cc59d7104d662dc12502f8e363eae633

Sharing

Copy URL Twitter E-mail

General

Target

cc59d7104d662dc12502f8e363eae633
Size

1.0MB
MD5

cc59d7104d662dc12502f8e363eae633
SHA1

3345e963fed32154180c5f4d5859a1aa8ff66dd0
SHA256

38d73c586c06ef5121f851a52e8e4ec9bd53b3d278bb09d60e33e0aa204c4ece
SHA512

98cda6fa568f6a9a8857853cbf9b98ca0431839bb6a33e44b6c840c9ac297b3238e5e0c50d705912dc1d9c19aced1ea01918f25d98ef8b2ca9cc6e840c02cf1d
SSDEEP

24576:TK+o3F2koMwLC+9iu1zWGT4uLBUli6ybc5i:etV2kFNIiwSGVOji

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/feiteng_surfcontrol.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack002/ExeHook.dll
unpack002/JpgVSbmp.dll
unpack002/MonUrlExt.dll
unpack002/NMSashok.dll
unpack002/NMSearchHok.dll
unpack002/NMUI.exe
unpack002/NMUrlMon.dll
unpack002/PopHTMLTip.dll
unpack002/ScreenLogView.exe
unpack002/SoftUpdate.dll
unpack002/configcenter.dll
unpack002/dib.dll
unpack002/ftslsp.dll
unpack002/res.dll
unpack002/security.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/feiteng_surfcontrol.exe	nsis_installer_1

Files

cc59d7104d662dc12502f8e363eae633
.rar
feiteng_surfcontrol.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/showtaskicon.bmp
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetPassword.ini
$PLUGINSDIR/SetShortCut.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ExeHook.dll
.dll regsvr32 windows:4 windows x86 arch:x86

46a97f7304c97ad9e0df4e64343862a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\ExeHook.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpyW
GetModuleFileNameW
lstrcatW
InterlockedIncrement
InterlockedDecrement
SizeofResource
LockResource
LoadResource
lstrcpynW
FindResourceExW
WideCharToMultiByte
lstrcmpiW
GetModuleHandleW
FindNextFileW
SetFileAttributesW
FindFirstFileW
ReadFile
GetFileSize
GetLocalTime
GetTempPathW
GetStringTypeW
GetStringTypeA
GetLastError
CreateFileW
SetFilePointer
lstrlenW
WriteFile
CloseHandle
OutputDebugStringW
FindResourceW
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetSystemInfo
VirtualProtect
TlsGetValue
LoadLibraryA
TlsSetValue
TlsFree
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
VirtualQuery
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
SetHandleCount

user32

GetSystemMetrics
FindWindowW
SendMessageW
PostMessageW
CharNextW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

SHGetFileInfoW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysStringLen
LoadRegTypeLi
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
SHSetValueW
SHGetValueW
PathFindExtensionW
PathFindFileNameW
SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IntegralUnit.ini
JpgVSbmp.dll
.dll windows:4 windows x86 arch:x86

8ee1425373dbd6acff15e99152ac0ffb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetACP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
GetFileTime
GetFileAttributesA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
HeapFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
WideCharToMultiByte
InterlockedIncrement
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
SetLastError
InterlockedDecrement
lstrlenA
lstrcmpA
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
CreateFileA
CloseHandle
GlobalHandle

user32

GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuItemCount
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
WinHelpA
GetDlgItem
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetSystemMetrics
CharUpperA
wsprintfA
UnhookWindowsHookEx
GetActiveWindow
MessageBoxA
GetClientRect
ClientToScreen
GetClassInfoA
RegisterClassA
GetWindowRect
GetSysColor
LoadCursorA
SetCursor
GetDC
ReleaseDC
UnregisterClassA
SetMenuItemBitmaps

gdi32

CreatePalette
GetObjectA
BitBlt
RealizePalette
CreateCompatibleDC
StretchBlt
GetPaletteEntries
GetDeviceCaps
GetSystemPaletteEntries
CreateDIBitmap
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateDIBSection
CreateHalftonePalette
StretchDIBits
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BmpToJpg
DIBToJpg
JpgToBmp
PaintJPG
PaintJPG2
PaintJPG3
PaintJPG4

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f4765fac19677fe35cddb35b0207893f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\MonUrlExt.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
GetLastError
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
lstrcmpA
GetCurrentThreadId
GetCurrentProcess
WriteProcessMemory
GetProcAddress
LockResource
GetEnvironmentVariableA
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableA
CloseHandle
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FlushFileBuffers

user32

FindWindowA
SendMessageTimeoutA
CharNextA
RegisterWindowMessageA
CreateWindowExW
DestroyWindow
GetClassNameA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA

shell32

SHGetFileInfoA

ole32

StringFromCLSID
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysStringLen

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA
SHSetValueA
PathFindExtensionA
SHGetValueA

oleacc

ObjectFromLresult

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMSashok.dll
.dll windows:4 windows x86 arch:x86

dd58aa8fd4fb1e4725106663565715c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\NMUI\release\NMSashok.pdb

Imports

kernel32

lstrcmpA
CloseHandle
GetSystemInfo
VirtualProtect
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
ExitProcess
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

OpenDesktopA
EnumDesktopWindows
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
CallNextHookEx
CallWindowProcA
GetWindowTextA

Exports

Exports

DisableHotKey

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMSearchHok.dll
.dll regsvr32 windows:4 windows x86 arch:x86

db20054a3b8e2f741b865545f98dc905

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\NMSearchHok.pdb

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcatA
InterlockedIncrement
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcmpiA
lstrlenW
lstrcpynA
IsDBCSLeadByte
CloseHandle
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetModuleHandleA
InterlockedExchange
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle

user32

CharNextA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetFileInfoA

ole32

CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoCreateInstance

oleaut32

VarUI4FromStr
UnRegisterTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
VariantInit
RegisterTypeLi
LoadTypeLi

shlwapi

SHDeleteValueA
PathFindExtensionA
SHGetValueA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMUI.exe
.exe windows:4 windows x86 arch:x86

39f167be751377c67b6f20ab5b05b5e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目\网络监护\Release\NMUI.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ord17
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
SetErrorMode
GetTickCount
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentDirectoryW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
GetVersionExA
FreeResource
SetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileSize
ReadFile
GetPrivateProfileSectionW
WritePrivateProfileStringW
RemoveDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetTempFileNameW
MoveFileExW
lstrcmpW
OpenFileMappingW
GetPrivateProfileStringW
TerminateProcess
CreateEventW
SetUnhandledExceptionFilter
CreateFileMappingW
Sleep
CopyFileW
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
GlobalFree
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetCurrentThread
GetCurrentProcess
LocalAlloc
GetSystemDirectoryW
lstrcatW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
MulDiv
lstrlenA
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpynW
GetLastError
FormatMessageW
LocalFree
CreateFileW
SetFilePointer
lstrlenW
WriteFile
CloseHandle
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
SetHandleCount

user32

SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
CharNextW
GetDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
DestroyMenu
SetMenuItemBitmaps
EnableMenuItem
GetMenuCheckMarkDimensions
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
RegisterWindowMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBoxW
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
GetDlgCtrlID
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WindowFromPoint
wsprintfW
CopyAcceleratorTableW
GetMenuState
GetMenuStringW
GetMenuItemID
SetRect
PtInRect
IsRectEmpty
UnregisterClassW
GetFocus
DestroyIcon
RegisterHotKey
UnregisterHotKey
GetForegroundWindow
GetWindowThreadProcessId
LoadIconW
IsWindowVisible
IsIconic
RemoveMenu
InsertMenuW
GetSubMenu
SetMenuDefaultItem
CheckMenuItem
AppendMenuW
DeleteMenu
CreatePopupMenu
IsWindow
FindWindowW
PostMessageW
MoveWindow
SetForegroundWindow
KillTimer
SetTimer
LoadBitmapW
InvalidateRgn
CharUpperW
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
ExitWindowsEx
CreateWindowExW
DrawFocusRect
SendMessageW
GetWindowLongW
LoadCursorW
SetCursor
GetWindowTextW
GetClientRect
BeginPaint
DrawTextW
EndPaint
CallWindowProcW
DefWindowProcW
SetCapture
GetCursorPos
ReleaseCapture
GetParent
ScreenToClient
SetWindowLongW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetSysColorBrush
FillRect
GetWindowRect
GetWindowDC
ReleaseDC
InvalidateRect
SetWindowPos
TrackMouseEvent
GetSystemMetrics
GetSysColor
LoadMenuW
ModifyMenuW
GetMenuItemCount
InflateRect
CopyRect
GetDlgItemTextA
EnableWindow
CheckRadioButton

gdi32

GetTextMetricsW
GetRgnBox
GetBkColor
CreateRectRgnIndirect
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetTextColor
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
GetDeviceCaps
SetPixelV
GetStockObject
CreateFontW
SetTextColor
SetBkMode
GetPixel
CreateCompatibleDC
SelectObject
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject
DeleteDC
GetObjectW
CreateFontIndirectW
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
ChangeServiceConfigW
StartServiceW
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconW
SHGetSpecialFolderPathW

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
SHSetValueW
SHSetValueA
SHDeleteKeyW
SHDeleteValueW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
VariantInit
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SysStringLen
SysAllocStringLen
VariantCopy

urlmon

CreateURLMoniker

wininet

InternetQueryOptionW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetOpenW

nmsashok

DisableHotKey

ws2_32

WSCEnumProtocols

iphlpapi

GetAdaptersInfo

netapi32

Netbios

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NMUrlMon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2e36ccdbde9bbe5fbff0e88ed3fe9b4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\NMUrlMon.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
MultiByteToWideChar
WriteFile
lstrlenA
SetFilePointer
GetLastError
lstrcpynA
lstrlenW
lstrcatA
lstrcmpiA
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
IsDBCSLeadByte
SetEnvironmentVariableA
GetEnvironmentVariableA
LCMapStringA
TlsFree
TlsAlloc
CreateDirectoryA
FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpA
LoadLibraryA
TlsGetValue
WideCharToMultiByte
CreateThread
TlsSetValue
HeapDestroy
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetProcAddress
GetProcessHeap
HeapFree
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FlushFileBuffers
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
LCMapStringW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess

user32

GetWindowLongA
SetWindowLongA
DefWindowProcA
SetWindowTextA
IsWindow
UnhookWindowsHookEx
CallWindowProcA
SendMessageA
GetWindowTextA
GetKeyState
SendMessageTimeoutA
FindWindowA
FindWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassNameA
GetParent
CharNextA

advapi32

RegDeleteKeyA
LookupAccountNameA
InitializeAcl
AddAccessAllowedAce
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoGetClassObject

shell32

SHGetFileInfoA

oleaut32

SysAllocStringLen
VariantClear
DispCallFunc
SysFreeString
VarUI4FromStr
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
VarBstrCat

shlwapi

SHGetValueA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

urlmon

CoInternetGetSession

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

Exports

Exports

Bcazsj
ChangeToken
CheckToken
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
SaveToken

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PopHTMLTip.dll
.dll regsvr32 windows:4 windows x86 arch:x86

03635043a9a9ed3b0ef44b64dd982dc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\提示信息控件\PopHTMLTip\Release\PopHTMLTip.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrcpyA
GetModuleFileNameA
lstrcatA
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
IsDBCSLeadByte
MulDiv
lstrcmpA
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
MultiByteToWideChar
GetVersionExA
CloseHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
VirtualProtect
ExitProcess
RtlUnwind
InitializeCriticalSection
RaiseException
GetLastError
lstrlenW
SetFilePointer
lstrlenA
WriteFile
GetStringTypeW

user32

UnregisterClassA
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
SetWindowPos
GetWindowRect
GetClientRect
ShowWindow
SetTimer
IsWindow
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
GetDlgItem
KillTimer
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
CallWindowProcA
CharNextA
RegisterWindowMessageA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
SystemParametersInfoA
LoadCursorA
wsprintfA
GetClassInfoExA
SendMessageA
SetFocus

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2

shell32

SHGetFileInfoA

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
VariantChangeType
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc

shlwapi

PathFindExtensionA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateSolidBrush
DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScreenLogView.exe
.exe windows:4 windows x86 arch:x86

2ce8b50a1c2d1e31d7da82cd4260dbc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目\网络监护\Release\ScreenLogView.pdb

Imports

jpgvsbmp

PaintJPG2

kernel32

GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetStartupInfoA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
lstrcatA
lstrcpyA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MultiByteToWideChar
GetLastError
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
GetStringTypeExA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalUnlock
GlobalLock
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpW
FreeLibrary
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
CreateFileA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
WritePrivateProfileStringA
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
RaiseException
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetTickCount
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom

user32

GetDCEx
LockWindowUpdate
SetParent
GetMenuItemInfoA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
LoadBitmapA
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindowRect
GetClientRect
SetTimer
KillTimer
SetCapture
LoadCursorA
EnableWindow
GetMenuCheckMarkDimensions
SendMessageA
GetSysColor
ClipCursor
ReleaseCapture
SetCursor
RegisterWindowMessageA
wsprintfA
LoadMenuA
DestroyMenu
GetClassNameA
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetKeyState
GetDlgCtrlID
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetMenu
UnpackDDElParam
ReuseDDElParam
LoadIconA
GetClassInfoA
PeekMessageA
GetCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
CharNextA
DestroyIcon
WindowFromPoint
SetRect
DispatchMessageA
GetSysColorBrush
UpdateWindow
GetSystemMetrics
CharUpperA
TranslateAcceleratorA
IsWindowEnabled
GetWindow
GetDesktopWindow
IsWindow
GetWindowLongA
ShowWindow
SetMenu
PostMessageA
BringWindowToTop
GetLastActivePopup
CopyRect
SetRectEmpty
OffsetRect
IntersectRect
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
InsertMenuItemA
IsIconic

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateFontA
GetCharWidthA
DeleteObject
StretchDIBits
DeleteDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
SelectObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

DragFinish
ExtractIconA
SHGetFileInfoA
DragQueryFileA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindExtensionA
SHSetValueA
PathFindFileNameA
PathStripToRootA
SHGetValueA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantClear

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoftUpdate.dll
.dll windows:4 windows x86 arch:x86

86454a0a5c25c41a636e8cb93f47766d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\SoftUpdate.pdb

Imports

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrcatA
GetSystemDirectoryA
lstrcpyA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetTempPathA
GetWindowsDirectoryA
MoveFileA
MoveFileExA
DeleteFileA
CreateDirectoryA
GetShortPathNameA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
lstrcpynA
GetLastError
CreateFileA
SetFilePointer
lstrlenA
WriteFile
CloseHandle
OutputDebugStringA
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOEMCP

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

shlwapi

PathFileExistsA
SHGetValueA
PathRemoveFileSpecA
SHDeleteKeyA
SHSetValueA

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetPEFileVersion
RebootUpdate
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
configcenter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dd5133e02e9b866ec88d8999df490b21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
DeleteFileW
CopyFileW
OutputDebugStringW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
GetModuleFileNameW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
DebugBreak
lstrlenA
lstrcpynW
CloseHandle
WriteFile
CreateFileW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
lstrcatW
GetPrivateProfileSectionW
GetPrivateProfileIntW
lstrcpyW
DisableThreadLibraryCalls

user32

DialogBoxParamW
GetActiveWindow
MessageBoxW
SetWindowLongW
wvsprintfW
LoadStringW
EndDialog
SetDlgItemTextW
CharNextW
CharLowerW
SendMessageW
GetDlgItemTextW
FindWindowW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString

shlwapi

SHDeleteKeyW
SHGetValueW
PathFileExistsW
SHSetValueW

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW

msvcrt

wcslen
??2@YAPAXI@Z
memcmp
_except_handler3
wcscmp
_itow
__CxxFrameHandler
memset
free
_initterm
malloc
_adjust_fdiv
iswdigit
wcschr
_wtoi
memcpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ManagerConfig
UpdateConfig

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dib.dll
.dll windows:4 windows x86 arch:x86

40f2dcddfddf54dc53ce2ffda36cd0a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
HeapCreate
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CloseHandle
HeapDestroy
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
RaiseException
TerminateProcess
ExitProcess
GetCommandLineA
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetFileTime
GetFileAttributesA
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
CreateFileA
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
HeapFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
MultiByteToWideChar
LoadLibraryA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetLastError
lstrcpynA
GetModuleHandleA
GetProcAddress
SetLastError
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
SetFilePointer
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc

user32

GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadStringA
DestroyMenu
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GetMenuItemCount
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
CopyRect
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GetIconInfo
GetSysColorBrush
FillRect
GetSysColor
ScreenToClient
GetClientRect
GetCapture
WinHelpA
ClientToScreen
GetWindowRect
IsRectEmpty
LoadCursorA
SetCursor
GetDC
ReleaseDC
GetClassNameA
wsprintfA

gdi32

CreatePalette
GetObjectA
GetSystemPaletteEntries
GetDeviceCaps
CreateDIBitmap
RealizePalette
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
BitBlt
StretchBlt
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateHalftonePalette
GetPaletteEntries
CreateCompatibleBitmap
CreateDCA
StretchDIBits
Rectangle
CreateSolidBrush
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BytesPerLine
ConvertDIBFormat
ConvertDIBToGray
CopyClientRectToBitmap
CopyClientRectToDIB
CopyScreenToBitmap
CopyScreenToDIB
CopyWindowToBitmap
CopyWindowToDIB
DIBBitCount
DIBHeight
DIBNumColors
DIBToIconFile
DIBWidth
DestroyDIB
DrawTransparentBitmap
GetIconSizeColor
IconToDIB
LoadDIB
PaintBitmap
PaintDIB
ReadDIBFromIconFile
SaveDIB
WriteIconToIconFile
ZoomIn

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftslsp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ae65ad9422d094c32aeee693a12711a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
LeaveCriticalSection
GetProcAddress
InitializeCriticalSection
ExpandEnvironmentStringsW
EnterCriticalSection
GlobalFree
OutputDebugStringW
GetLastError
GetModuleFileNameW
FreeLibrary
GlobalAlloc
LoadLibraryW

user32

wsprintfW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

ws2_32

WSASetLastError
inet_addr
WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSCWriteProviderOrder
htons
WSCGetProviderPath

msvcrt

atoi
_adjust_fdiv
malloc
_initterm
free
_vsnwprintf
_except_handler3
strchr
strncpy
wcscpy

Exports

Exports

DllRegisterServer
DllUnregisterServer
Resume
WSPStartup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
misi.dat
pl.ini
report.htm
.html .js polyglot
res.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/PopInfo.htm
.html .js polyglot
res/close.gif
.gif
res/close_down.gif
.gif
res/main.gif
.gif
res/mousemove_close.gif
.gif
security.exe
.exe windows:4 windows x86 arch:x86

5e7243748eb848e623f0322f13569b0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
QueryDosDeviceA
lstrlenA
GetModuleFileNameA
FindResourceA
GetLastError
MoveFileExA
GetWindowsDirectoryA
GetStringTypeA
LCMapStringW
LoadResource
SizeofResource
LockResource
GetSystemDirectoryA
CreateDirectoryA
lstrcpyA
DeleteFileA
lstrcatA
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
CloseHandle
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeW

user32

MessageBoxA

advapi32

StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
DeleteService

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA
PathFileExistsA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssi.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 352KB

.rsrc Size: 30KB - Virtual size: 32KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 134B

46a97f7304c97ad9e0df4e64343862a8

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

8ee1425373dbd6acff15e99152ac0ffb

Headers

File Characteristics

Imports

winmm

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 352KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 4KB

.Share
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 10KB