00fbcbffe57357ae9cb612f907a439ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00fbcbffe57357ae9cb612f907a439ff_JaffaCakes118
Size

43.9MB
MD5

00fbcbffe57357ae9cb612f907a439ff
SHA1

f8923d6fa0bbe5671b0e6c4bab69bd678f238421
SHA256

a22c1442be9ce6534b16eb656b916d7e5f2f97f01dc26f3122366b779022cf70
SHA512

db962120f1b5dd6202f0118969b814ecb6a1649ad952471c61861d8cde9231e2a28f6fd09e3dc86810821a1cc2fea96d99f2cb0625c6b0e7e27d32517c6cbd18
SSDEEP

786432:ifCW4tAxmaQafX9Ew74RMMJ1QIdX3UCR4Z4JQ9v/UoOLS/wqNvPDxLlB:iPmVoNEwkRMMnQIZCZKQ9/Ug/nFH

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/UpdateLab.dll	aspack_v212_v242
static1/unpack001/tmp/Update.exe	aspack_v212_v242

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Unsigned PE 31 IoCs

Checks for missing Authenticode signature.

resource
00fbcbffe57357ae9cb612f907a439ff_JaffaCakes118
unpack001/$PLUGINSDIR/HwInfo.dll
unpack001/$PLUGINSDIR/MoreInfo.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Captcha.dll
unpack001/Core.dll
unpack001/FastVerCode.dll
unpack001/FuncLib.dll
unpack001/Library/ChangeIpLib.dll
unpack001/Library/Interop.MSScriptControl.dll
unpack001/Library/Interop.WinHttp.dll
unpack001/Library/Ionic.Zip.dll
unpack001/Library/LuaInterface.dll
unpack001/Library/NPOI.dll
unpack001/Library/Newtonsoft.Json.dll
unpack001/Library/QQCollection.dll
unpack001/Library/RWXComLibrary.dll
unpack001/Library/System.Data.SQLite.dll
unpack001/Library/lua51.dll
unpack001/ModelService.dll
unpack001/RWXComLibrary.dll
unpack001/UI.dll
unpack001/UUWiseHelper.dll
unpack001/UpdateLab.dll
unpack001/dc.dll
unpack001/tmp/Update.exe
unpack001/x64/SQLite.Interop.dll
unpack001/x86/SQLite.Interop.dll
unpack001/.exe
unpack001/޸.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

00fbcbffe57357ae9cb612f907a439ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HwInfo.dll
.dll windows:4 windows x86 arch:x86

4e6a4062a56dafcc8b54b60996e9ff37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\My Dev Projects\HwInfo\Release\HwInfo.pdb

Imports

ddraw

DirectDrawCreateEx

kernel32

GetPriorityClass
GetCurrentProcess
GlobalMemoryStatus
GetThreadPriority
SetPriorityClass
CloseHandle
GetCurrentThread
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
TerminateProcess
HeapSize
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
RaiseException
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
FlushFileBuffers

user32

GetDesktopWindow
GetDC
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

??0CHardwareInfo@@QAE@ABV0@@Z
??0CHardwareInfo@@QAE@XZ
??1CHardwareInfo@@UAE@XZ
??4CHardwareInfo@@QAEAAV0@ABV0@@Z
??_7CHardwareInfo@@6B@
?GetCPUDescription@CHardwareInfo@@QAEXPAD@Z
?GetCPUSpeed@CHardwareInfo@@QAEXAAH@Z
?GetTotalSystemMemory@CHardwareInfo@@QAEXAAH@Z
?GetVideoAdapterDescription@CHardwareInfo@@QAEXPAD@Z
?GetVideoAdapterTotalMemory@CHardwareInfo@@QAEXAAH@Z
GetCpuNameAndSpeed
GetCpuSpeed
GetSystemMemory
GetVideoCardMemory
GetVideoCardName

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

CODE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/WIC.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:d4:7b:0b:a3:e3:68:0e:6e:67:49:83:38:4f:ad:9d:b2:b5:4d:11
Signer

Actual PE Digest

76:d4:7b:0b:a3:e3:68:0e:6e:67:49:83:38:4f:ad:9d:b2:b5:4d:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/WinInstaller45.exe
.exe windows:6 windows x86 arch:x86

efa5f35372e4d62ace30c793506bd914

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:75:57:3f:d3:d5:8c:7f:e3:8b:db:bb:92:bd:58:a2:51:de:43:39
Signer

Actual PE Digest

95:75:57:3f:d3:d5:8c:7f:e3:8b:db:bb:92:bd:58:a2:51:de:43:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

advapi32

InitiateSystemShutdownA
GetLengthSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor

kernel32

MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
SetFilePointer
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
HeapAlloc

user32

EndDialog
MessageBoxA
LoadStringA
ShowWindow
SendDlgItemMessageA
DialogBoxParamA
SendMessageA
SetParent

msvcrt

strncpy
_snprintf
sprintf
memcpy
toupper
_strcmpi
_strlwr
strrchr
_stricmp
_strnicmp
strchr
memset
strstr

ntdll

NtShutdownSystem
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
RtlUnwind

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.1MB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APK Packages/XYAZ-Installer.exe
.exe windows:5 windows x86 arch:x86

1ff847646487d56f85778df99ff3728a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:28:d5:54:32:96:bf:e4:27:d4:3b:8d:dc:0a:20:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2017, 23:59

Subject

CN=上海迈微软件科技有限公司,O=上海迈微软件科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:83:af:1d:82:83:87:37:82:0c:47:55:b8:c5:f5:ee:67:0b:0e:f4
Signer

Actual PE Digest

38:83:af:1d:82:83:87:37:82:0c:47:55:b8:c5:f5:ee:67:0b:0e:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lclose
GetModuleFileNameA
_lread
_llseek
_lopen
_lwrite
_lcreat
CreateDirectoryA
SetCurrentDirectoryA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceA
GetFileAttributesA
RemoveDirectoryA
DeleteFileA
lstrlenA
GetCurrentDirectoryA
CloseHandle
GetExitCodeProcess
GetLastError
LocalFree
GetCurrentProcess
MoveFileExA
Sleep
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
RtlUnwind
HeapSize
lstrcpyA
GetTempPathA
CompareStringA
IsValidCodePage
GetOEMCP
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP

user32

TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
LoadCursorA
SetCursor
MessageBoxA
MsgWaitForMultipleObjects

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APK Packages/rwxapphelp.apk
.apk android

com.rwx.apphelp

com.rwx.apphelp.MainActivity

Activities

com.rwx.apphelp.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECEIVE_BOOT_COMPLETED

Receivers

com.rwx.apphelp.BootBroadCastReciver

android.intent.action.BOOT_COMPLETED

Services

com.rwx.services.Service_WebService

com.rwx.services.Service_WebService

com.rwx.services.Service_Hook

android.accessibilityservice.AccessibilityService
APK Packages/weixin_680.apk
.apk android arch:arm

com.tencent.mm

.ui.LauncherUI

Activities

.ui.LauncherUI

android.intent.action.MAIN
com.tencent.mm.action.BIZSHORTCUT

.ui.tools.MultiStageCitySelectUI

com.tencent.mm.action.GET_ADRESS

.ui.tools.ShareImgUI

android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

.ui.tools.AddFavoriteUI

android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

.ui.tools.ShareToTimeLineUI

android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

.ui.tools.ShareScreenImgUI

android.intent.action.VIEW

.ui.tools.ShareScreenToTimeLineUI

android.intent.action.VIEW

.plugin.base.stub.WXCustomSchemeEntryActivity

android.intent.action.VIEW

com.tencent.mm.plugin.gwallet.GWalletUI

com.tencent.mm.gwallet.ACTION_PAY_REQUEST
com.tencent.mm.gwallet.ACTION_QUERY_REQUEST

.plugin.game.ui.GameMD5CheckUI

com.tencent.mm.game.md5check

.plugin.setting.ui.qrcode.GetQRCodeInfoUI

android.intent.action.VIEW
android.intent.action.VIEW

.plugin.accountsync.ui.ContactsSyncUI

android.intent.action.VIEW
com.tencent.mm.login.ACTION_LOGIN

.ui.account.VoiceActionActivity

com.google.android.voicesearch.SEND_MESSAGE_TO_CONTACTS
com.google.android.voicesearch.TEST_SEND_MESSAGE_TO_CONTACTS

.plugin.nfc_open.ui.NfcWebViewUI

android.nfc.action.TECH_DISCOVERED

.plugin.webview.ui.tools.QQCallbackUI

android.intent.action.VIEW

Permissions

com.tencent.mm.plugin.permission.READ
com.tencent.mm.plugin.permission.WRITE
com.tencent.mm.plugin.permission.SEND
com.tencent.mm.permission.MM_MESSAGE
com.huawei.authentication.HW_ACCESS_AUTH_SERVICE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.CAMERA
android.permission.GET_TASKS
android.permission.INTERNET
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.RECORD_AUDIO
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.VIBRATE
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_CONTACTS
android.permission.WRITE_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
com.tencent.mm.location.permission.SEND_VIEW
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BROADCAST_STICKY
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CHANGE_WIFI_STATE
android.permission.GET_PACKAGE_SIZE
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.NFC
com.huawei.android.launcher.permission.CHANGE_BADGE
android.permission.WRITE_APP_BADGE
com.android.vending.BILLING
com.tencent.mm.ext.permission.READ
com.tencent.mm.ext.permission.WRITE
android.permission.USE_FINGERPRINT
android.permission.GET_ACCOUNTS
android.permission.MANAGE_ACCOUNTS
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.READ_SYNC_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.READ_PROFILE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.NFC
com.google.android.c2dm.permission.RECEIVE
android.permission.GET_ACCOUNTS
com.tencent.mm.permission.C2D_MESSAGE
com.android.alarm.permission.SET_ALARM
com.tencent.mm.wear.message
android.permission.BODY_SENSORS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.CAMERA
android.permission.USE_CREDENTIALS
android.permission.NFC
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.ACCESS_NETWORK_STATE

Receivers

.booter.BluetoothStateReceiver

android.bluetooth.adapter.action.STATE_CHANGED

.booter.MountReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_UNMOUNTED
android.intent.action.MEDIA_SHARED
android.intent.action.MEDIA_SCANNER_STARTED
android.intent.action.MEDIA_SCANNER_FINISHED
android.intent.action.MEDIA_REMOVED
android.intent.action.MEDIA_BAD_REMOVAL

.booter.BluetoothReceiver

android.media.SCO_AUDIO_STATE_CHANGED
android.media.ACTION_SCO_AUDIO_STATE_UPDATED

.booter.InstallReceiver

com.android.vending.INSTALL_REFERRER

.booter.MMReceivers$ExdeviceProcessReceiver

android.intent.action.BOOT_COMPLETED

.plugin.backup.bakpcmodel.BakchatPcmgrNorify

MMBakchatServiceStart
MMBakchatServiceStop

.booter.MMReceivers$BootReceiver

android.intent.action.BOOT_COMPLETED

.booter.MMReceivers$ConnectionReceiver

android.net.conn.CONNECTIVITY_CHANGE

.plugin.base.stub.WXEntryActivity$EntryReceiver

com.tencent.mm.plugin.openapi.Intent.ACTION_HANDLE_APP_REGISTER
com.tencent.mm.plugin.openapi.Intent.ACTION_HANDLE_APP_UNREGISTER

.plugin.auto.service.MMAutoMessageHeardReceiver

com.tencent.mm.permission.MM_AUTO_HEARD_MESSAGE

.plugin.auto.service.MMAutoMessageReplyReceiver

com.tencent.mm.permission.MM_AUTO_REPLY_MESSAGE

com.tencent.mm.plugin.gcm.modelgcm.GcmBroadcastReceiver

com.google.android.c2dm.intent.RECEIVE
com.google.android.c2dm.intent.REGISTRATION

.pluginsdk.model.downloader.FileDownloadReceiver

android.intent.action.DOWNLOAD_COMPLETE

Services

.plugin.backup.bakpcmodel.BakchatPcUsbService

com.tencent.mm.plugin.backup.bakpcmodel.BakchatPcUsbService

.plugin.accountsync.model.AccountAuthenticatorService

android.accounts.AccountAuthenticator

.plugin.accountsync.model.ContactsSyncService

android.content.SyncAdapter

com.tencent.mm.plugin.wear.model.service.WearDataLayerService

com.google.android.gms.wearable.BIND_LISTENER
secondary-1.dex.jar
.apk android
secondary-2.dex.jar
.apk android
Captcha.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Code\Captcha\Captcha\obj\Release\Captcha.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\AdvFrameword\Core\obj\x86\Release\Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/SpiderList/Location.xml
Data/SpiderList/OtherSettingList.xml
Data/SpiderList/SortList.xml
EventLog/20160429.log
EventLog/20160612.log
FastVerCode.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\我的酷盘\联众打码\c#写的dll源码2.0\FastVerCode\FastVerCode\obj\Debug\FastVerCode.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FuncLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\AdvFrameword\FuncLib\obj\x86\Release\FuncLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/ChangeIpLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\ChangeIpTest\ChangeIpLib\obj\x86\Release\ChangeIpLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/Interop.MSScriptControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/Interop.WinHttp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Release\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/LuaInterface.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\dev\VastPark\~repositories\public\trunk\Components\LuaInterface\luainterface\src\LuaInterface\obj\Release\LuaInterface.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/NPOI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\npoi\googlecode\trunk\main\obj\Release\NPOI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dev\Releases\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/QQCollection.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\QQCollection\QQCollection\obj\x86\Release\QQCollection.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/RWXComLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Work\Code2015\RwxSalesManager\RWXComLibrary\obj\x86\Release\RWXComLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/System.Data.SQLite.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\sqlite\dotnet\obj\2010\Release\System.Data.SQLite.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Library/lua51.dll
.dll windows:5 windows x86 arch:x86

b5fac6ceffd644febcb7ea07e64094af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\dev\VastPark\~repositories\public\trunk\Components\LuaInterface\Built\lua51.pdb

Imports

msvcr90

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
strlen
memcpy
fscanf
tmpfile
atan2
strtod
rename
sprintf
_mktime64
feof
strncat
_gmtime64
tmpnam
sqrt
cos
memcmp
ceil
modf
ldexp
isspace
_pclose
pow
strerror
_isatty
log
fputs
ungetc
strstr
__iob_func
strcpy
__CxxRegisterExceptionObject
strchr
signal
memchr
fflush
tanh
_encoded_null
system
_errno
localeconv
remove
sinh
isalnum
tan
ispunct
strcoll
tolower
strncpy
fgets
fmod
fopen
setvbuf
isalpha
fread
__CxxExceptionFilter
fprintf
clock
rand
strcmp
srand
isdigit
cosh
acos
__CxxUnregisterExceptionObject
strftime
floor
_fileno
frexp
log10
isupper
atan
ferror
iscntrl
fwrite
strrchr
toupper
ftell
_CxxThrowException
exp
strcspn
islower
realloc
setlocale
strtoul
_localtime64
fseek
getenv
strpbrk
abs
fclose
isxdigit
getc
_difftime64
fabs
__CxxDetectRethrow
_time64
__CxxQueryExceptionSize
clearerr
strcat
exit
asin
sin
_cexit
__FrameUnwindFilter
free
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
_popen
_HUGE

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FormatMessageA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?signal@@YAP6MXH@ZHP6MXH@Z@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ModelService.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\AdvFrameword\ModelService\obj\x86\Release\ModelService.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RWXComLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Work\Code2015\RwxSalesManager\RWXComLibrary\obj\x86\Release\RWXComLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repair.ini
Res/Mobile/area.db
Res/Mobile/location.xml
Res/OEM2
Res/Routers/Compatible_635574497933895731.lua
Res/Routers/Compatible_635574497933945163.lua
Res/Routers/Compatible_635574497933965149.lua
Res/Routers/Compatible_635574497933985144.lua
Res/Routers/Compatible_635574497934005149.lua
Res/Routers/Compatible_635574497934035148.lua
Res/Routers/Compatible_635574497934055158.lua
Res/Routers/Compatible_635574497934085156.lua
Res/Routers/Compatible_635574497934105157.lua
Res/Routers/Compatible_635574497934135160.lua
Res/Routers/Compatible_635574497934175161.lua
Res/Routers/Compatible_635574497934205164.lua
Res/Routers/Compatible_635574497934235186.lua
Res/Routers/Compatible_635574497934265194.lua
Res/Routers/Compatible_635574497934285170.lua
Res/Routers/Compatible_635574497934305166.lua
Res/Routers/Compatible_635574497934325166.lua
Res/Routers/Compatible_635574497934345167.lua
Res/Routers/Compatible_635574497934375185.lua
Res/Routers/Compatible_635574497934395175.lua
Res/Routers/Compatible_635574497934415176.lua
Res/Routers/Compatible_635574497934435186.lua
Res/Routers/Compatible_635574497934465194.lua
Res/Routers/Compatible_635574497934485175.lua
Res/Routers/Compatible_635574497934505180.lua
Res/Routers/Compatible_635574497934535178.lua
Res/Routers/Compatible_635574497934555179.lua
Res/Routers/Compatible_635574497934575179.lua
Res/Routers/Compatible_635574497934605182.lua
Res/Routers/Compatible_635574497934625183.lua
Res/Routers/Compatible_635574497934655186.lua
Res/Routers/Compatible_635574497934675191.lua
Res/Routers/Compatible_635574497934695192.lua
Res/Routers/Compatible_635574497934725190.lua
Res/Routers/Compatible_635574497934745190.lua
Res/Routers/Compatible_635574497934775198.lua
Res/Routers/Compatible_635574497934795194.lua
Res/Routers/Compatible_635574497934815199.lua
Res/Routers/Compatible_635574497934845198.lua
Res/Routers/Compatible_635574497934865198.lua
Res/Routers/Compatible_635574497934885203.lua
Res/Routers/Compatible_635574497934915211.lua
Res/Routers/Compatible_635574497934935197.lua
Res/Routers/Compatible_635574497934965210.lua
Res/Routers/Compatible_635574497934985206.lua
Res/Routers/Compatible_635574497935015209.lua
Res/Routers/Compatible_635574497935045207.lua
Res/Routers/Compatible_635574497935075210.lua
Res/Routers/Compatible_635574497935095215.lua
Res/Routers/Compatible_635574497935115211.lua
Res/Routers/Compatible_635574497935145219.lua
Res/Routers/Compatible_635574497935175217.lua
Res/Routers/Compatible_635574497935205220.lua
Res/Routers/Compatible_635574497935225221.lua
Res/Routers/Compatible_635574497935245226.lua
Res/Routers/Compatible_635574497935275224.lua
Res/Routers/Compatible_635574497935295225.lua
Res/Routers/Compatible_635574497935315225.lua
Res/Routers/Compatible_635574497935345233.lua
Res/Routers/Compatible_635574497935365234.lua
Res/Routers/HUAWEI EchoLife HG510a.lua
Res/Routers/TPFastMercurySOHOV1.lua
Res/Routers/TPFastMercurySOHOV2.lua
Res/Routers/TPFastMercurySOHOV3.lua
Res/Routers/TPFastMercurySOHOV4.lua
Res/Routers/TPFastMercurySOHOV5.lua
Res/Routers/TPFastMercurySOHOV6.lua
Res/Routers/TPLinkEnterprise.lua
Res/Routers/mapping.map
Res/Screenshot/AccountLogin_ErrUserOrPsd.png
.png
Res/Screenshot/AccountLogin_VerFriend.png
.png
Res/Screenshot/AccountLogout1.png
.png
Res/Screenshot/AccountLogout2.png
.png
Res/Screenshot/AccountLogout3.png
.png
Res/Screenshot/AccountLoing_ImpotTxl.png
.png
Res/Screenshot/Account_LoginFirst.png
.png
Res/Screenshot/Account_LoginHistory.png
.png
Res/Screenshot/Account_title_Login.png
.png
Res/Screenshot/AddContact_Title_Main.png
.png
Res/Screenshot/AddContact_btn_Add.png
.png
Res/Screenshot/AddContact_btn_AddContact.png
.png
Res/Screenshot/AddContact_btn_NewFriend.png
.png
Res/Screenshot/AddFriedn_Tip_yichang.bmp
Res/Screenshot/AddFriend_ErrNoUser.png
.png
Res/Screenshot/AddFriend_Ico_Find.png
.png
Res/Screenshot/AddFriend_Tip_pinfan.bmp
Res/Screenshot/AddFriend_btn_Add.png
.png
Res/Screenshot/AddFriend_btn_Find.png
.png
Res/Screenshot/AddFriend_btn_Find1.png
.png
Res/Screenshot/AddFriend_btn_Send.png
.png
Res/Screenshot/AddGroup_SendPageTitle.png
.png
Res/Screenshot/AddGroup_Title_End.png
.png
Res/Screenshot/AddGroup_Title_Start.png
.png
Res/Screenshot/AddGroup_btn_Add.png
.png
Res/Screenshot/AddGroup_btn_Add_2.png
.png
Res/Screenshot/AddGroup_btn_FriendList.png
.png
Res/Screenshot/AddGroup_btn_Send.png
.png
Res/Screenshot/AddGroup_btn_Start.png
.png
Res/Screenshot/AddNear_btn_FriendNotEnough.png
.png
Res/Screenshot/AddShake_Iknow.png
.png
Res/Screenshot/AddShake_Tip_Main.png
.png
Res/Screenshot/AddShake_btn_Iknow.png
.png
Res/Screenshot/AddShake_btn_Send.png
.png
Res/Screenshot/AddShake_btn_Start.png
.png
Res/Screenshot/AddShake_tip_Result.png
.png
Res/Screenshot/AdvSetting.png
.png
Res/Screenshot/AdvSetting_InputMothed.png
.png
Res/Screenshot/Bottle_btn_ChangeKey.png
.png
Res/Screenshot/Bottle_btn_Reng.png
.png
Res/Screenshot/Bottle_btn_Send.png
.png
Res/Screenshot/CircleMessage_Iknow.png
.png
Res/Screenshot/CircleMessage_btn_IKnow.png
.png
Res/Screenshot/CircleMessage_btn_SendPic1.png
.png
Res/Screenshot/CircleMessage_btn_SendPic2.png
.png
Res/Screenshot/CircleMessage_btn_SendPic3.png
.png
Res/Screenshot/CircleMessage_btn_SendPic4.png
.png
Res/Screenshot/CircleMessage_btn_Start.png
.png
Res/Screenshot/Circle_btn_Cancel.png
.png
Res/Screenshot/Circle_btn_Pinglun.png
.png
Res/Screenshot/Circle_btn_Reply.png
.png
Res/Screenshot/Circle_btn_Zan.png
.png
Res/Screenshot/FriendOperationPick_btn_PhotoList.png
.png
Res/Screenshot/Lgoin_Hold.png
.png
Res/Screenshot/MainHome.png
.png
Res/Screenshot/MainTab_Txl.png
.png
Res/Screenshot/New_Version.png
.png
Res/Screenshot/New_Version_cancel.png
.png
Res/Screenshot/Operation_btn_HookService.png
.png
Res/Screenshot/Operation_btn_HookService_Ok.png
.png
Res/Screenshot/Operation_btn_HookService_Start.png
.png
Res/Screenshot/Operation_btn_HookService_Stop.png
.png
Res/Screenshot/Operation_btn_HookService_rwx.png
.png
Res/Screenshot/Operation_btn_delete.png
.png
Res/Screenshot/Operation_btn_delete1.png
.png
Res/Screenshot/SendFirend_Tag_Tongxunlu.png
.png
Res/Screenshot/SendFirend_btn_Start.png
.png
Res/Screenshot/SendFriend_btn_Send.png
.png
Res/Screenshot/SendMessageNear_Title_Tishi.png
.png
Res/Screenshot/SendMessageNear_Title_Tishi1.png
.png
Res/Screenshot/SendMessage_Title_Photos.png
.png
Res/Screenshot/SendMessage_Title_Pic.png
.png
Res/Screenshot/SendMessage_btn_Add.png
.png
Res/Screenshot/SendMessage_btn_InputMothed.png
.png
Res/Screenshot/SendMessage_btn_Pic.png
.png
Res/Screenshot/SendMessage_btn_Send.png
.png
Res/Screenshot/SendMessagee_Tag_End.png
.png
Res/Screenshot/SendNear_btn_Add.png
.png
Res/Screenshot/SendNear_btn_AlreadyFriend.png
.png
Res/Screenshot/SendNear_btn_Boy.png
.png
Res/Screenshot/SendNear_btn_Girl.png
.png
Res/Screenshot/SendNear_btn_Menu.png
.png
Res/Screenshot/SendNear_btn_Refresh.png
.png
Res/Screenshot/SendNear_btn_SendMessage.png
.png
Res/Screenshot/SendNear_btn_Start.png
.png
Res/Screenshot/SendZhushou_btn_New1.png
.png
Res/Screenshot/SendZhushou_btn_New2.png
.png
Res/Screenshot/SendZhushou_btn_SendAgain.png
.png
Res/Screenshot/SendZhushou_btn_Start.png
.png
Res/Screenshot/SendZhushou_btn_StartSend.png
.png
Res/Screenshot/SendZhushou_btn_StartService.png
.png
Res/Screenshot/SengNearStartLook.png
.png
Res/Screenshot/ShareCollect_btn_Collection.png
.png
Res/Screenshot/ShareCollection_btn_Add.png
.png
Res/Screenshot/ShareCollection_btn_Find.png
.png
Res/Screenshot/ShareCollection_btn_Gongzhong.png
.png
Res/Screenshot/ShareCollection_btn_MyCollection.png
.png
Res/Screenshot/ShareCollection_btn_NameCard.png
.png
Res/Screenshot/ShareCollection_btn_Qunliao.png
.png
Res/Screenshot/ShareCollection_btn_Search.png
.png
Res/Screenshot/ShareCollection_btn_Send.png
.png
Res/Screenshot/ShareCollection_btn_SharetoCircle.png
.png
Res/Screenshot/ShareCollection_txt_NoResult.png
.png
Res/Screenshot/Share_btn_GongzhongFind.png
.png
Res/Screenshot/Share_tag_GongzhongInput.png
.png
Res/Screenshot/WechatTeam.png
.png
Res/Screenshot/btn_Back.png
.png
Res/Screenshot/btn_Send.png
.png
Res/Theme/Default/Icon.ico
UI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\AdvFrameword\UI\obj\x86\Release\UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUWiseHelper.dll
.dll windows:5 windows x86 arch:x86

e0e9f277ce989ebccdd368f3ac3dd37c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\992UDLL\输出目录\UUWiseHelper.pdb

Imports

kernel32

ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalSize
SetUnhandledExceptionFilter
lstrcmpiW
lstrcatW
lstrcpyW
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
lstrlenA
WaitForSingleObject
CreateThread
CreateDirectoryW
GetPrivateProfileIntW
WriteFile
SetFilePointer
InitializeCriticalSection
FreeLibrary
LoadLibraryW
SetEvent
WaitForMultipleObjects
DeviceIoControl
GetSystemInfo
GetVersionExW
FindNextFileW
FindFirstFileW
lstrcpynW
IsBadWritePtr
IsBadReadPtr
lstrcpyA
lstrcpynA
CompareStringW
WriteConsoleW
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
GetConsoleMode
CloseHandle
lstrlenW
GetModuleHandleW
GetProcAddress
CreateFileW
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStdHandle
SetEnvironmentVariableA
ExitProcess
IsProcessorFeaturePresent
HeapCreate
LCMapStringW
GetStringTypeW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
DecodePointer
EncodePointer
RtlUnwind
GetTickCount
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException

user32

PrintWindow
FindWindowW
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
GetWindowDC
wsprintfA

gdi32

DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

advapi32

CryptReleaseContext
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SafeArrayGetLBound
VariantClear
SysAllocString
SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
SysFreeString

shlwapi

PathFileExistsW
StrStrIW

urlmon

FindMimeFromData

dbghelp

MiniDumpWriteDump

gdiplus

GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipGetImageEncoders
GdipDisposeImage
GdipAlloc

iphlpapi

GetAdaptersInfo

ws2_32

GetAddrInfoW
sendto
recvfrom
setsockopt
WSAStartup
closesocket
socket

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CheckApiSignA
uu_CheckApiSignW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_easyRecognizeBytesA
uu_easyRecognizeBytesW
uu_easyRecognizeFileA
uu_easyRecognizeFileW
uu_easyRecognizeScreenA
uu_easyRecognizeScreenW
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
uu_easyRecognizeWndByHWndAndPosA
uu_easyRecognizeWndByHWndAndPosW
uu_easyRecognizeWndByTitleAndPosA
uu_easyRecognizeWndByTitleAndPosW
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_recognizeWndByHWndAndPosA
uu_recognizeWndByHWndAndPosW
uu_recognizeWndByTitleAndPosA
uu_recognizeWndByTitleAndPosW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateLab.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CheckUpdateA
CheckUpdateV2A
CheckUpdateV2W
CheckUpdateW
GetUpdateStats
TMethodImplementationIntercept

Sections

.text
Size: 387KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 999KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UpdateLog/20160612.log
VersionConfig.cfg
dc.dll
.dll windows:4 windows x86 arch:x86

8a6f4c01bd937f00c0976c3cb46f66b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord858
ord4278
ord5731
ord1199
ord1247
ord2725
ord6385
ord5710
ord6283
ord6282
ord6930
ord6928
ord941
ord2827
ord939
ord3337
ord3811
ord1601
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord1116
ord269
ord2512
ord2554
ord4486
ord6375
ord4274
ord922
ord4202
ord540
ord2818
ord535
ord860
ord924
ord354
ord5186
ord3318
ord5442
ord1979
ord665
ord803
ord823
ord825
ord543
ord3584
ord537
ord5683
ord800

msvcrt

rand
srand
memmove
free
strstr
malloc
tolower
_CxxThrowException
calloc
_ftol
atol
sprintf
__CxxFrameHandler
time
_mbscmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
wcscpy
_adjust_fdiv
wcscmp

kernel32

MultiByteToWideChar
GetPrivateProfileStringA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetDiskFreeSpaceExA
GetSystemInfo
GetVersionExA
GetSystemDirectoryA
GetTickCount
WritePrivateProfileStringA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSection
Sleep
lstrlenA
WideCharToMultiByte
lstrlenW
LocalFree
LocalAlloc
DeleteFileA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

wsock32

ntohs
WSAStartup
socket
WSAGetLastError
inet_ntoa
ioctlsocket
htons
connect
select
__WSAFDIsSet
send
recv
closesocket
gethostbyname
inet_addr
getsockname

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

DC_Check
DC_CheckUpdate
DC_GetCJ
DC_GetImg
DC_GetInfo
DC_GetLastError
DC_Init
DC_Init2
DC_Notify
DC_NotifyFail
DC_RecogImg
DC_Reg
DC_Reg2
DC_RegPayUser
DC_SetResult
DC_Uninit
GetUserInfo
GetUserInfo_A
RecByte
RecByte_A
RecYZM
RecYZM_A
Reglz
ReportError
ReportError_A
VBYB_GetResult
VBYB_Init
VBYB_PutImg
VBYB_ReportError
VBYB_Uninit
VB_GetUserInfo
VB_RecByte
VB_RecFile
VB_ReportError
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmp/Update.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 697KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/SQLite.Interop.dll
.dll windows:5 windows x64 arch:x64

d65cb6c62e493cc9dd1565c065239c86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet\bin\2010\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

kernel32

UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
MapViewOfFile
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFileAttributesW
GetFullPathNameW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
EncodePointer
DecodePointer
GetTimeZoneInformation
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
RtlUnwindEx
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
RaiseException

advapi32

CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDuplicateKey
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

interop_compileoption_get
interop_compileoption_used
interop_libversion
interop_sourceid
sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_finish_interop
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_double_interop
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_int64_interop
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_parameter_name_interop
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes_interop
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_interop
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_database_name16_interop
sqlite3_column_database_name_interop
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_decltype16_interop
sqlite3_column_decltype_interop
sqlite3_column_double
sqlite3_column_double_interop
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_int64_interop
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_name16_interop
sqlite3_column_name_interop
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_origin_name16_interop
sqlite3_column_origin_name_interop
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_table_name16_interop
sqlite3_column_table_name_interop
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_text16_interop
sqlite3_column_text_interop
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_collcompare_interop
sqlite3_context_collseq_interop
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_disposable_module
sqlite3_create_disposable_module_interop
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_interop
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_cursor_rowid_interop
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_dispose_module
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errmsg_interop
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_finalize_interop
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_index_column_info_interop
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_last_insert_rowid_interop
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc_size_interop
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_highwater_interop
sqlite3_memory_used
sqlite3_memory_used_interop
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open16_interop
sqlite3_open_interop
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_percentile_init
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_interop
sqlite3_prepare16_v2
sqlite3_prepare_interop
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_regexp_init
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_reset_interop
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_double_interop
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_int64_interop
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_table_column_metadata_interop
sqlite3_table_cursor_interop
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_totype_init
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_double_interop
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_int64_interop
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16_interop
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_text_interop
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtshim_init
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_compact_heap
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_reset_heap
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 862KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/SQLite.Interop.dll
.dll windows:5 windows x86 arch:x86

45d3059e1fa0aa40b89266618a08c67d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet\bin\2010\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

kernel32

UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
MapViewOfFile
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFileAttributesW
GetFullPathNameW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
GetStringTypeW
RtlUnwind
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle

advapi32

CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDuplicateKey
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

_interop_compileoption_get@4
_interop_compileoption_used@4
_interop_libversion@0
_interop_sourceid@0
_sqlite3_backup_finish_interop@4
_sqlite3_bind_double_interop@12
_sqlite3_bind_int64_interop@12
_sqlite3_bind_parameter_name_interop@12
_sqlite3_changes_interop@4
_sqlite3_close_interop@4
_sqlite3_column_database_name16_interop@12
_sqlite3_column_database_name_interop@12
_sqlite3_column_decltype16_interop@12
_sqlite3_column_decltype_interop@12
_sqlite3_column_double_interop@12
_sqlite3_column_int64_interop@12
_sqlite3_column_name16_interop@12
_sqlite3_column_name_interop@12
_sqlite3_column_origin_name16_interop@12
_sqlite3_column_origin_name_interop@12
_sqlite3_column_table_name16_interop@12
_sqlite3_column_table_name_interop@12
_sqlite3_column_text16_interop@12
_sqlite3_column_text_interop@12
_sqlite3_context_collcompare_interop@20
_sqlite3_context_collseq_interop@16
_sqlite3_create_disposable_module_interop@112
_sqlite3_create_function_interop@36
_sqlite3_cursor_rowid_interop@12
_sqlite3_errmsg_interop@8
_sqlite3_finalize_interop@4
_sqlite3_index_column_info_interop@32
_sqlite3_last_insert_rowid_interop@8
_sqlite3_malloc_size_interop@4
_sqlite3_memory_highwater_interop@8
_sqlite3_memory_used_interop@4
_sqlite3_open16_interop@12
_sqlite3_open_interop@12
_sqlite3_prepare16_interop@24
_sqlite3_prepare_interop@24
_sqlite3_reset_interop@4
_sqlite3_result_double_interop@8
_sqlite3_result_int64_interop@8
_sqlite3_table_column_metadata_interop@44
_sqlite3_table_cursor_interop@12
_sqlite3_value_double_interop@8
_sqlite3_value_int64_interop@8
_sqlite3_value_text16_interop@8
_sqlite3_value_text_interop@8
sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_disposable_module
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_dispose_module
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_percentile_init
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_regexp_init
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_totype_init
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtshim_init
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_compact_heap
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_reset_heap
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Code\AdvFrameword\WeChatDroid\obj\x86\Release\启动程序.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.exe.config
־.txt
޸.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c042238f43557c055fca8642de8a074

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 30KB - Virtual size: 30KB

4e6a4062a56dafcc8b54b60996e9ff37

Headers

File Characteristics

PDB Paths

Imports

ddraw

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 15KB - Virtual size: 14KB

DATA Size: 512B - Virtual size: 196B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 434B

.reloc Size: 1024B - Virtual size: 960B

.rsrc Size: 3KB - Virtual size: 3KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB

CODE
Size: 15KB - Virtual size: 14KB

DATA
Size: 512B - Virtual size: 196B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 434B

.reloc
Size: 1024B - Virtual size: 960B

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

76:d4:7b:0b:a3:e3:68:0e:6e:67:49:83:38:4f:ad:9d:b2:b5:4d:11
Signer

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 1.8MB - Virtual size: 4KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

95:75:57:3f:d3:d5:8c:7f:e3:8b:db:bb:92:bd:58:a2:51:de:43:39
Signer