PatBlt
CreateSolidBrush
SelectObject
GetDeviceCaps
RoundRect
GetViewportExtEx
GetWindowExtEx
LPtoDP
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MPDLL.dll
.dll windows:4 windows x86 arch:x86

5008fea8a813bc3da36995f0957d0dd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInfoListDetailA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

kernel32

GetFileSize
GetFileAttributesA
GetFileTime
GetVersion
WritePrivateProfileStringA
GetCurrentDirectoryA
GetModuleHandleA
GlobalFindAtomA
lstrcatA
GlobalFlags
GlobalAddAtomA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
ExitProcess
TerminateProcess
GlobalGetAtomNameA
HeapSize
HeapReAlloc
GetEnvironmentVariableA
HeapCreate
VirtualFree
GetProcessVersion
LocalReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetDriveTypeA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
GetWindowsDirectoryA
CreateFileA
GetVersionExA
WideCharToMultiByte
CreateEventA
WaitForSingleObject
ResetEvent
CloseHandle
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
DeleteCriticalSection
GlobalUnlock
GlobalFree
LocalAlloc
TlsAlloc
InitializeCriticalSection
GlobalDeleteAtom
GlobalLock
GlobalAlloc
GetCurrentThreadId
lstrcmpA
GetCurrentThread
FileTimeToLocalFileTime
FindNextFileA
SetLastError
lstrcmpiA
FileTimeToSystemTime
GetFullPathNameA
FindFirstFileA
lstrcpynA
GetVolumeInformationA
FindClose
lstrcpyA
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
DuplicateHandle
WriteFile
ReadFile
InterlockedDecrement
GetLastError
GetModuleFileNameA
LocalFree
InterlockedIncrement
DeviceIoControl
lstrlenA
GetLogicalDriveStringsA
VirtualAlloc
GetCurrentProcess
IsBadWritePtr
RaiseException
HeapDestroy

user32

CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
RemovePropA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetForegroundWindow
GetMessageTime
SetForegroundWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
LoadBitmapA
GetMenuState
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
SetCursor
PostMessageA
PostQuitMessage
GetMessagePos
GetSystemMetrics
CharUpperA
wsprintfA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions

gdi32

SaveDC
DeleteObject
DeleteDC
SetBkColor
SetMapMode
SetViewportOrgEx
SetTextColor
SetViewportExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
GetClipBox
ScaleWindowExtEx
GetStockObject
SelectObject
RestoreDC
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
AllocateAndInitializeSid
GetTokenInformation
EqualSid
OpenProcessToken

shell32

ShellExecuteA
SHChangeNotify

comctl32

ord17

Exports

Exports

?Fd02_GetWPMode@@YAHPAXPAH@Z
?Fd02_SetWP@@YAHPAXH@Z
Fd02_ChangePin
Fd02_CheckDisk
Fd02_CloseDevice
Fd02_EnumDevice
Fd02_GetCurLockMode
Fd02_GetHint
Fd02_GetLastError
Fd02_GetMemStatus
Fd02_GetMinZoneSize
Fd02_GetSerialNo
Fd02_GetTotalCap
Fd02_GetZoneInfo
Fd02_InitLibrary
Fd02_IsWP
Fd02_LockDevice
Fd02_Login
Fd02_MakeFS
Fd02_OpenDevice
Fd02_ReadSecByZone
Fd02_ReadUserData
Fd02_RefreshWindow
Fd02_ResetDevice
Fd02_SetLED
Fd02_SetZoneInfo
Fd02_UninitLibrary
Fd02_UpdateParam
Fd02_WriteSecByZone
Fd02_WriteUserData

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MSCMCCHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

Actual PE Digest

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/MyTubrTray.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c5778a9433434d3baf7716ba604f0b0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAptOffset
__vbaStrVarMove
_adj_fdiv_m64
__vbaRaiseEvent
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaLateMemCall
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/TransInfo.dll
.dll windows:4 windows x86 arch:x86

1d0e41e054a92dec31cc51a71ee707af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
GetFileTime
GetFileAttributesA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
GetCommandLineA
HeapAlloc
GetProcessVersion
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeLibrary
HeapFree
ExitProcess
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
WritePrivateProfileStringA
GlobalFlags
SetLastError
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
InitializeCriticalSection
TlsAlloc
InterlockedDecrement
WideCharToMultiByte
GetEnvironmentStringsW
InterlockedIncrement
LocalFree
LocalAlloc
GetFullPathNameA
FindFirstFileA
lstrcpynA
GetVolumeInformationA
LoadLibraryA
FindClose
lstrcpyA
GetProcAddress
LockFile
SetEndOfFile
UnlockFile
WriteFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
ReadFile
CreateFileA
DuplicateHandle
GetLastError
CloseHandle
GetEnvironmentVariableA
GetModuleFileNameA
GetVersionExA
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrlenA

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsIconic
SystemParametersInfoA
GetWindowPlacement
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
LoadStringA
UnregisterClassA
CharUpperA
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
UnhookWindowsHookEx
GetClassNameA

gdi32

DeleteObject
SaveDC
RestoreDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

Exports

Exports

GetInfo
SetInfo

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/USBOOT.PAK
U盘专杀助手/U盘专杀助手.exe
.exe windows:4 windows x86 arch:x86

c5f734ed639b0ac18ba6a9f98930f70f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaLateIdCall
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaLineInputVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaVarCmpNe
__vbaStrCat
__vbaWriteFile
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
EVENT_SINK2_Release
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
__vbaBoolVar
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaVarDiv
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord570
ord648
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
ord579
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
__vbaOnGoCheck
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
__vbaVarSetObjAddref
__vbaRecDestructAnsi
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaRecAssign
ord580
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
U盘专杀助手/VB6STKIT.DLL
.dll windows:4 windows x86 arch:x86

9f4b76d42cbc350286ec870347345155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

TranslateMessage
CharNextA
wsprintfA
CharPrevA
LoadStringA
PeekMessageA
MessageBoxA
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi

kernel32

GetFileAttributesA
CompareStringW
GetStringTypeW
DeleteFileA
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
LCMapStringW
GetEnvironmentStringsW
LCMapStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetCPInfo
HeapReAlloc
GetLocaleInfoW
FlushFileBuffers
SetEnvironmentVariableA
GetOEMCP
GetVersion
GetLastError
lstrcatA
lstrcpyA
lstrcmpiA
lstrlenA
CopyFileA
OpenFile
Sleep
lstrcpynA
WriteFile
CloseHandle
SetFilePointer
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetErrorMode
LocalFree
LocalUnlock
LocalLock
LocalAlloc
SetFileTime
GetFileTime
GetWindowsDirectoryA
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
GetModuleFileNameA
VirtualAlloc
HeapCreate
VirtualFree
TlsSetValue
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindFirstFileA
GetFileType
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
ReadFile
GetCommandLineA
GetCurrentThreadId
DeleteCriticalSection
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
GetFullPathNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
InterlockedDecrement
InterlockedIncrement
HeapDestroy

Exports

Exports

AbortAction
AddActionNote
ChangeActionKey
CommitAction
DLLSelfRegister
DisableLogging
EnableLogging
ExtractFileFromCab
GetClsidFromActXFile
LogConfig
LogError
LogNote
LogWarning
NewAction
RegisterTLB
SyncShell
_SetTime@8
fCreateShellLink
fRemoveShellLink
fWithinAction

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/Vb6chs.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/asycfilt.dll
.dll windows:5 windows x86 arch:x86

5deee9ef803f3882a12b5c1690dcfb3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

asycfilt.pdb

Imports

ole32

ReleaseStgMedium

user32

UnionRect

gdi32

SetStretchBltMode
GetObjectW
CreateSolidBrush
DeleteObject
PatBlt
SelectObject
SetDIBits
SelectPalette
SetDIBitsToDevice
StretchDIBits
GetCurrentObject
SetMapMode
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetUnhandledExceptionFilter
GetLastError
GlobalDeleteAtom
GlobalAddAtomA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
EnterCriticalSection
lstrlenA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection

msvcrt

exit
fprintf
_iob
_snprintf
sscanf
getenv
malloc
free
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
longjmp
_setjmp3
realloc
_except_handler3
_purecall
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
FilterCreateInstance

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/bkDLControl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

1870592d014da225bf92c949ce61cc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
_CIsin
ord709
ord631
ord525
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaInStrVar
__vbaI2Var
__vbaLsetFixstrFree
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
ord617
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
ord618
ord619
_allmul
_CItan
ord546
__vbaFpCSngR8
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/fix.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@@Phydisk@Finalize
@@Phydisk@Initialize
@@Tlanguage@Finalize
@@Tlanguage@Initialize
@@Tpackage@Finalize
@@Tpackage@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@System@TObject@ClassName$qqrv
@TPhyDisk@$bctr$qqrv
@TPhyDisk@$bdtr$qqrv
@TPhyDisk@Close$qqrv
@TPhyDisk@DismountVolumn$qqrc
@TPhyDisk@DismountVolumns$qqrv
@TPhyDisk@Eject$qqrv
@TPhyDisk@GetBytesPerSector$qqrv
@TPhyDisk@GetHandle$qqrv
@TPhyDisk@GetIndex$qqrv
@TPhyDisk@GetLayout$qqrv
@TPhyDisk@GetMediaType$qqrv
@TPhyDisk@GetPartition$qqri
@TPhyDisk@GetPartitionCount$qqrv
@TPhyDisk@GetSectors$qqrv
@TPhyDisk@GetSectorsPerTrack$qqrv
@TPhyDisk@GetSize$qqrv
@TPhyDisk@GetTracksPerCylinder$qqrv
@TPhyDisk@GetWriteAble$qqrv
@TPhyDisk@IsVolumnMounted$qqrc
@TPhyDisk@Open$qqr17System@AnsiString
@TPhyDisk@ReadSector$qjpvi
@TPhyDisk@SetLayout$qqrv
@TPhyDisk@Volumns$qqrv
@TPhyDisk@WriteSector$qjpvi
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 196KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
U盘专杀助手/kb.wav
U盘专杀助手/oleaut32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f2c566a4e1032b7e51e40a63fb1c5b7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

oleaut32.pdb

Imports

advapi32

RegFlushKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueW
RegSetValueA
RegOpenKeyW
RegEnumKeyA
RegNotifyChangeKeyValue
RegQueryValueExA

gdi32

SetBitmapBits
CreateFontIndirectA
GetTextExtentPointA
Escape
CreateDIBSection
CreateDIBitmap
CreateHalftonePalette
SetDIBits
GetBitmapBits
SetStretchBltMode
SetBkColor
SetTextColor
GetCurrentObject
GetObjectType
GetStockObject
RealizePalette
StretchBlt
GetDIBits
StretchDIBits
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
DeleteEnhMetaFile
DeleteMetaFile
PlayMetaFileRecord
SelectPalette
GetPaletteEntries
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
SetEnhMetaFileBits
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetEnhMetaFileHeader
GetObjectW
GetBitmapDimensionEx
SetMetaFileBitsEx
CreateBitmap
PatBlt
DeleteObject
CreateFontIndirectW
GetDeviceCaps
SelectObject
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW

kernel32

GetStringTypeExA
GetStringTypeExW
LCMapStringA
CreateThread
WaitForSingleObject
CreateEventW
Sleep
FreeLibrary
SetEvent
SetThreadPriority
WaitForMultipleObjects
TerminateThread
LoadLibraryA
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
GetCurrentThread
GetCurrentProcess
CloseHandle
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
GetLocalTime
GetSystemDirectoryA
GetLocaleInfoW
CompareStringA
CompareStringW
OutputDebugStringA
GetVersionExW
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalSize
GlobalHandle
GlobalReAlloc
LockResource
IsDBCSLeadByte
LoadResource
FindResourceW
_lclose
_lread
_lwrite
_llseek
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
GlobalDeleteAtom
GlobalAddAtomW
DebugBreak
TlsAlloc
InterlockedCompareExchange
TlsFree
TlsSetValue
CreateFileA
CreateFileW
lstrcmpiA
LoadLibraryW
SearchPathA
GetFullPathNameA
SetLastError
SearchPathW
GetFullPathNameW
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
GetFileSize
GetDriveTypeW
GetDriveTypeA
SetErrorMode
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LCMapStringW
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetNumberFormatW
MultiByteToWideChar
GetNumberFormatA
WideCharToMultiByte
GetCurrencyFormatW
GetCurrencyFormatA

msvcrt

??1type_info@@UAE@XZ
malloc
_initterm
_clearfp
_errno
strncpy
strchr
_stat
getenv
wcstoul
_ultow
remove
_ultoa
free
calloc
_abnormal_termination
_wcslwr
wcsncat
wcsrchr
strrchr
_CxxThrowException
__CxxFrameHandler
_CIfmod
wcsncpy
strtoul
memmove
iswspace
_wcsnicmp
wcscpy
wcsncmp
wcschr
_itoa
atol
atoi
_strcmpi
_strnicmp
_CIpow
ceil
floor
_stricmp
_ui64tow
_i64toa
swprintf
_i64tow
_ftol
modf
_wtoi
wcslen
_wcsicmp
wcscmp
_itow
?terminate@@YAXXZ
_adjust_fdiv
_except_handler3

ole32

CoUnmarshalInterface
CoReleaseMarshalData
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoCreateInstance
StgCreateDocfile
CreateBindCtx
ReadClassStg
WriteFmtUserTypeStg
WriteClassStg
MkParseDisplayName
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoUnmarshalHresult
CoMarshalHresult
CLSIDFromString
CoSetState
CoGetMalloc
CoGetClassObject
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
CoMarshalInterface

rpcrt4

NdrClientCall2

user32

GetSysColor
WinHelpW
EnableWindow
GetMessageA
DispatchMessageA
PostQuitMessage
GetActiveWindow
SetActiveWindow
SetFocus
wsprintfW
wsprintfA
GetTopWindow
IsWindowUnicode
GetClientRect
GetDialogBaseUnits
GetKeyState
GetDlgItem
GetFocus
SendMessageW
GetParent
CharLowerA
GetWindowTextA
RegisterClipboardFormatA
SetWindowLongW
CopyImage
CopyIcon
CreateCursor
CreateIcon
DestroyIcon
GetIconInfo
GetSystemMetrics
DrawIcon
ReleaseDC
GetDC
RegisterWindowMessageA
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoW
RegisterClassW
DefWindowProcW
IsWindow
GetWindowLongW
DestroyWindow
CreateWindowExW
CharNextA

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
GetVarConversionLocaleSetting
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RegisterTypeLibForUser
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SetOaNoCache
SetVarConversionLocaleSetting
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UnRegisterTypeLibForUser
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromI8
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBoolFromUI8
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromI8
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarBstrFromUI8
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromI8
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyFromUI8
VarCyInt
VarCyMul
VarCyMulI4
VarCyMulI8
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromI8
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUI8
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromI8
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecFromUI8
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromI8
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI1FromUI8
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI2FromUI8
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromI8
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarI4FromUI8
VarI8FromBool
VarI8FromCy
VarI8FromDate
VarI8FromDec
VarI8FromDisp
VarI8FromI1
VarI8FromI2
VarI8FromR4
VarI8FromR8
VarI8FromStr
VarI8FromUI1
VarI8FromUI2
VarI8FromUI4
VarI8FromUI8
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromI8
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR4FromUI8
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromI8
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8FromUI8
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI1FromUI8
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromI8
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI2FromUI8
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromI8
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUI4FromUI8
VarUI8FromBool
VarUI8FromCy
VarUI8FromDate
VarUI8FromDec
VarUI8FromDisp
VarUI8FromI1
VarUI8FromI2
VarUI8FromI8
VarUI8FromR4
VarUI8FromR8
VarUI8FromStr
VarUI8FromUI1
VarUI8FromUI2
VarUI8FromUI4
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 703B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/olepro32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

bfbea1910cdffc9fc4cb569cbd816073

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olepro32.pdb

Imports

user32

CreateIcon
GetSysColor
WinHelpW
IsWindow
EnableWindow
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageW
DispatchMessageA
PostMessageW
PostQuitMessage
GetActiveWindow
SetActiveWindow
SetFocus
DestroyWindow
CreateCursor
wsprintfA
GetTopWindow
IsWindowUnicode
GetClientRect
GetDialogBaseUnits
GetDC
ReleaseDC
GetKeyState
GetWindowLongW
CharNextA
GetWindowTextA
CharLowerA
GetParent
SendMessageW
GetFocus
GetDlgItem
DrawIcon
GetSystemMetrics
SetWindowLongW
GetIconInfo
CopyIcon
CopyImage
DestroyIcon
RegisterClipboardFormatA
wsprintfW

gdi32

GetWindowOrgEx
IntersectClipRect
SaveDC
EnumFontFamiliesExW
GetTextFaceW
CreateHalftonePalette
Escape
CreateDIBSection
CreateDIBitmap
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
DeleteEnhMetaFile
DeleteMetaFile
PlayMetaFileRecord
SetBitmapBits
SetDIBits
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
CreateFontIndirectW
CreateFontIndirectA
GetDeviceCaps
DeleteObject
GetTextExtentPointA
GetTextMetricsW
SelectObject
GetPaletteEntries
PatBlt
CreateBitmap
SetMetaFileBitsEx
GetBitmapDimensionEx
GetObjectW
GetEnhMetaFileHeader
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
GetWinMetaFileBits
SetViewportExtEx

kernel32

MultiByteToWideChar
IsDBCSLeadByte
FreeLibrary
MulDiv
LockResource
LoadResource
FindResourceW
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalDeleteAtom
GlobalAddAtomW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetVersion
GetSystemDirectoryA
GetLastError
LoadLibraryA

advapi32

RegOpenKeyA
RegOpenKeyW
RegCreateKeyA
RegSetValueA
RegQueryValueW
RegFlushKey
RegCloseKey

msvcrt

free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
wcslen
wcscpy
wcsrchr
??3@YAXPAX@Z
wcsncat
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
_CIfmod
calloc
_CxxThrowException
_wcslwr
wcscmp
_wcsicmp
_ftol
wcsncpy

ole32

StgCreateDocfile
StringFromGUID2
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoCreateInstance
CoGetMalloc

oleaut32

LoadTypeLi
VariantInit
VariantClear
SysFreeString
SysAllocString
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘专杀助手/setup.ini
U盘专杀助手/updata.exe
.exe windows:4 windows x86 arch:x86

087846c0f6d3a3d69f426eefb1917b50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaHresultCheckObj
__vbaNameFile
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
ord529
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
ord650
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
U盘专杀助手/vxd.dll
U盘专杀助手/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 1024B - Virtual size: 906B

624c84a04948cdb010eaf9695c0efffd

Headers

File Characteristics

Imports

ole32

version

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 16KB - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

13fa0cf96dc804ea3f3d2f71b1bcf4aa

Code Sign

Signer

Headers

File Characteristics

Imports

winmm

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 7KB - Virtual size: 6KB

5008fea8a813bc3da36995f0957d0dd5

Headers

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 34KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 1024B - Virtual size: 906B

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 94KB - Virtual size: 93KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 34KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 512B - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

.text
Size: 692KB - Virtual size: 690KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB