cb770d242117a830bfbf59bda4265dac

Sharing

Copy URL Twitter E-mail

General

Target

cb770d242117a830bfbf59bda4265dac
Size

852KB
MD5

cb770d242117a830bfbf59bda4265dac
SHA1

a486d3d77ef03cf46658de81e71f3f97c32ce35e
SHA256

8d2edb255b6ca03e42e075336ecdcecb4046ea32cd672fe50d1c74c2d19c0408
SHA512

6e8a651845bfef05758b6cace953e219bed23cf6760094167cac3c9cdd5a71aac248a2ac6d0ca602454c38dcf8acaba68eef7825d9ce80e05942c978c74b7bf7
SSDEEP

12288:LNmydWGUmEMQNCd8ZUWJ9vgo1J+hqrsaoaAz+s8hASfVEmZEGkyBCYMpz:ZfAhC7W9v/J+Ursa5Az+btEm/kht

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MaxIE_Browser_Setup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/MaxIE.exe
unpack002/Plugin/SnapShot/CameraDll.dll
unpack002/Plugin/SnapShot/SnapShot.exe
unpack002/Uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/MaxIE_Browser_Setup.exe	nsis_installer_1
static1/unpack002/Uninst.exe	nsis_installer_1

Files

cb770d242117a830bfbf59bda4265dac
.rar
MaxIE_Browser_Setup.exe
.exe windows:4 windows x86 arch:x86

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CompareFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
EnableWindow

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Groups/order.txt
Groups/.cgp
Language/ChineseGB.ini
MaxIE.exe
.exe windows:4 windows x86 arch:x86

ffeca5b078bdefee46cfa5d280f6f8cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
gethostbyname
gethostname

winmm

sndPlaySoundA

kernel32

HeapFree
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
GetStartupInfoA
ExitProcess
CreateThread
ExitThread
GetACP
SetStdHandle
GetFileType
TerminateProcess
HeapSize
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
HeapAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalUnlock
GlobalLock
GetLocalTime
GetLastError
CopyFileA
OpenFile
CloseHandle
GetFileSize
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
MultiByteToWideChar
lstrcpyA
lstrlenA
GetFullPathNameA
FindClose
FindNextFileA
lstrcmpiA
lstrcmpA
FindFirstFileA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
DeleteFileA
RtlUnwind
SetErrorMode
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
SizeofResource
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
CreateEventA
SuspendThread
SetThreadPriority
MoveFileA
FileTimeToDosDateTime
GetModuleFileNameA
lstrlenW
QueryPerformanceCounter
WritePrivateProfileStringA
GetProfileStringA
ResumeThread
SetEvent
SetLastError
FormatMessageA
GetTickCount
GetProfileIntA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
LockResource
FindResourceA
LoadResource
RaiseException
InterlockedExchange
GetVersionExA
MulDiv
GetVersion
lstrcatA
GetShortPathNameA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetCommandLineA
DeleteCriticalSection
HeapDestroy
CreateSemaphoreA
CreateMutexA
GetPrivateProfileIntA
WaitForSingleObject
ReleaseMutex
GetEnvironmentStrings
CreateProcessA
GlobalMemoryStatus
GetPrivateProfileSectionA
GetTempPathA
LocalAlloc
LocalFree
GetWindowsDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetCurrentThreadId
OpenProcess
ExpandEnvironmentStringsA
QueryPerformanceFrequency
WritePrivateProfileSectionA
WideCharToMultiByte
GlobalFree
GlobalSize
GlobalAlloc

user32

UnpackDDElParam
LoadStringA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
CharUpperA
PostQuitMessage
ShowOwnedPopups
MessageBeep
SetWindowContextHelpId
MapDialogRect
CopyAcceleratorTableA
InvertRect
PostThreadMessageA
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
AdjustWindowRectEx
EqualRect
DeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
IntersectRect
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
ReuseDDElParam
DestroyWindow
GetDlgItem
IsWindowEnabled
SetRect
DrawEdge
DrawIconEx
GrayStringA
DrawTextA
TabbedTextOutA
GetSystemMenu
SetParent
GetDCEx
RedrawWindow
BeginDeferWindowPos
EndDeferWindowPos
GetSysColorBrush
wsprintfA
OffsetRect
SetFocus
InflateRect
SetWindowRgn
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
EnumChildWindows
CharNextA
GetPropA
GetLastActivePopup
SetMenu
MapVirtualKeyA
keybd_event
InsertMenuA
GetClassNameA
GetWindowTextA
FindWindowA
BringWindowToTop
SetForegroundWindow
GetDC
ReleaseDC
DeleteMenu
FindWindowExA
IsZoomed
DefDlgProcA
IsWindowUnicode
UpdateWindow
UnregisterHotKey
EnumWindows
GetWindowThreadProcessId
IsIconic
SetMenuDefaultItem
WindowFromPoint
IsChild
SetPropA
RegisterHotKey
GetSystemMetrics
RegisterWindowMessageA
GetFocus
SetMenuItemInfoA
GetNextDlgGroupItem
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PtInRect
GetDesktopWindow
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
wvsprintfA
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
ModifyMenuA
LockWindowUpdate
TrackPopupMenu
TrackPopupMenuEx
DestroyMenu
SystemParametersInfoA
SetWindowPos
GetCursorPos
ScreenToClient
CreateWindowExA
SetWindowLongA
LoadBitmapA
KillTimer
SetTimer
GetWindow
LoadIconA
GetMenuItemCount
GetMenuItemInfoA
GetMenuState
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetParent
UnionRect
IsRectEmpty
SetRectEmpty
GetWindowLongA
ShowWindow
CreatePopupMenu
ClientToScreen
IsMenu
AppendMenuA
GetSubMenu
GetMenuStringA
CopyRect
LoadImageA
GetWindowRect
GetClientRect
FillRect
DestroyIcon
ReleaseCapture
SetCapture
InvalidateRect
PostMessageA
GetCursor
SetCursor
LoadCursorA
GetSysColor
RegisterClipboardFormatA
GetKeyState
SendMessageA
IsWindow
IsWindowVisible
EnableWindow
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetClassLongA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
DPtoLP
LPtoDP
GetBkColor
GetTextMetricsA
CopyMetaFileA
SetBkMode
GetStockObject
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateFontA
GetCharWidthA
StretchDIBits
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetBkMode
Ellipse
CreatePen
CreateDIBSection
SelectObject
CreateSolidBrush
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
CreateCompatibleBitmap
BitBlt
GetTextColor
GetDeviceCaps
EnumFontFamiliesA
CreateCompatibleDC
CreateRectRgn
GetObjectA
GetPixel
CombineRgn
GetTextExtentPoint32A
CreateFontIndirectA
GetTextExtentPointA
CreateDIBitmap
DeleteObject

comdlg32

GetFileTitleA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

IsTextUnicode
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyExA
RegDeleteKeyA

shell32

DragAcceptFiles
Shell_NotifyIconA
DragFinish
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA
SHGetMalloc
SHGetDesktopFolder
DragQueryFileA

comctl32

ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragLeave
_TrackMouseEvent
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ImageList_DragEnter
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_GetIconSize
ord17
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Duplicate

oledlg

ord8

ole32

CoRegisterMessageFilter
CoCreateInstance
CoGetClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
OleGetClipboard
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
OleDuplicateData
OleUninitialize
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard

olepro32

ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
VariantChangeType
SysAllocStringByteLen
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
RegisterTypeLi
LoadTypeLi
VariantClear
SysAllocString
SysFreeString

urlmon

CoInternetGetSession

wininet

DeleteUrlCacheEntry
GetUrlCacheEntryInfoA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetSetOptionA
GetUrlCacheEntryInfoExA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugin/FlashSaveGB/FlashSave.html
.html .js polyglot
Plugin/FlashSaveGB/flash.ico
Plugin/FlashSaveGB/plugin.ini
Plugin/KillAd/killad.htm
.html .js polyglot
Plugin/KillAd/killad.ico
Plugin/KillAd/plugin.ini
Plugin/MouseUnlock/MouseUnlock.htm
.html .js polyglot
Plugin/MouseUnlock/MouseUnlock.ico
Plugin/MouseUnlock/plugin.ini
Plugin/PageZoomMore/icon.ico
Plugin/PageZoomMore/plugin.ini
Plugin/PageZoomMore/script.htm
.html
Plugin/SnapShot/CameraDll.dll
.dll windows:4 windows x86 arch:x86

d13ed92defec823b1f97f9c519a903c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

AlphaBlend

mfc42

ord5277
ord4627
ord4425
ord3597
ord2859
ord324
ord4234
ord4853
ord4376
ord4710
ord2379
ord6453
ord3693
ord3626
ord2414
ord4133
ord4297
ord5788
ord472
ord6119
ord6197
ord6380
ord772
ord5860
ord500
ord6055
ord1776
ord5290
ord3402
ord3721
ord818
ord567
ord2302
ord4299
ord1146
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6242
ord3797
ord4275
ord3089
ord5981
ord613
ord4123
ord289
ord3571
ord1641
ord860
ord4220
ord2584
ord3654
ord3573
ord640
ord809
ord323
ord556
ord2438
ord3619
ord2086
ord1088
ord4160
ord2122
ord6195
ord1640
ord6215
ord3092
ord6880
ord3920
ord4317
ord2431
ord1644
ord6320
ord3706
ord816
ord5781
ord562
ord4476
ord5875
ord5785
ord6172
ord5789
ord3874
ord6199
ord5787
ord283
ord535
ord4129
ord5683
ord924
ord5572
ord2915
ord2753
ord4424
ord2754
ord4188
ord3317
ord3438
ord537
ord912
ord812
ord2124
ord559
ord2452
ord1175
ord2818
ord5710
ord2763
ord2567
ord1176
ord1154
ord2546
ord291
ord6270
ord4538
ord755
ord2380
ord470
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord1709
ord1711
ord5234
ord6369
ord2444
ord3175
ord3499
ord2515
ord355
ord801
ord620
ord541
ord298
ord1803
ord4230
ord4497
ord6442
ord4454
ord1270
ord1232
ord5248
ord6605
ord4622
ord4333
ord6109
ord6335
ord3742
ord1200
ord2152
ord1233
ord4083
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5858
ord341
ord654
ord6383
ord5440
ord6394
ord5450
ord3663
ord384
ord2096
ord2860
ord2408
ord686
ord858
ord540
ord800
ord825
ord823
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord5265
ord3953
ord795
ord641
ord6467
ord2864
ord2514
ord561
ord815
ord656
ord3738
ord1168
ord6194

msvcrt

_EH_prolog
_mbscmp
memcpy
memset
memmove
strcmp
_purecall
fopen
fclose
fread
fwrite
fseek
ftell
fflush
fputc
getc
free
malloc
_beginthreadex
sin
cos
atan
sqrt
_ftol
_mbsicmp
floor
_mbscoll
exit
fprintf
_iob
sprintf
strlen
ceil
memcmp
strncpy
_CxxThrowException
longjmp
_wfopen
printf
exp
log
isprint
strncmp
calloc
_setjmp3
__CxxLongjmpUnwind
pow
abs
div
acos
realloc
sscanf
getenv
abort
fabs
strcpy
strtod
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CxxFrameHandler

kernel32

GlobalLock
GlobalUnlock
LockResource
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SizeofResource
LoadResource
SetFilePointer
GetFileSize
ReadFile
GetTickCount
LocalAlloc
CreateFileA
LocalFree
Sleep
GetModuleHandleA
CreateMutexA
GetLastError
CloseHandle
GlobalAlloc

user32

SetWindowRgn
DefWindowProcA
GetClassInfoA
PostMessageA
MapWindowPoints
GetDlgCtrlID
DeleteMenu
SetWindowPos
GetWindowLongA
GetClassNameA
GetDC
ReleaseDC
LoadImageA
SetWindowsHookExA
UnhookWindowsHookEx
InsertMenuA
AppendMenuA
GetMenuState
ModifyMenuA
GetTabbedTextExtentA
SystemParametersInfoA
MenuItemFromPoint
GetMenuItemCount
GetSubMenu
OpenClipboard
GetIconInfo
SetClipboardData
CloseClipboard
CopyRect
DrawTextA
OffsetRect
CreatePopupMenu
LoadIconA
ClientToScreen
IsWindowVisible
SetFocus
SetForegroundWindow
IsWindow
CreateWindowExA
DestroyIcon
LoadBitmapA
GetClientRect
ValidateRect
DrawStateA
GetSysColor
InflateRect
GetFocus
GetKeyState
GetSystemMetrics
LoadCursorA
EmptyClipboard
DrawIconEx
SetCursor
ReleaseCapture
SetCapture
EnableWindow
GetParent
ScreenToClient
WindowFromPoint
GetWindowRect
InvalidateRect
KillTimer
GetCursorPos
PtInRect
EqualRect
SetTimer
IsRectEmpty
SetRect
SetRectEmpty
GetWindowDC
SendMessageA
CallNextHookEx
ShowWindow
GetDesktopWindow
TrackMouseEvent
GetWindow

gdi32

CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
GetRgnBox
CombineRgn
CreateRectRgn
GetTextColor
GetTextExtentPoint32A
Polygon
Ellipse
StretchDIBits
SetStretchBltMode
GetClipBox
CreatePen
RectVisible
CreateSolidBrush
EnumFontFamiliesExA
CreateDIBitmap
CreateBitmap
DeleteDC
RoundRect
CreateRoundRectRgn
StretchBlt
CreateDIBSection
SetDIBitsToDevice
ExtSelectClipRgn
CreateRectRgnIndirect
SetBkColor
SetBkMode
SetTextColor
SelectObject
Rectangle
GetStockObject
BitBlt
GetBitmapBits
GetObjectA
CreateBitmapIndirect
DeleteObject
GetDIBits
GetDeviceCaps

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Draw
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PBDK@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageGIF@@QAE@XZ
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxImagePNG@@QAE@ABV0@@Z
??0CxImagePNG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageGIF@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxImagePNG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxImagePNG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxImageJPG@@6B@
??_7CxImagePNG@@6B@
??_7CxMemFile@@6B@
??_C@_0L@BGJF@Read?5Error?$AA@
??_C@_0M@GIHK@Flush?5Error?$AA@
??_C@_0M@KPPG@Write?5Error?$AA@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromARGB@CxImage@@QAE_NKKPAE@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAEXPAUHBITMAP__@@@Z
?CreateFromHICON@CxImage@@QAEXPAUHICON__@@@Z
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?Crop@CxImage@@QAE_NJJJJPAV1@@Z
?Decode@CxImage@@QAE_NPAEKK@Z
?Decode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Decode@CxImage@@QAE_NPAVCxFile@@K@Z
?Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Decode@CxImagePNG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImagePNG@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z
?DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@@Z
?Destroy@CxImage@@QAEXXZ
?Dither@CxImage@@QAE_NJ@Z
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?DrawTextA@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE@Z
?Enable@CxImage@@QAEX_N@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Encode@CxImagePNG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImagePNG@@QAE_NPAVCxFile@@@Z
?EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z
?EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Flip@CxImage@@QAE_NXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEXZ
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAEXZ
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetColorType@CxImage@@QAEEXZ
?GetComment@CxImageGIF@@QAEXPAD@Z
?GetDIB@CxImage@@QBEPAXXZ
?GetDisposalMethod@CxImageGIF@@QAEJXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEncodeOption@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetLoops@CxImageGIF@@QAEJXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetNumLayers@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetParent@CxImage@@QBEPAV1@XZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?GifMix@CxImageGIF@@IAEXAAVCxImage@@AAUtag_image@1@@Z
?GifNextPixel@CxImageGIF@@IAEHXZ
?GrayScale@CxImage@@QAE_NXZ
?IncreaseBpp@CxImage@@QAE_NK@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?Load@CxImage@@QAE_NPBDK@Z
?Load@CxImage@@QAE_NPBGK@Z
?LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Mirror@CxImage@@QAE_NXZ
?Negative@CxImage@@QAE_NXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z
?RGBQUADtoRGB@CxImage@@QAEKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Resample@CxImage@@QAE_NJJHPAV1@@Z
?Rotate180@CxImage@@QAE_NPAV1@@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Save@CxImage@@QAE_NPBDK@Z
?Save@CxImage@@QAE_NPBGK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z
?SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z
?SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z
?SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z
?SelectionClear@CxImage@@QAE_NXZ
?SelectionCopy@CxImage@@QAE_NAAV1@@Z
?SelectionCreate@CxImage@@QAE_NXZ
?SelectionDelete@CxImage@@QAE_NXZ
?SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z
?SelectionInvert@CxImage@@QAE_NXZ
?SelectionIsInside@CxImage@@QAE_NJJ@Z
?SelectionIsValid@CxImage@@QAE_NXZ
?SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z
?SetComment@CxImageGIF@@QAEXPBD@Z
?SetDisposalMethod@CxImageGIF@@QAEXH@Z
?SetEncodeOption@CxImage@@QAEXK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetLoops@CxImageGIF@@QAEXH@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Skew@CxImage@@QAE_NMMJJ@Z
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAEXAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
?b3spline@CxImage@@IAEMM@Z
?char_out@CxImageGIF@@IAEXH@Z
?cl_hash@CxImageGIF@@IAEXJ@Z
?compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z
?expand2to4bpp@CxImagePNG@@IAEXPAE@Z
?flush_char@CxImageGIF@@IAEXXZ
?get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z
?get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z
?get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@PAUtag_dscgif@1@@Z
?ima_png_error@CxImagePNG@@IAEXPAUpng_struct_def@@PAD@Z
?init_exp@CxImageGIF@@IAEFF@Z
?out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z
?output@CxImageGIF@@IAEXF@Z
?rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z
?rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_compute_triangle_count@CxImageGIF@@IAEIII@Z
?rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_isqrt@CxImageGIF@@IAEII@Z
?rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_write_block@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?seek_next_image@CxImageGIF@@IAEJPAVCxFile@@J@Z
?user_error_fn@CxImagePNG@@KAXPAUpng_struct_def@@PBD@Z
?user_flush_data@CxImagePNG@@KAXPAUpng_struct_def@@@Z
?user_read_data@CxImagePNG@@KAXPAUpng_struct_def@@PAEI@Z
?user_write_data@CxImagePNG@@KAXPAUpng_struct_def@@PAEI@Z
CameraSubArea
CameraWindow
CameraWindowLikeSpy

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSHARE
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/SnapShot/SnapShot.exe
.exe windows:4 windows x86 arch:x86

9c89517f6c4143a881bf041de4b5737a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetStringTypeW

user32

RegisterClassExW
MessageBoxW
LoadIconW

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugin/SnapShot/plugin.ini
Plugin/ViewPage/ViewPage_cn.htm
.html .js polyglot
Plugin/ViewPage/plugin.ini
Plugin/ViewPage/readme.txt
Plugin/ViewPage/v.ico
Resource/Filter.ini.default
Resource/PopFilter.WAV
Resource/Resource.htm
.html
Resource/Software.ico
Resource/Start.htm
.html
Resource/StartEn.htm
.html
Resource/baidu.ico
Resource/google.ico
Skin/Cartoon/BackGround.bmp
Skin/Cartoon/FavBar.bmp
Skin/Cartoon/Go.bmp
Skin/Cartoon/MainTool16.bmp
Skin/Cartoon/MainTool24.bmp
Skin/Cartoon/MainToolGray16.bmp
Skin/Cartoon/MainToolGray24.bmp
Skin/Cartoon/StatusTool.bmp
Skin/Cartoon/SystemBar.bmp
Skin/Cartoon/TabActive.bmp
Skin/Cartoon/TabBackGround.bmp
Skin/Cartoon/TabNormal.bmp
Skin/Cartoon/TaskBar.bmp
Skin/Default/BackGround.bmp
Skin/Default/FavBar.bmp
Skin/Default/Go.bmp
Skin/Default/MainAnimIcon.bmp
Skin/Default/MainMenu.bmp
Skin/Default/MainTool16.bmp
Skin/Default/MainTool24.bmp
Skin/Default/MainToolGray16.bmp
Skin/Default/MainToolGray24.bmp
Skin/Default/SearchBar.bmp
Skin/Default/StatusTool.bmp
Skin/Default/SystemBar.bmp
Skin/Default/TabActive.bmp
Skin/Default/TabActiveBottom.bmp
Skin/Default/TabBackGround.bmp
Skin/Default/TabNormal.bmp
Skin/Default/TabNormalBottom.bmp
Skin/Default/TaskBar.bmp
Uninst.exe
.exe windows:4 windows x86 arch:x86

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CompareFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
EnableWindow

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
User/CollectorOutput.txt
User/DownManager.ini
.vbs
User/Filter.ini
User/MaxIE.ini
User/Proxy.ini
User/SearchEngine.ini
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

5f65217e6605a4cda5d136ec8a66748c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 296KB

.rsrc Size: 12KB - Virtual size: 16KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

ffeca5b078bdefee46cfa5d280f6f8cd

Headers

File Characteristics

Imports

wsock32

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 774KB - Virtual size: 773KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 26KB - Virtual size: 54KB

.rsrc Size: 147KB - Virtual size: 146KB

d13ed92defec823b1f97f9c519a903c3

Headers

File Characteristics

Imports

msimg32

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

Exports

Exports

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 774KB - Virtual size: 773KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 26KB - Virtual size: 54KB

.rsrc
Size: 147KB - Virtual size: 146KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 16KB - Virtual size: 20KB

.MYSHARE
Size: 4KB - Virtual size: 8B

.rsrc
Size: 120KB - Virtual size: 118KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 12KB - Virtual size: 16KB