e907f5e47bdbb8af7f98621e0cf148b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e907f5e47bdbb8af7f98621e0cf148b6_JaffaCakes118
Size

612KB
MD5

e907f5e47bdbb8af7f98621e0cf148b6
SHA1

3482299b5918b552e9a7ae3b3e75aa970dc3ba6b
SHA256

b79af57c2562c975b6b8faea1d786093625828aa436d1cb15dd16581f7d16577
SHA512

f65ae5611c95f0a25a172d5120429f17be833b37b707b532b4a67cd1466253b855c676e83fc7dea563323a1f6c3069e8573be51273680b5cfb470033c4057d41
SSDEEP

12288:AnEEHdy2zEvJIMKpFSI0QNBz7hRYI8B2z3llXbJfdBOuX0:AnEsclJApcQnzlx/TJlB9X0

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/version2.51/客户端/KVNCClient.exe
unpack001/version2.51/客户端/KVNCHooks.dll
unpack001/version2.51/客户端/KVNCProtect.exe
unpack001/version2.51/客户端/KVNCView.dll
unpack001/version2.51/客户端/KVNClient.dll
unpack001/version2.51/客户端/TcpClient.dll
unpack001/version2.51/服务器/KVNCServer.exe
unpack001/version2.51/服务器/KVNCView.dll
unpack001/version2.51/服务器/TcpServer.dll
unpack001/version2.51/监控端/KVNCView.exe
unpack001/version2.51/监控端/TcpClient.dll

Files

e907f5e47bdbb8af7f98621e0cf148b6_JaffaCakes118
.rar
version2.51/客户端/KVNCClient.exe
.exe windows:4 windows x86 arch:x86

a7a462428ddd4f261a7e235f0a5115ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
getpeername
inet_addr

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrlenA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
InterlockedDecrement
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
CreateMutexA
OpenMutexA
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
DeleteFileA
CreateDirectoryA
FindNextFileA
FindClose
SetLastError
FindFirstFileA
lstrcpyA
GetComputerNameA
Sleep
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
OpenProcess
TerminateProcess
CreateFileA
ReadFile
WriteFile
SetFilePointerEx
GetFileSizeEx
CreateThread
DeleteCriticalSection
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
GetTimeZoneInformation
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCPInfo
GetOEMCP
HeapSize
GetProcAddress
IsBadWritePtr
VirtualFree
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapCreate
HeapDestroy
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetFullPathNameA
RtlUnwind
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
ExitProcess

user32

SendMessageTimeoutA
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
SetFocus
KillTimer
DialogBoxParamA
EndDialog
GetActiveWindow
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
GetDlgItem
MessageBoxA
SetTimer
SendMessageA
ShowWindow
PostQuitMessage
CharNextA
DefWindowProcA
CreateDialogParamA
IsDialogMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowLongA
DestroyWindow
UnregisterClassA
PostMessageA

advapi32

RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

kvnclient

?CreateKvnClient@@YAPAVIKvnClient@@PAVIKvnClientNotify@@@Z

kvncview

?CreateKvnServer@@YAPAVIKvnServer@@PAVIKvnServerNotify@@@Z

shlwapi

SHDeleteValueA

comctl32

InitCommonControlsEx

tcpclient

?CreateTcpClient@@YAPAVITcpClient@@PAVITcpClientNotify@@@Z

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version2.51/客户端/KVNCClient.ini
version2.51/客户端/KVNCHooks.dll
.dll windows:4 windows x86 arch:x86

4d199a8b664d54d9b606a5f6114e777b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
FlushFileBuffers
LCMapStringW
LCMapStringA
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
CloseHandle
GlobalDeleteAtom
GlobalAddAtomA
GetModuleHandleA
GetStringTypeW
GetModuleFileNameA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize

user32

RegisterWindowMessageA
EnumWindows
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetUpdateRgn
GetPropA
SetPropA
GetCursor
GetWindowRect
IsWindowVisible
PostMessageA
GetClientRect
ClientToScreen
RemovePropA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

Exports

Exports

SetHook
SetKeyboardFilterHook
SetKeyboardPriorityHook
SetKeyboardPriorityLLHook
SetMouseFilterHook
SetMousePriorityHook
SetMousePriorityLLHook
UnSetHook

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/客户端/KVNCProtect.exe
.exe windows:4 windows x86 arch:x86

01df25d7771f896860cccaefbff02a91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
CreateMutexA
OpenMutexA
GetModuleFileNameA
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
OpenProcess
CloseHandle
TerminateProcess
FlushInstructionCache
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetCPInfo
GetOEMCP
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetACP
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc

user32

DispatchMessageA
TranslateMessage
GetMessageA
UnregisterClassA
SetWindowLongA
GetWindowRect
CharNextA
DialogBoxParamA
EndDialog
PeekMessageA
GetWindowLongA
GetParent
GetWindow
GetActiveWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
SetTimer
PostQuitMessage
DefWindowProcA
CreateDialogParamA
IsDialogMessageA
DestroyWindow

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version2.51/客户端/KVNCView.dll
.dll windows:4 windows x86 arch:x86

60509688c4f27f81c1082cc1be3c9631

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAAsyncSelect
htons
gethostbyname
ioctlsocket
socket
setsockopt
closesocket
shutdown
WSAStartup
WSACleanup
bind
listen
accept
connect
inet_ntoa
getpeername
WSAGetLastError
send
recv

comctl32

ord17

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
CloseHandle
FindNextFileA
FindClose
FindFirstFileA
SetErrorMode
GetLogicalDriveStringsA
ReadFile
CreateFileA
WriteFile
SetFileTime
GetVersionExA
WriteConsoleA
GetStdHandle
OutputDebugStringA
AllocConsole
SetEndOfFile
SetFilePointer
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineW
GetModuleFileNameA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
WaitForSingleObject
TlsGetValue
SetThreadPriority
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
ResumeThread
VirtualQuery
InterlockedExchange
UnhandledExceptionFilter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDriveTypeA
GetCurrentDirectoryA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
SetLastError
SetUnhandledExceptionFilter
CreateThread
ExitThread
GetCommandLineA
GetFullPathNameA
GetFileAttributesA
DeleteFileW
TerminateProcess
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
RaiseException
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
Sleep
MultiByteToWideChar
GetTickCount
FormatMessageA
LocalFree
GetLastError
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

SetFocus
UnregisterClassA
GetClassLongA
SetClassLongA
SetDlgItemInt
GetDlgItemInt
GetDlgCtrlID
MapWindowPoints
DestroyAcceleratorTable
CreateAcceleratorTableA
FindWindowA
GetClassNameA
LoadKeyboardLayoutA
DestroyIcon
EnableWindow
GetDlgItem
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
DestroyMenu
PostQuitMessage
DefWindowProcA
GetSubMenu
DeleteMenu
SetMenuDefaultItem
TrackPopupMenu
GetCursorPos
CreateDialogParamA
RegisterWindowMessageA
DestroyWindow
KillTimer
SetTimer
PostMessageA
SystemParametersInfoA
AdjustWindowRectEx
GetWindowPlacement
SetWindowPlacement
SetForegroundWindow
GetMenuState
SetWindowPos
ShowWindow
ShowScrollBar
IsIconic
SetRect
ScrollWindowEx
UpdateWindow
LoadMenuA
GetWindowRect
GetClientRect
SetWindowRgn
InvalidateRect
MessageBoxA
SetScrollInfo
SetClipboardViewer
CheckMenuItem
GetSystemMenu
EnableMenuItem
SendMessageA
GetWindowLongA
GetDlgItemTextA
SetWindowLongA
LoadStringA
SetWindowTextA
DialogBoxParamA
EndDialog
SetDlgItemTextA

gdi32

GetStockObject
DeleteDC
CreateRectRgnIndirect
OffsetRgn
CreateRectRgn
SetRectRgn
DeleteObject
CombineRgn

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

?CreateKvnServer@@YAPAVIKvnServer@@PAVIKvnServerNotify@@@Z

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/客户端/KVNClient.dll
.dll windows:4 windows x86 arch:x86

67b8a44c9aa490ff895283ffdf9fe6cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

select
inet_addr
WSAStartup
htonl
bind
socket
__WSAFDIsSet
recv
send
WSAGetLastError
getsockname
getpeername
gethostbyname
accept
setsockopt
listen
ioctlsocket
htons
connect
inet_ntoa
shutdown
closesocket
WSACleanup

comctl32

ord17

kernel32

GlobalAlloc
GetSystemTime
GlobalAddAtomA
GlobalDeleteAtom
SystemTimeToFileTime
LockResource
LoadResource
SizeofResource
FindResourceA
CreateMutexA
SetCurrentDirectoryW
WideCharToMultiByte
GetCurrentDirectoryW
FindNextFileW
FindFirstFileW
OpenProcess
GetModuleFileNameA
lstrcmpA
SetProcessShutdownParameters
SetFilePointerEx
GetFileSizeEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
TlsGetValue
SetThreadPriority
TlsSetValue
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
ResumeThread
GlobalLock
InterlockedExchange
FlushFileBuffers
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
SetUnhandledExceptionFilter
HeapSize
TlsFree
SetLastError
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
CreateThread
ExitThread
GetCommandLineA
HeapReAlloc
TerminateProcess
GetModuleHandleA
ExitProcess
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
GlobalUnlock
GetVersionExA
GetComputerNameA
GetLogicalDriveStringsA
SetErrorMode
FindFirstFileA
FindNextFileA
FindClose
SetFileTime
CreateDirectoryA
Sleep
ReadFile
GetTickCount
GetCurrentThreadId
UnmapViewOfFile
GetCurrentProcessId
AllocConsole
DeleteFileA
MoveFileA
CreateFileA
SetFilePointer
SetEndOfFile
OutputDebugStringA
GetStdHandle
WriteConsoleA
WriteFile
CloseHandle
LoadLibraryA
GetLastError
GetProcAddress
GetStringTypeA
FreeLibrary
GetLocaleInfoA
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
QueryPerformanceCounter
VirtualQuery

user32

CheckMenuItem
GetMenuState
LoadMenuA
LoadIconA
MapWindowPoints
CreateDialogParamA
ExitWindowsEx
IsIconic
GetUserObjectInformationA
GetProcessWindowStation
GetWindowTextW
GetClassLongA
GetWindowTextLengthA
IsZoomed
IsWindow
PeekMessageA
WaitMessage
DispatchMessageA
ChangeClipboardChain
SetClipboardViewer
KillTimer
GetClipboardOwner
GetClipboardData
PostQuitMessage
EnumWindows
GetPropA
IsWindowVisible
SetPropA
RemovePropA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
GetSubMenu
OpenDesktopA
DestroyMenu
SystemParametersInfoA
FindWindowA
GetCursorPos
mouse_event
IntersectRect
keybd_event
SetTimer
GetForegroundWindow
GetWindowThreadProcessId
SetActiveWindow
MessageBeep
FlashWindow
DialogBoxParamA
SetForegroundWindow
EndDialog
EnumDisplaySettingsA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDC
LoadImageA
DestroyCursor
CallWindowProcA
GetParent
WindowFromPoint
IsChild
LoadBitmapA
GetWindowTextA
GetClassNameA
GetSystemMetrics
SetWindowTextA
GetWindowDC
ReleaseDC
GetDesktopWindow
DeleteMenu
SetMenuDefaultItem
TrackPopupMenu
ChangeDisplaySettingsA
EqualRect
IsRectEmpty
RegisterClassExA
CreateWindowExA
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
EnumDesktopWindows
RegisterWindowMessageA
SetWindowLongA
GetWindowLongA
GetCapture
ClientToScreen
LoadCursorA
SetCursor
BeginPaint
FillRect
EndPaint
SetCapture
ClipCursor
PostMessageA
DefWindowProcA
ReleaseCapture
GetWindowPlacement
SetWindowPos
UpdateWindow
OffsetRect
SetWindowRgn
SetRect
InflateRect
PtInRect
GetWindowRgn
InvalidateRgn
GetWindowRect
ShowWindow
DestroyWindow
MessageBoxA
GetDlgItemInt
GetFocus
SetFocus
SendMessageA
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
EnableWindow
GetKeyboardState

gdi32

OffsetRgn
SetRectRgn
GetRegionData
GetObjectA
GetBitmapBits
GetStockObject
GdiFlush
BitBlt
CreateDIBSection
SelectObject
CreatePalette
SelectPalette
RealizePalette
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateCompatibleDC
CreateDCA
ExtEscape
DeleteDC
GetSystemPaletteEntries
SetROP2
FrameRgn
CreateHatchBrush
CreateSolidBrush
CreateRectRgnIndirect
CombineRgn
GetRgnBox
DeleteObject
CreateRectRgn

advapi32

GetUserNameA
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

kvnchooks

SetMousePriorityHook
SetMousePriorityLLHook
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHook
SetHook

Exports

Exports

?CreateKvnClient@@YAPAVIKvnClient@@PAVIKvnClientNotify@@@Z

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/客户端/Readme.txt
version2.51/客户端/TcpClient.dll
.dll windows:4 windows x86 arch:x86

24c3cc6af7ab2d4f5d8a97db0ad49c6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
recv
select
WSAGetLastError
send
connect
inet_addr
htons
socket
closesocket
WSACleanup
WSAStartup

kernel32

GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SetEvent
CreateEventA
CloseHandle
InterlockedExchange
WaitForSingleObject
ResetEvent
CreateThread
RaiseException
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
VirtualQuery

Exports

Exports

?CreateTcpClient@@YAPAVITcpClient@@PAVITcpClientNotify@@@Z
?initNetwork@@YA_NXZ
?uninitNetwork@@YAXXZ

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/新云软件.url
.url
version2.51/服务器/KVNCServer.exe
.exe windows:4 windows x86 arch:x86

39c7f411b442be4df57a95fed35c93d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
getpeername
closesocket
shutdown
inet_addr

comctl32

InitCommonControlsEx

kernel32

GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrlenA
InterlockedDecrement
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
CreateMutexA
OpenMutexA
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
WritePrivateProfileStringA
DeleteFileA
CreateDirectoryA
FindNextFileA
FindClose
GetSystemTime
SetLastError
FindFirstFileA
lstrcpyA
CloseHandle
InterlockedExchange
GetLocaleInfoA
WriteFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetFilePointer
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
TlsGetValue
LCMapStringA
TlsSetValue
TlsFree
TlsAlloc
GetTimeZoneInformation
HeapSize
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
ReadFile
GetACP
CreateFileA
HeapDestroy
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetCommandLineA
GetStartupInfoA
MoveFileA
GetFullPathNameA
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc

user32

LoadStringA
GetCursorPos
ScreenToClient
SetFocus
PostMessageA
EndDialog
GetActiveWindow
DialogBoxParamA
GetWindowLongA
GetParent
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
GetDlgItem
MessageBoxA
SetTimer
GetWindowTextA
SetWindowTextA
PostQuitMessage
CharNextA
DefWindowProcA
CreateDialogParamA
IsDialogMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SetWindowLongA
UnregisterClassA
GetWindow

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

kvncview

?CreateKvnServer@@YAPAVIKvnServer@@PAVIKvnServerNotify@@@Z

tcpserver

?CreateTcpServer@@YAPAVITcpServer@@PAVITcpServerNotify@@@Z

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version2.51/服务器/KVNCServer.ini
version2.51/服务器/KVNCView.dll
.dll windows:4 windows x86 arch:x86

60509688c4f27f81c1082cc1be3c9631

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAAsyncSelect
htons
gethostbyname
ioctlsocket
socket
setsockopt
closesocket
shutdown
WSAStartup
WSACleanup
bind
listen
accept
connect
inet_ntoa
getpeername
WSAGetLastError
send
recv

comctl32

ord17

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
CloseHandle
FindNextFileA
FindClose
FindFirstFileA
SetErrorMode
GetLogicalDriveStringsA
ReadFile
CreateFileA
WriteFile
SetFileTime
GetVersionExA
WriteConsoleA
GetStdHandle
OutputDebugStringA
AllocConsole
SetEndOfFile
SetFilePointer
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineW
GetModuleFileNameA
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
WaitForSingleObject
TlsGetValue
SetThreadPriority
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
ResumeThread
VirtualQuery
InterlockedExchange
UnhandledExceptionFilter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDriveTypeA
GetCurrentDirectoryA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
SetLastError
SetUnhandledExceptionFilter
CreateThread
ExitThread
GetCommandLineA
GetFullPathNameA
GetFileAttributesA
DeleteFileW
TerminateProcess
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
RaiseException
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
Sleep
MultiByteToWideChar
GetTickCount
FormatMessageA
LocalFree
GetLastError
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

SetFocus
UnregisterClassA
GetClassLongA
SetClassLongA
SetDlgItemInt
GetDlgItemInt
GetDlgCtrlID
MapWindowPoints
DestroyAcceleratorTable
CreateAcceleratorTableA
FindWindowA
GetClassNameA
LoadKeyboardLayoutA
DestroyIcon
EnableWindow
GetDlgItem
PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
DestroyMenu
PostQuitMessage
DefWindowProcA
GetSubMenu
DeleteMenu
SetMenuDefaultItem
TrackPopupMenu
GetCursorPos
CreateDialogParamA
RegisterWindowMessageA
DestroyWindow
KillTimer
SetTimer
PostMessageA
SystemParametersInfoA
AdjustWindowRectEx
GetWindowPlacement
SetWindowPlacement
SetForegroundWindow
GetMenuState
SetWindowPos
ShowWindow
ShowScrollBar
IsIconic
SetRect
ScrollWindowEx
UpdateWindow
LoadMenuA
GetWindowRect
GetClientRect
SetWindowRgn
InvalidateRect
MessageBoxA
SetScrollInfo
SetClipboardViewer
CheckMenuItem
GetSystemMenu
EnableMenuItem
SendMessageA
GetWindowLongA
GetDlgItemTextA
SetWindowLongA
LoadStringA
SetWindowTextA
DialogBoxParamA
EndDialog
SetDlgItemTextA

gdi32

GetStockObject
DeleteDC
CreateRectRgnIndirect
OffsetRgn
CreateRectRgn
SetRectRgn
DeleteObject
CombineRgn

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

?CreateKvnServer@@YAPAVIKvnServer@@PAVIKvnServerNotify@@@Z

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/服务器/Readme.txt
version2.51/服务器/TcpServer.dll
.dll windows:4 windows x86 arch:x86

630966e35f7ea6850fdec8ccc80db9e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
select
WSAGetLastError
send
accept
listen
htonl
inet_addr
htons
bind
socket
closesocket
WSACleanup
WSAStartup

kernel32

GetTickCount
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
VirtualQuery
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
Sleep
InterlockedExchange
CreateThread
RtlUnwind
ExitProcess
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo

Exports

Exports

?CreateTcpServer@@YAPAVITcpServer@@PAVITcpServerNotify@@@Z
?initNetwork@@YA_NXZ
?uninitNetwork@@YAXXZ

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/版本更新记录.txt
version2.51/监控端/KVNCView.exe
.exe windows:4 windows x86 arch:x86

138f26345aa8ccfb6c810b2ef94304eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleA
GetStdHandle
OutputDebugStringA
AllocConsole
SetEndOfFile
SetFilePointer
CreateFileA
ReadFile
SetFilePointerEx
SetEvent
CreateEventA
WaitForSingleObject
ResetEvent
CreateThread
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
HeapFree
GetFileType
CloseHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentDirectoryA
GetDriveTypeA
GetCPInfo
GetOEMCP
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TerminateProcess
GetProcAddress
GetCommandLineA
GetStartupInfoA
GetFullPathNameA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
ExitProcess
DeleteFileA
CreateDirectoryA
FindFirstFileA
SetLastError
FindClose
FindNextFileA
lstrcatA
GetPrivateProfileStringA
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
lstrcpyA
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
InterlockedIncrement
InterlockedDecrement
Sleep
GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
GetTickCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
MulDiv
SetHandleCount
GetProcessHeap
GetLocaleInfoA
GetACP
LoadLibraryA
InterlockedExchange

user32

GetDC
UnregisterClassA
ReleaseDC
PostMessageA
GetWindowLongA
InvalidateRect
DrawEdge
IsWindowEnabled
MessageBoxA
ScreenToClient
SetWindowLongA
InflateRect
DrawFocusRect
EndPaint
KillTimer
PtInRect
GetDlgCtrlID
ReleaseCapture
SetCapture
GetCapture
UpdateWindow
CallWindowProcA
LoadStringA
OffsetRect
DrawIconEx
DefWindowProcA
DialogBoxParamA
GetActiveWindow
GetWindowTextA
CreateWindowExA
GetMenu
AdjustWindowRectEx
SetTimer
IsWindowVisible
RedrawWindow
IsZoomed
SetCursor
PostQuitMessage
MoveWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetDlgItem
SendMessageA
CreateDialogParamA
GetWindow
SystemParametersInfoA
MapWindowPoints
GetParent
SetWindowTextA
DrawIcon
LoadCursorA
LoadIconA
LoadImageA
GetIconInfo
EndDialog
IsDialogMessageA
IsWindow
LoadMenuA
GetSubMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetSystemMetrics
SetRect
DrawTextA
SetWindowRgn
EnableWindow
ShowWindow
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
BeginPaint

gdi32

SetPixelV
CombineRgn
CreateCompatibleBitmap
SetTextColor
SetRectRgn
BitBlt
CreateCompatibleDC
CreatePalette
CreateRectRgn
DeleteDC
SetBkColor
ExtTextOutA
SelectPalette
RealizePalette
SelectObject
GetDeviceCaps
DPtoLP
CreateFontIndirectA
DeleteObject
SetBkMode
SetViewportOrgEx
StretchBlt
GetObjectA
CreateRoundRectRgn
FillRgn
CreateEllipticRgn
CreateSolidBrush
CreateEllipticRgnIndirect

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr

tcpclient

?uninitNetwork@@YAXXZ
?initNetwork@@YA_NXZ
?CreateTcpClient@@YAPAVITcpClient@@PAVITcpClientNotify@@@Z

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize
ImageList_LoadImageA
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Draw

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version2.51/监控端/KVNCView.ini
version2.51/监控端/Readme.txt
version2.51/监控端/Skin/ApplicationMain.ico
version2.51/监控端/Skin/Layout.ini
version2.51/监控端/Skin/MainWnd.bmp
version2.51/监控端/TcpClient.dll
.dll windows:4 windows x86 arch:x86

24c3cc6af7ab2d4f5d8a97db0ad49c6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
recv
select
WSAGetLastError
send
connect
inet_addr
htons
socket
closesocket
WSACleanup
WSAStartup

kernel32

GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SetEvent
CreateEventA
CloseHandle
InterlockedExchange
WaitForSingleObject
ResetEvent
CreateThread
RaiseException
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
VirtualQuery

Exports

Exports

?CreateTcpClient@@YAPAVITcpClient@@PAVITcpClientNotify@@@Z
?initNetwork@@YA_NXZ
?uninitNetwork@@YAXXZ

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version2.51/配置说明.txt

Sharing

General

Malware Config

Signatures

Files

a7a462428ddd4f261a7e235f0a5115ec

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

shell32

ole32

oleaut32

kvnclient

kvncview

shlwapi

comctl32

tcpclient

psapi

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 20KB - Virtual size: 16KB

4d199a8b664d54d9b606a5f6114e777b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 9KB

.SharedD Size: 4KB - Virtual size: 72B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

01df25d7771f896860cccaefbff02a91

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

psapi

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 6KB

60509688c4f27f81c1082cc1be3c9631

Headers

File Characteristics

Imports

wsock32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 204KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 12KB - Virtual size: 15KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 9KB

.SharedD
Size: 4KB - Virtual size: 72B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 208KB - Virtual size: 204KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 60KB - Virtual size: 58KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 17KB