f588c200779d423b2c04269fa45cf86e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f588c200779d423b2c04269fa45cf86e_JaffaCakes118
Size

1.8MB
MD5

f588c200779d423b2c04269fa45cf86e
SHA1

c33f122ff1c9ee797e1927cb054aa49109661310
SHA256

15f8581ba2f25fc2eec07f4615f30c0bb16fe22d78d917c6d6b6632ae806f48d
SHA512

36cfd543852c3998e894a1c5610a1323d52b71838aab76832575223bfab1148a9085ff5cc4fa074b73808706e23a5e61dc15ba37acf131aa2229383aaecc97c6
SSDEEP

49152:2tQVM/LZ1jVrHX8MytTDM3hIWjEYLXbOFpuVi:e8MjZzatTA3RY0LOFQVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 42 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client/DeviceInfo.dll
unpack001/Client/DiskFlt.sys
unpack001/Client/DiskFltInst.exe
unpack001/Client/FileFlt.dll
unpack001/Client/FileFlt.sys
unpack001/Client/FileHook.dll
unpack001/Client/HideProc.dll
unpack001/Client/HideProc.sys
unpack001/Client/HideService.dll
unpack001/Client/HostIP.dll
unpack001/Client/HostInfo.dll
unpack001/Client/Install.exe
unpack001/Client/License.dll
unpack001/Client/NetHook.dll
unpack001/Client/NetLink.dll
unpack001/Client/NetLink.sys
unpack001/Client/PrintHook.dll
unpack001/Client/ProcFlt.dll
unpack001/Client/ProcFlt.sys
unpack001/Client/ProcProt.dll
unpack001/Client/ProcProt.sys
unpack001/Client/Process.dll
unpack001/Client/PubFun.dll
unpack001/Client/RasLink.dll
unpack001/Client/ScreenInfo.dll
unpack001/Client/SendFile.dll
unpack001/Client/SetEvent.exe
unpack001/Client/Socket.dll
unpack001/Client/UnInst.dat
unpack001/Client/UpdSvc.exe
unpack001/Client/WinSvc.exe
unpack001/Client/XmlFile.dll
unpack001/Client/ZipFun.dll
unpack001/Client/detoured.dll
unpack001/Client/wmi.dll
unpack001/Controller/HostInfo.dll
unpack001/Controller/Install.exe
unpack001/Controller/Process.dll
unpack001/Controller/PubFun.dll
unpack001/Controller/SendFile.dll
unpack001/Controller/SetEvent.exe
unpack001/Controller/Socket.dll

Files

f588c200779d423b2c04269fa45cf86e_JaffaCakes118
.rar
Client/DeviceInfo.dll
.dll windows:4 windows x86 arch:x86

39981574b9184c765137a4d084a90270

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetLastError
VirtualFree
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
GetLogicalDrives
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDescriptionA
SetupDiGetDeviceInstanceIdA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
CM_Get_Parent
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList

Exports

Exports

EnumDeviceLink
FreeDeviceLink
FreeDeviceLinkEx
GetCdRomdiskVolume
GetDiskAndPartitionNumbers
GetHarddiskNumberByEnumDevice
GetHarddiskVolume
GetUsbdiskNumberByEnumDevice
IsUsbCdromByDevInfo
IsUsbCdromByDeviceLink
IsUsbstoreByDevInfo
IsUsbstoreByDeviceLink
LinkDeviceLink
SetupDeviceState
SetupDriverState

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/DiskFlt.sys
.sys windows:6 windows x86 arch:x86

6fa6e41fab69c5634f1d0d3bb490918b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\ksdiskflt\sys\Release\i386\DiskFlt.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoAcquireRemoveLockEx
KeSetEvent
MmMapLockedPagesSpecifyCache
ObReferenceObjectByHandle
PoCallDriver
PoStartNextPowerIrp
ExAllocatePoolWithTag
IoGetDeviceProperty
wcsncpy
wcschr
_wcsnicmp
memset
ZwClose
ZwEnumerateKey
ZwOpenKey
IofCallDriver
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
KeInitializeEvent
KeClearEvent
IoGetDeviceInterfaces
IoInitializeRemoveLockEx
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
memcpy
IoCreateSymbolicLink
RtlCompareMemory
KeTickCount
KeBugCheckEx
IoReleaseRemoveLockEx
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteSymbolicLink
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/DiskFltInst.exe
.exe windows:4 windows x86 arch:x86

00d1170a34e082327454f2fb322f2b51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
DeleteFileA
CopyFileA
OutputDebugStringA
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
SetFilePointer
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

advapi32

CreateServiceA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
DeleteService
ControlService
CloseServiceHandle
OpenSCManagerA
StartServiceA
OpenServiceA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Client/FileFlt.dll
.dll windows:4 windows x86 arch:x86

144ea1c761d644cffd3e32805099b32e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetLastError
CreateFileA
SetEvent
DeviceIoControl
WaitForSingleObject
CopyFileA
DeleteFileA
CreateEventA
CreateThread
GetModuleFileNameA
GetVersion
GetSystemDirectoryA
GetCommandLineA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

wsprintfA

advapi32

DeleteService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA

Exports

Exports

FilemonInit
FilemonRead
FilemonSetCallBack
FilemonUnInit
FilemonWrite

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/FileFlt.sys
.sys windows:6 windows x86 arch:x86

38575b4a34ffb889c3a4dd8b9e3865e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\ksfilemon\filemon\Release\i386\FileFlt.pdb

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
IoAllocateIrp
KeInitializeEvent
memmove
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ExAllocatePool
sprintf
ExAcquireResourceSharedLite
memset
memcpy
strncmp
IoGetCurrentProcess
strncpy
IoDeleteDevice
IoDetachDevice
IoQueryVolumeInformation
ZwClose
ObfDereferenceObject
IoAttachDeviceByPointer
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
RtlInitUnicodeString
ExFreePoolWithTag
_strnicmp
SeQueryInformationToken
LsaFreeReturnBuffer
RtlCopyUnicodeString
SeQueryAuthenticationIdToken
IofCompleteRequest
PsGetCurrentProcessId
wcsncpy
MmMapLockedPages
ExDeleteResourceLite
ExDeleteNPagedLookasideList
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink
_stricmp
strchr
KeClearEvent
KeTickCount
KeBugCheckEx
ExReleaseResourceLite
KeLeaveCriticalRegion
KeGetCurrentThread
InterlockedPushEntrySList
ExEventObjectType
InterlockedPopEntrySList

hal

KfAcquireSpinLock
KfReleaseSpinLock

ksecdd.sys

GetSecurityUserInfo

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/FileHook.dll
.dll windows:4 windows x86 arch:x86

1e6562b07466dff947f9b11733088628

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
GetCommandLineA
CreateMutexA
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentProcessId
Sleep
CreateThread
MapViewOfFile
GetTempPathA
OpenFileMappingA
OpenMutexA
CreateEventA
OpenEventA
CloseHandle
UnmapViewOfFile
SetEvent
GetTickCount
GetDriveTypeA
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
CreateFileMappingA
GetCurrentThread
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
RtlUnwind
GetVersion
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA

detoured

Detoured

Exports

Exports

InstallHook
SetCallBack
SetFileRule
StartFileFilter
StopFileFilter
UnInstallHook

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/HideProc.dll
.dll windows:4 windows x86 arch:x86

2b5cf19743f69f1d701e5cfc22ed650b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetSystemDirectoryA
CopyFileA
DeleteFileA
GetModuleFileNameA
DeviceIoControl
CreateFileA
CloseHandle
GetLastError
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA

Exports

Exports

InsertProcess
KsHPInit
ReadDriverIo
RemoveProcess
RowDriverIo
StartHideProcess
StopHideProcess
WriteDriverIo

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/HideProc.sys
.sys windows:6 windows x86 arch:x86

ef0c6c5ddbd4c873aa680a7162b5f054

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\kshideproc\sys\Release\i386\HideProc.pdb

Imports

ntoskrnl.exe

_stricmp
ExFreePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
memcpy
ZwQuerySystemInformation
IofCompleteRequest
ExAllocatePool
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
KeServiceDescriptorTable
KeTickCount
strncpy
IoDeleteDevice
RtlUnwind
KeBugCheckEx

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/HideService.dll
.dll windows:4 windows x86 arch:x86

842dc1c6f3dd04d2c7258656003ef022

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
GetModuleFileNameA
GetCurrentProcessId
GetLastError
MultiByteToWideChar
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
SuspendThread
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
GetCommandLineA
GetVersion
RtlUnwind
ExitProcess
TerminateProcess
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

detoured

Detoured

Exports

Exports

InstallHook
SetServiceName
UnInstallHook

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/HostIP.dll
.dll windows:4 windows x86 arch:x86

580ba92fa8dfff745be2d20be0444989

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
InterlockedExchange
WideCharToMultiByte
Sleep
CreateThread
GetCurrentThread
GetLocalTime
MapViewOfFile
CreateFileMappingA
ReleaseMutex
OpenMutexA
CreateEventA
OpenEventA
UnmapViewOfFile
SetEvent
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
CloseHandle
GetCurrentProcessId
GetModuleFileNameA
CreateMutexA
InterlockedCompareExchange
MultiByteToWideChar
FreeLibrary
LoadLibraryA
OpenFileMappingA
GetProcAddress
ResumeThread
VirtualProtect
VirtualQuery
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

SetSecurityDescriptorDacl
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

ws2_32

inet_addr
inet_ntoa

detoured

Detoured

Exports

Exports

EnumAdapterInfo
EnumRegAdapterInfo
FreeAdapterInfo
FreeRegAdapterInfo
InstallHook
SetIpBindRule
SetKsIPCallBack
SetLocalIP
StartIpBind
StopIpBind

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/HostInfo.dll
.dll windows:4 windows x86 arch:x86

1ac55eb9d3102c51683915e66d99b74b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetVersion
GetVolumeInformationA
GetSystemDirectoryA
OpenProcess
Process32Next
lstrcmpiA
GetModuleFileNameA
CreateToolhelp32Snapshot
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDefaultLCID
GetProcAddress
GetVersionExA
CreateFileA
DeviceIoControl
Process32First
CloseHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA

netapi32

Netbios

ws2_32

gethostbyname
gethostname

Exports

Exports

KsGetHarddiskId
KsGetHarddiskTotalNumberOfBytes
KsGetHostNameIP
KsGetLoginUser
KsGetMacAddress
KsGetMacString
KsGetOsVersion
KsGetProcessRunRate
KsGetProcessUser
KsGetSystemVolumeSerial

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/IP.ini
Client/Install.exe
.exe windows:4 windows x86 arch:x86

4ff32c2f3d63b8c567f950f33a376b00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr

mfc42

ord5254
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord2385
ord5280
ord4441
ord5261
ord2446
ord4425
ord3597
ord324
ord641
ord4234
ord2379
ord5953
ord6199
ord6197
ord6880
ord3092
ord2864
ord4710
ord5241
ord4224
ord3098
ord6334
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord5290
ord3402
ord4424
ord3708
ord800
ord616
ord781
ord860
ord540
ord567
ord2370
ord2299
ord2302
ord2358
ord2652
ord1669
ord1168
ord858
ord3499
ord2515
ord355
ord4132
ord6136
ord6134
ord3876
ord2642
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2086
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord6438
ord4853
ord2863
ord3698
ord765
ord537
ord3097
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord674
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord3619
ord1641
ord5875
ord5788
ord5787
ord283
ord472
ord3626
ord3663
ord2414
ord1768
ord4287
ord3089
ord4476
ord5981
ord1842
ord4242
ord5103
ord3350
ord975
ord4151
ord1576
ord366
ord4299
ord4457
ord5252
ord686
ord384
ord2862
ord2097
ord3297
ord3733
ord810
ord4271
ord3914
ord6008
ord4275
ord3742
ord3744
ord818
ord6242
ord1200
ord2818
ord3610
ord2582
ord4402
ord3370
ord3640
ord693
ord656
ord6907
ord3998
ord3874
ord5856
ord3302
ord2289
ord535
ord922
ord924
ord926
ord939
ord5710
ord4129
ord2764
ord801
ord541
ord6143
ord2763
ord4277
ord5572
ord2915
ord6883
ord6283
ord6282
ord536
ord825
ord401
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2445
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord5283
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878
ord2879
ord3403
ord5472
ord976
ord5012
ord3351
ord4303
ord4467
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord4245
ord1858
ord823
ord6080
ord5282

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
_strdup
_strnicmp
_itoa
__CxxFrameHandler
sprintf
vsprintf
strrchr
strstr
malloc
free
_access
_CxxThrowException
strchr
_mbscmp
strncpy
_except_handler3
strncmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

kernel32

SetCurrentDirectoryA
CreateFileA
GetFileSize
ReadFile
CloseHandle
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersionExA
GetModuleFileNameA
GetLocalTime
CopyFileA
SetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateThread
Sleep
GetCurrentDirectoryA
CreateDirectoryA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
ExitProcess
GetCurrentProcess
WriteFile
CreateProcessA
WaitForSingleObject

user32

MessageBoxA
SetWindowTextA
GetMenuItemID
GetMenuStringA
GetSystemMenu
SetMenu
RemoveMenu
GetMenuItemCount
ShowWindow
GetMenu
InvalidateRect
GetWindowRect
GetParent
EnableWindow
SendMessageA
SendDlgItemMessageA
SetDlgItemTextA
GetClientRect
CloseWindow
GetDesktopWindow
SetFocus
EndDialog
GetWindowTextA
GetDlgItem
SetWindowLongA
CreateWindowExA
ScreenToClient
wsprintfA
ExitWindowsEx
EnableMenuItem
UpdateWindow

gdi32

GetStockObject
Rectangle
CreateFontA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
GetErrorInfo

odbc32

ord24
ord75
ord55
ord9
ord31

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Client/License.dat
Client/License.dll
.dll windows:4 windows x86 arch:x86

002aa54aa823a9f0f7b68edfa75441f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

Exports

Exports

FreeLicense
ReadLicense
WriteLicense

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/NetHook.dll
.dll windows:4 windows x86 arch:x86

97b4dd67ccf55e4da7b35fe88e38acba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
GetTickCount
DeleteFileA
GetCurrentThread
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenMutexA
CreateEventA
OpenEventA
CloseHandle
UnmapViewOfFile
WaitForSingleObject
InterlockedCompareExchange
GetTempPathA
GetModuleFileNameA
GetCurrentProcessId
Sleep
GetLastError
CreateThread
InterlockedExchange
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
ReleaseMutex
CreateMutexA
SetEvent
ResumeThread
VirtualProtect
VirtualQuery
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
HeapFree
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetFileAttributesA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
HeapSize
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA

ws2_32

ntohl
WSAConnect
WSASend
WSASendTo
WSARecv
WSARecvFrom
ntohs
connect
send
sendto
recv
recvfrom
closesocket
getsockname
getpeername
socket

detoured

Detoured

Exports

Exports

NetHookMailFilter
NetHookSetMailCallBack
NetHookSetMailRule
NetHookSetUrlCallBack
NetHookSetUrlRule
NetHookStart
NetHookStop
NetHookUrlFilter

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/NetLink.dll
.dll windows:4 windows x86 arch:x86

28be93fe1720902886d3e5f95841f568

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
CreateEventA
WaitForSingleObject
Sleep
GetSystemDirectoryA
CopyFileA
DeleteFileA
GetModuleFileNameA
DeviceIoControl
CreateFileA
CloseHandle
GetCurrentProcessId
GetLastError
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
OpenSCManagerA
DeleteService
ControlService
StartServiceA
CreateServiceA
OpenServiceA
CloseServiceHandle
InitializeSecurityDescriptor

Exports

Exports

InitNetLink
ReadNetLink
SetNetLinkCallBack
WriteNetLink

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/NetLink.sys
.sys windows:6 windows x86 arch:x86

fb3033de0f4a7d3d778f641c0efad0e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\ksnetlink\netlink\Release\i386\NetLink.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ObReferenceObjectByHandle
ExEventObjectType
strncmp
IoGetCurrentProcess
strncpy
ExSystemTimeToLocalTime
KeQuerySystemTime
IoCreateSymbolicLink
IoCreateDevice
ObfDereferenceObject
KeWaitForSingleObject
ExFreePoolWithTag
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
memcpy
_strnicmp
sprintf
RtlTimeToTimeFields
_stricmp
_alldiv
memset
PsGetCurrentProcessId
KeSetEvent
KeClearEvent
KeTickCount
KeBugCheckEx
ExAllocatePool
IofCallDriver
IofCompleteRequest

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/PrintHook.dll
.dll windows:4 windows x86 arch:x86

5296799d896c17b392d6b5aa860ca3db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentProcessId
InterlockedExchange
OutputDebugStringA
Sleep
CreateThread
ReleaseMutex
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitForSingleObject
GetTempPathA
OpenMutexA
CreateEventA
OpenEventA
CloseHandle
UnmapViewOfFile
SetEvent
GetLocalTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
WideCharToMultiByte
CreateMutexA
GetCurrentThread
VirtualQuery
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
ExitProcess
TerminateProcess
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
DeleteCriticalSection
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

winspool.drv

GetPrinterA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA

detoured

Detoured

Exports

Exports

InstallHook
SetCallBack
SetPrintRule
StartPrintFilter
StopPrintFilter
UnInstallHook

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ProcFlt.dll
.dll windows:4 windows x86 arch:x86

18cda567b55ac5031e7f1c2296d968ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
ExitProcess
CreateThread
CopyFileA
DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
DeviceIoControl
GetVersion
CreateFileA
CloseHandle
WaitForSingleObject
GetLastError
GetCommandLineA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
InitializeSecurityDescriptor

Exports

Exports

MainInit
MainUnInit
ReadDriver
SetCallBackFun
WriteDriver

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ProcFlt.sys
.sys windows:6 windows x86 arch:x86

b7227219df678eccfdca78ac25902f1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\ksprocflt\ksprocflt\Release\i386\ProcFlt.pdb

Imports

ntoskrnl.exe

strncmp
IoGetCurrentProcess
ExAllocatePool
memset
ExFreePoolWithTag
_strnicmp
sprintf
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
_stricmp
strchr
RtlInitUnicodeString
ObReferenceObjectByHandle
ExEventObjectType
KeSetEvent
KeClearEvent
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
IoCreateSymbolicLink
IoCreateDevice
memcpy
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
IofCompleteRequest
IoDeleteDevice

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ProcProt.dll
.dll windows:4 windows x86 arch:x86

949d31964883b9cc5635d6352a7bfd3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
DeviceIoControl
GetVersion
CreateFileA
CloseHandle
GetLastError
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

SetSecurityDescriptorDacl
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
InitializeSecurityDescriptor

Exports

Exports

MainInit
MainUnInit
ReadDriver
WriteDriver

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ProcProt.sys
.sys windows:6 windows x86 arch:x86

35b14550208065114e03a1b1de1742b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\kernelsword\tersecsys_src\ksprocprot\procprotsys\Release\i386\ProcProt.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
strncmp
IoGetCurrentProcess
strncpy
KeServiceDescriptorTable
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
ZwTerminateProcess
memset
_stricmp
PsLookupProcessByProcessId
PsGetCurrentProcessId
KeTickCount
KeBugCheckEx
IoDeleteDevice
ExFreePoolWithTag
IofCompleteRequest
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/Process.dll
.dll windows:4 windows x86 arch:x86

0d00593dd0af4bf90d9f9ce3f2200120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LocalFree
lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
DuplicateHandle
OpenProcess
TerminateProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
GetProcAddress
LoadLibraryA
FreeLibrary
SearchPathA
lstrcmpiA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
_lopen
GetFileTime
_lclose
UnmapViewOfFile
CloseHandle
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

GetWindowTextA
IsWindow
IsWindowVisible
wsprintfA
EnumWindows
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
GetTokenInformation
LookupAccountSidA
LookupPrivilegeValueA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

KsEnumProcess
KsEnumProcessModule
KsFreeProcessInfoLink
KsFreeProcessModuleInfoLink

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/PubFun.dll
.dll windows:4 windows x86 arch:x86

a1a398f0f9678cdb7897b96dc43e9b28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

Exports

Exports

KsBase64DeCode
KsBase64EnCode
KsCRC16
KsCRC32
KsEnDeCode
KsEnDeCodeBase64
KsEnDeCodeBase64Ex
KsFreeEnCodeFileData
KsFreeFileData
KsGetFileCrc32Code
KsGetFileMd5Code
KsGetMd5Code
KsGetMd5CodeBase64
KsGetMd5Key
KsReadEnCodeFileData
KsReadFileData
KsWriteEnCodeFileData
KsWriteFileData

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/RasLink.dll
.dll windows:4 windows x86 arch:x86

172c40a5aa4dbc9c50e08d4463fe0754

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetVersion
GetLocalTime
GetProcAddress
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
OpenProcess
Sleep
CloseHandle
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

SetSecurityDescriptorDacl
GetUserNameA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
InitializeSecurityDescriptor

Exports

Exports

SetRasCallBack
SetRasRule
StartRasFlt
StopRasFlt

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ScreenInfo.dll
.dll windows:4 windows x86 arch:x86

2946c2880b1884c0314c30884f4fc8b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
CloseHandle
ReadFile
DeleteFileA
GetModuleFileNameA
GetTempPathA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalFree
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
WriteFile
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
VirtualAlloc
HeapReAlloc
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetDC
GetWindowRect
ReleaseDC
GetDesktopWindow

gdi32

GetObjectA
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
GetStockObject

Exports

Exports

CatchJpgScreen
FreeScreenDIB
FreeScreenData
GetScreenDIB
ScreenDibToScreenData

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/SendFile.dll
.dll windows:4 windows x86 arch:x86

bd29fe820a451737715d620ed0951d1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
CloseHandle
SetEvent
EnterCriticalSection
GetFileAttributesA
GetFileType
GetFileTime
Sleep
MapViewOfFile
CreateFileMappingA
GetFileSize
GetLastError
LeaveCriticalSection
SetFileAttributesA
DeleteFileA
SetFileTime
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CreateDirectoryA
CopyFileA
WaitForSingleObject
CreateThread
CreateEventA
CreateProcessA
InitializeCriticalSection
CreateFileA
GetModuleFileNameA
RtlUnwind
MoveFileA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteA

Exports

Exports

KsFreeRecvFileHandle
KsMakeRecvFileHandle
KsReadFileBrokenPos
KsRecvFile
KsSendFile
KsSendFileQueue
KsStopSendFileQueue

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/SetEvent.exe
.exe windows:4 windows x86 arch:x86

cf6c227eacfd269a8ee50837ab5f9b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
SetEvent
Sleep
GetCurrentProcess
OpenEventA
CloseHandle
ExitProcess
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Client/Setup.xml
Client/Sid.ini
Client/Socket.dll
.dll windows:4 windows x86 arch:x86

6f5db4c36f94a24720ecc1561d3ce069

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
GetCPInfo
GetACP

user32

GetMessageA
PeekMessageA
DispatchMessageA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor

ws2_32

connect
WSAStartup
WSACleanup
select
socket
inet_addr
htonl
bind
listen
__WSAFDIsSet
accept
closesocket
send
recv
WSAGetLastError
htons

Exports

Exports

KsConnect
KsFreeTcpData
KsRecvDataFromSocket
KsRecvTcpData
KsSendDataFromSocket
KsSendTcpData
KsSockInit
KsSocketTimeOut
KsStartupTcpListen
KsWaitForSocket
KsWinSockStartUp

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/UnInst.dat
.exe windows:4 windows x86 arch:x86

b89ef45ab89c5f18c6bc857e5430d91b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3402
ord3698
ord2582
ord6055
ord1776
ord4998
ord5290
ord3370
ord3640
ord1146
ord1168
ord567
ord384
ord2302
ord6199
ord2862
ord2097
ord4287
ord3092
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord6007
ord2642
ord6453
ord5875
ord3089
ord4476
ord3998
ord4853
ord4376
ord5265
ord2514
ord693
ord765
ord686
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4402
ord4673
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_setmbcp
_strnicmp
_strdup
_stricmp
strrchr
__p___argv
__p___argc
__CxxFrameHandler
fclose
fwrite
fopen
_except_handler3
_initterm
__getmainargs
sprintf
__dllonexit
_acmdln
exit
_XcptFilter
_exit
_onexit
_controlfp

kernel32

Sleep
GetModuleFileNameA
SetCurrentDirectoryA
GetPrivateProfileStringA
GetModuleHandleA
GetStartupInfoA
GetCurrentDirectoryA
WinExec
CreateThread
GetLastError
GetCurrentProcess
CloseHandle
WaitForSingleObject
CreateProcessA
GetVersionExA
lstrlenA
GetWindowsDirectoryA
GetPrivateProfileIntA
SetFileAttributesA
DeleteFileA
GetSystemDirectoryA

user32

PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
MessageBoxA
EnableWindow
ExitWindowsEx
LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu

gdi32

GetStockObject

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceStatus
ControlService
OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHChangeNotify
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Client/UpdSvc.exe
.exe windows:4 windows x86 arch:x86

a68fac11257694f60ec191cadbc43ccc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
CopyFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
GetLastError
CreateMutexA
CloseHandle
Sleep
SetEvent
FindClose
OpenEventA
OutputDebugStringA
GetCurrentProcess
SetCurrentDirectoryA
WaitForSingleObject
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
CreateEventA
GetProcAddress
LCMapStringW
LCMapStringA
ExitProcess
TerminateProcess
MoveFileA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

ws2_32

closesocket

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Client/WinSvc.exe
.exe windows:4 windows x86 arch:x86

ce0f93151975564c4db55b1e9ab4c016

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalMemoryStatus
GetVolumeInformationA
GetLogicalDriveStringsA
CreateEventA
WideCharToMultiByte
WaitForSingleObject
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
FlushFileBuffers
WriteFile
GetPrivateProfileStringA
SetEvent
GlobalAlloc
SetCurrentDirectoryA
CreateProcessA
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
GetVersion
OpenEventA
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
DeleteFileA
GetDiskFreeSpaceExA
Sleep
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcessId
GetLogicalDrives
GetDriveTypeA
DeviceIoControl
CloseHandle
CreateFileA
GetCurrentProcess
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
ExitProcess
GetCommandLineA
HeapFree
MoveFileA
HeapAlloc
RtlUnwind
GetFileAttributesA
GetStartupInfoA

user32

GetDesktopWindow
mouse_event
SetCursorPos
GetWindowRect

advapi32

InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
DeleteService
ChangeServiceConfigA
ControlService
QueryServiceStatus
StartServiceA
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A

ws2_32

inet_ntoa
closesocket
ntohl
inet_addr

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_DevNode_Status
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller

pdh

PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA

netapi32

NetUserGetInfo
NetUserSetInfo
NetUserDel
NetUserEnum
NetApiBufferFree

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Client/XmlFile.dll
.dll windows:4 windows x86 arch:x86

fbe9990835e680ba987b0fed23b41e94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
CloseHandle
WideCharToMultiByte
LocalFree
GetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
HeapSize
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantCopy
VariantClear
GetErrorInfo

Exports

Exports

KsXmlFileExist
KsXmlFindSubNode
KsXmlFreeBuffer
KsXmlFreeHandle
KsXmlFreeXmlFile
KsXmlGetFirstChild
KsXmlGetLastChild
KsXmlGetNextSibling
KsXmlGetNodeAttributePointer
KsXmlGetNodeAttributeText
KsXmlGetNodeAttributesPointer
KsXmlGetNodeNamePointer
KsXmlGetNodeNameText
KsXmlGetNodeType
KsXmlGetNodeValuePointer
KsXmlGetNodeValueText
KsXmlGetNodeXmlPointer
KsXmlGetNodeXmlText
KsXmlGetParentNode
KsXmlGetPrevSibling
KsXmlGetSubNodeValuePointer
KsXmlGetSubNodeValueText
KsXmlGetXmlRoot
KsXmlLoadXmlFile
KsXmlLoadXmlText
KsXmlMakeChildNode
KsXmlMakeNodeAttribute
KsXmlMakeXmlHandle
KsXmlPushText
KsXmlSaveXmlFile

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/ZipFun.dll
.dll windows:4 windows x86 arch:x86

555f3c9d36c3d19f71ee2ca11ec68112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
RaiseException
HeapFree
HeapAlloc
RtlUnwind
GetLastError
GetFileAttributesA
GetCommandLineA
GetVersion
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
SetStdHandle
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle
LCMapStringA
LCMapStringW
CreateFileA
DeleteFileA
ReadFile
SetEndOfFile

Exports

Exports

KsUnZipFun
KsZipFun

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/detoured.dll
.dll windows:4 windows x86 arch:x86

6c8408bb5d7d5a5b75b9314f94e68763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

Exports

Exports

Detoured

Sections

.text
Size: 4KB - Virtual size: 42B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/wmi.dll
.dll windows:4 windows x86 arch:x86

4df7dfcfef786a4406be63d054e55b42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
InterlockedDecrement
CloseHandle
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapReAlloc
HeapSize
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
SetFilePointer
InterlockedIncrement
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Exports

Exports

KsWmiMainExecQuery
KsWmiMainGetRecordEnter
KsWmiMainGetRecordLeave
KsWmiMainGetValue
KsWmiMainInit
KsWmiMainUnInit

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Controller/2010Black_Aero.skn
Controller/Amazing_Aero.skn
Controller/Andromeda.skn
Controller/BlueBrilliant.skn
Controller/Charm.skn
Controller/HostInfo.dll
.dll windows:4 windows x86 arch:x86

1ac55eb9d3102c51683915e66d99b74b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetVersion
GetVolumeInformationA
GetSystemDirectoryA
OpenProcess
Process32Next
lstrcmpiA
GetModuleFileNameA
CreateToolhelp32Snapshot
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDefaultLCID
GetProcAddress
GetVersionExA
CreateFileA
DeviceIoControl
Process32First
CloseHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA

netapi32

Netbios

ws2_32

gethostbyname
gethostname

Exports

Exports

KsGetHarddiskId
KsGetHarddiskTotalNumberOfBytes
KsGetHostNameIP
KsGetLoginUser
KsGetMacAddress
KsGetMacString
KsGetOsVersion
KsGetProcessRunRate
KsGetProcessUser
KsGetSystemVolumeSerial

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Controller/InnovEx.skn
Controller/Install.exe
.exe windows:4 windows x86 arch:x86

4ff32c2f3d63b8c567f950f33a376b00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr

mfc42

ord5254
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord2385
ord5280
ord4441
ord5261
ord2446
ord4425
ord3597
ord324
ord641
ord4234
ord2379
ord5953
ord6199
ord6197
ord6880
ord3092
ord2864
ord4710
ord5241
ord4224
ord3098
ord6334
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord5290
ord3402
ord4424
ord3708
ord800
ord616
ord781
ord860
ord540
ord567
ord2370
ord2299
ord2302
ord2358
ord2652
ord1669
ord1168
ord858
ord3499
ord2515
ord355
ord4132
ord6136
ord6134
ord3876
ord2642
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2086
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord6438
ord4853
ord2863
ord3698
ord765
ord537
ord3097
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord674
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord3619
ord1641
ord5875
ord5788
ord5787
ord283
ord472
ord3626
ord3663
ord2414
ord1768
ord4287
ord3089
ord4476
ord5981
ord1842
ord4242
ord5103
ord3350
ord975
ord4151
ord1576
ord366
ord4299
ord4457
ord5252
ord686
ord384
ord2862
ord2097
ord3297
ord3733
ord810
ord4271
ord3914
ord6008
ord4275
ord3742
ord3744
ord818
ord6242
ord1200
ord2818
ord3610
ord2582
ord4402
ord3370
ord3640
ord693
ord656
ord6907
ord3998
ord3874
ord5856
ord3302
ord2289
ord535
ord922
ord924
ord926
ord939
ord5710
ord4129
ord2764
ord801
ord541
ord6143
ord2763
ord4277
ord5572
ord2915
ord6883
ord6283
ord6282
ord536
ord825
ord401
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2445
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4436
ord4837
ord3798
ord1665
ord2649
ord5283
ord4353
ord6374
ord5163
ord2382
ord5237
ord4407
ord1776
ord4077
ord6055
ord4152
ord2878
ord2879
ord3403
ord5472
ord976
ord5012
ord3351
ord4303
ord4467
ord5104
ord5100
ord3059
ord2390
ord2723
ord2101
ord5101
ord4245
ord1858
ord823
ord6080
ord5282

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
_strdup
_strnicmp
_itoa
__CxxFrameHandler
sprintf
vsprintf
strrchr
strstr
malloc
free
_access
_CxxThrowException
strchr
_mbscmp
strncpy
_except_handler3
strncmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

kernel32

SetCurrentDirectoryA
CreateFileA
GetFileSize
ReadFile
CloseHandle
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersionExA
GetModuleFileNameA
GetLocalTime
CopyFileA
SetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateThread
Sleep
GetCurrentDirectoryA
CreateDirectoryA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
ExitProcess
GetCurrentProcess
WriteFile
CreateProcessA
WaitForSingleObject

user32

MessageBoxA
SetWindowTextA
GetMenuItemID
GetMenuStringA
GetSystemMenu
SetMenu
RemoveMenu
GetMenuItemCount
ShowWindow
GetMenu
InvalidateRect
GetWindowRect
GetParent
EnableWindow
SendMessageA
SendDlgItemMessageA
SetDlgItemTextA
GetClientRect
CloseWindow
GetDesktopWindow
SetFocus
EndDialog
GetWindowTextA
GetDlgItem
SetWindowLongA
CreateWindowExA
ScreenToClient
wsprintfA
ExitWindowsEx
EnableMenuItem
UpdateWindow

gdi32

GetStockObject
Rectangle
CreateFontA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
GetErrorInfo

odbc32

ord24
ord75
ord55
ord9
ord31

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Controller/Magnificient.skn
Controller/Office2010_Black.skn
Controller/Office2010_Silver.skn
Controller/Process.dll
.dll windows:4 windows x86 arch:x86

0d00593dd0af4bf90d9f9ce3f2200120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LocalFree
lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
DuplicateHandle
OpenProcess
TerminateProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesA
GetProcAddress
LoadLibraryA
FreeLibrary
SearchPathA
lstrcmpiA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
_lopen
GetFileTime
_lclose
UnmapViewOfFile
CloseHandle
FlushFileBuffers
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

GetWindowTextA
IsWindow
IsWindowVisible
wsprintfA
EnumWindows
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
GetTokenInformation
LookupAccountSidA
LookupPrivilegeValueA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

KsEnumProcess
KsEnumProcessModule
KsFreeProcessInfoLink
KsFreeProcessModuleInfoLink

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Controller/PubFun.dll
.dll windows:4 windows x86 arch:x86

a1a398f0f9678cdb7897b96dc43e9b28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

Exports

Exports

KsBase64DeCode
KsBase64EnCode
KsCRC16
KsCRC32
KsEnDeCode
KsEnDeCodeBase64
KsEnDeCodeBase64Ex
KsFreeEnCodeFileData
KsFreeFileData
KsGetFileCrc32Code
KsGetFileMd5Code
KsGetMd5Code
KsGetMd5CodeBase64
KsGetMd5Key
KsReadEnCodeFileData
KsReadFileData
KsWriteEnCodeFileData
KsWriteFileData

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Controller/SendFile.dll
.dll windows:4 windows x86 arch:x86

bd29fe820a451737715d620ed0951d1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
CloseHandle
SetEvent
EnterCriticalSection
GetFileAttributesA
GetFileType
GetFileTime
Sleep
MapViewOfFile
CreateFileMappingA
GetFileSize
GetLastError
LeaveCriticalSection
SetFileAttributesA
DeleteFileA
SetFileTime
SetEndOfFile
SetFilePointer
UnmapViewOfFile
CreateDirectoryA
CopyFileA
WaitForSingleObject
CreateThread
CreateEventA
CreateProcessA
InitializeCriticalSection
CreateFileA
GetModuleFileNameA
RtlUnwind
MoveFileA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteA

Exports

Exports

KsFreeRecvFileHandle
KsMakeRecvFileHandle
KsReadFileBrokenPos
KsRecvFile
KsSendFile
KsSendFileQueue
KsStopSendFileQueue

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Controller/SetEvent.exe
.exe windows:4 windows x86 arch:x86

cf6c227eacfd269a8ee50837ab5f9b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
SetEvent
Sleep
GetCurrentProcess
OpenEventA
CloseHandle
ExitProcess
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Controller/Setup.xml
Controller/SnowLeopard.skn
Controller/Socket.dll
.dll windows:4 windows x86 arch:x86

6f5db4c36f94a24720ecc1561d3ce069

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
GetCPInfo
GetACP

user32

GetMessageA
PeekMessageA
DispatchMessageA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor

ws2_32

connect
WSAStartup
WSACleanup
select
socket
inet_addr
htonl
bind
listen
__WSAFDIsSet
accept
closesocket
send
recv
WSAGetLastError
htons

Exports

Exports

KsConnect
KsFreeTcpData
KsRecvDataFromSocket
KsRecvTcpData
KsSendDataFromSocket
KsSendTcpData
KsSockInit
KsSocketTimeOut
KsStartupTcpListen
KsWaitForSocket
KsWinSockStartUp

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39981574b9184c765137a4d084a90270

Headers

File Characteristics

Imports

kernel32

setupapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 3KB

6fa6e41fab69c5634f1d0d3bb490918b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 512B - Virtual size: 312B

.data Size: 512B - Virtual size: 36B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 1024B - Virtual size: 600B

00d1170a34e082327454f2fb322f2b51

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 16KB

144ea1c761d644cffd3e32805099b32e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

38575b4a34ffb889c3a4dd8b9e3865e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ksecdd.sys

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 1KB - Virtual size: 1KB

1e6562b07466dff947f9b11733088628

Headers

File Characteristics

Imports

kernel32

user32

advapi32

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 312B

.data
Size: 512B - Virtual size: 36B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 1024B - Virtual size: 600B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 19KB

.SHARDAT
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 340B

.data
Size: 512B - Virtual size: 24B

INIT
Size: 1024B - Virtual size: 640B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 17KB

.SHARDAT
Size: 4KB - Virtual size: 200B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 18KB

.SHARDAT
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 5KB