1087a7686df475507045ff01c769ce65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1087a7686df475507045ff01c769ce65_JaffaCakes118
Size

1010KB
MD5

1087a7686df475507045ff01c769ce65
SHA1

2c91387ce7612cb92ec3d968257f589e6fb2e4d2
SHA256

1745ee56fa622307d7d1d1c9d40b36f398416fa0b274d5561bef0a5bfe38927c
SHA512

eb0d4e2e8ec6e5b67bcd12c72c9bf83da7a3405310d3568b1f178ac5c03a85752b726218dd14d743ea8959082271d61cc446645f09da8266200bec0fe81919a9
SSDEEP

24576:P9Qir93bNrlHsMIS0asJbs5dsoEgmXldCytzN3Fv9jadPHHZVw:P9vrrZsxrbsTwJiMz9jaBHZVw

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/share/联众完美去广告&会员&多开补丁/GLCHATEX.DLL	acprotect
static1/unpack001/share/联众完美去广告&会员&多开补丁/GLChat.dll	acprotect
static1/unpack001/share/联众完美去广告&会员&多开补丁/glRoom_res.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/share/联众完美去广告&会员&多开补丁/GLCHATEX.DLL	upx
static1/unpack001/share/联众完美去广告&会员&多开补丁/GLChat.dll	upx
static1/unpack001/share/联众完美去广告&会员&多开补丁/glRoom_res.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/share/联众完美去广告&会员&多开补丁/GLAdCtrl.ocx
unpack001/share/联众完美去广告&会员&多开补丁/GLCHATEX.DLL
unpack002/out.upx
unpack001/share/联众完美去广告&会员&多开补丁/GLChat.dll
unpack003/out.upx
unpack001/share/联众完美去广告&会员&多开补丁/GLChat.ocx
unpack001/share/联众完美去广告&会员&多开补丁/GLChatEx.ocx
unpack001/share/联众完美去广告&会员&多开补丁/GLRoom.ocx
unpack001/share/联众完美去广告&会员&多开补丁/glRoom_res.dll
unpack004/out.upx

Files

1087a7686df475507045ff01c769ce65_JaffaCakes118
.rar
share/联众完美去广告&会员&多开补丁/GLAdCtrl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

edbf9fbc9f62bb42248bd204dae34657

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord5731
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord825
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord823
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4666
ord2554
ord2512
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord815
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord800
ord2754
ord537
ord2541
ord4949
ord641
ord2514
ord324
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord4486
ord6375
ord4668
ord4667
ord4361
ord600
ord269
ord1575
ord826
ord1182
ord342
ord1577
ord1131
ord1132
ord1197
ord1570
ord1116
ord1176
ord1255
ord1243
ord1578
ord1253

msvcrt

__CxxFrameHandler
free
_onexit
__dllonexit
_adjust_fdiv
??1type_info@@UAE@XZ
_initterm
malloc

kernel32

LocalAlloc
LocalFree

user32

EnableWindow

gdi32

GetTextExtentPoint32A

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/GLCHATEX.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/GLChat.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/GLChat.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

00f99a806b3d857a957b99e979135b92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4238
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord3749
ord1727
ord5252
ord4427
ord642
ord674
ord327
ord366
ord794
ord4242
ord2864
ord4457
ord4467
ord4499
ord6120
ord5910
ord5030
ord2087
ord3481
ord5241
ord5261
ord3708
ord781
ord567
ord4275
ord6134
ord3874
ord4131
ord941
ord2860
ord3206
ord536
ord2818
ord940
ord859
ord939
ord3061
ord6136
ord2915
ord535
ord5710
ord6222
ord4277
ord4202
ord6283
ord6282
ord4278
ord5148
ord3752
ord4284
ord6453
ord795
ord692
ord665
ord1979
ord5186
ord3499
ord2515
ord355
ord2764
ord354
ord3663
ord4220
ord2584
ord3654
ord6270
ord2863
ord2438
ord1644
ord1146
ord3771
ord3619
ord3626
ord2414
ord1641
ord3396
ord3731
ord808
ord4269
ord3089
ord5491
ord1176
ord982
ord2121
ord4287
ord2111
ord4463
ord2513
ord293
ord815
ord2724
ord3952
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord1134
ord1199
ord1247
ord6117
ord6354
ord1216
ord1227
ord6402
ord6403
ord2817
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord672
ord3946
ord362
ord5328
ord5314
ord5316
ord5325
ord5332
ord5334
ord2541
ord4949
ord922
ord2100
ord6442
ord2123
ord2642
ord2867
ord4529
ord5572
ord616
ord6223
ord4129
ord1147
ord5856
ord6080
ord926
ord4760
ord4765
ord2614
ord3301
ord6930
ord6928
ord4996
ord6663
ord2763
ord3302
ord1228
ord2384
ord2795
ord1150
ord4735
ord1939
ord384
ord686
ord2862
ord2096
ord2080
ord4402
ord3640
ord2408
ord3293
ord6007
ord6905
ord6907
ord3910
ord3398
ord3733
ord810
ord4271
ord6008
ord3287
ord4125
ord4506
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord4975
ord967
ord3717
ord2086
ord609
ord5265
ord4376
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord2299
ord2302
ord4234
ord4853
ord3317
ord6334
ord4710
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3721
ord2370
ord3803
ord3092
ord2289
ord3610
ord656
ord2575
ord4396
ord3574
ord2097
ord6880
ord3177
ord3870
ord2301
ord500
ord772
ord5860
ord3767
ord4204
ord6142
ord6779
ord3573
ord4480
ord802
ord542
ord5643
ord1131
ord2765
ord6241
ord913
ord5594
ord3742
ord818
ord3706
ord5781
ord5789
ord6172
ord755
ord2754
ord470
ord700
ord4189
ord398
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord4541
ord5477
ord2259
ord4836
ord4440
ord3391
ord3720
ord527
ord2130
ord5949
ord3916
ord4695
ord5940
ord2003
ord5730
ord3948
ord2184
ord4214
ord3107
ord5617
ord989
ord3445
ord3194
ord4161
ord6451
ord3715
ord788
ord520
ord2092
ord5484
ord2233
ord5198
ord1877
ord4249
ord2486
ord2687
ord3530
ord4534
ord723
ord648
ord985
ord334
ord423
ord4459
ord5033
ord5805
ord4502
ord1892
ord4252
ord3326
ord6365
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord746
ord449
ord2278
ord2266
ord2358
ord2279
ord2361
ord2281
ord2288
ord3198
ord3454
ord4387
ord2399
ord4858
ord4953
ord4420
ord2714
ord4022
ord1792
ord5873
ord6157
ord289
ord613
ord1795
ord4476
ord2645
ord3873
ord6605
ord1768
ord4526
ord5653
ord3172
ord5577
ord1746

msvcrt

strstr
_access
strtok
atol
isdigit
realloc
_stricmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_strlwr
isalnum
_ftol
_purecall
strchr
_itoa
_strnicmp
isxdigit
sscanf
__CxxFrameHandler
atoi
memmove
sprintf
toupper
free
malloc
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
wcslen
wcsncpy
_strdup

kernel32

IsDBCSLeadByte
ExitProcess
CreateThread
TerminateThread
IsBadReadPtr
IsBadWritePtr
GetFileSize
MulDiv
FindResourceA
SizeofResource
LoadResource
LockResource
LocalAlloc
LocalFree
GetFileAttributesA
Sleep
GetTickCount
GetSystemDirectoryA
CopyFileA
_lcreat
_lwrite
_lopen
_llseek
_lclose
_lread
FindFirstFileA
lstrcatA
FindNextFileA
FindClose
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
WinExec
GetProcAddress
GetPrivateProfileIntA
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
GetPrivateProfileStringA
lstrcpyA
lstrcpynA
CloseHandle
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
lstrlenA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
ReadFile
SetFilePointer

user32

SetCursor
PtInRect
LoadIconA
DestroyIcon
LoadBitmapA
ModifyMenuA
CheckMenuItem
OpenClipboard
EmptyClipboard
SetClipboardData
DrawFocusRect
GetFocus
FillRect
OffsetRect
LoadCursorA
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
AppendMenuA
CloseClipboard
ScreenToClient
GetAsyncKeyState
InSendMessageEx
GetCursorPos
TrackPopupMenu
DestroyMenu
UpdateWindow
SetTimer
SetWindowLongA
DestroyCursor
EnumChildWindows
GetWindowLongA
FindWindowA
RegisterWindowMessageA
LoadImageA
LoadMenuA
GetSubMenu
EnableMenuItem
RemoveMenu
EnumWindows
ReleaseDC
GetKeyState
PostMessageA
GetWindowRect
GetParent
wsprintfA
InvalidateRect
EnableWindow
IsWindowVisible
IsWindow
GetClientRect
GetDC
GetSysColor
InflateRect
SendMessageA
SetWindowRgn
GetTopWindow
ChildWindowFromPointEx
GetCapture
SetRect
UnionRect
CopyRect
CreateCursor
KillTimer
SetCapture
ReleaseCapture
IsZoomed
SystemParametersInfoA
SetActiveWindow
GetWindowDC
DrawIconEx
GetActiveWindow

gdi32

SetStretchBltMode
CreateDIBitmap
CreatePalette
CreatePen
CreateRectRgn
OffsetRgn
TextOutA
CreateFontA
BeginPath
EndPath
PathToRegion
CreateBitmap
GetTextExtentPoint32A
CreateRectRgnIndirect
CreateSolidBrush
GetNearestColor
DeleteObject
CreateFontIndirectA
EnumFontsA
GetCurrentObject
GetFontData
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap
ExtCreateRegion
CombineRgn
CreateCompatibleDC
DeleteDC
SelectObject
GetRgnBox
BitBlt
StretchBlt
GetStockObject
SelectPalette
RealizePalette
CreateDIBSection
GetSystemPaletteEntries
GetPaletteEntries

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteA
ExtractIconExA

comctl32

ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_AddMasked

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
LoadRegTypeLi

ws2_32

getsockname
WSASetLastError
htons
inet_addr
connect
closesocket
WSAGetLastError
gethostbyname
bind
htonl
socket
setsockopt
ioctlsocket

olepro32

ord251

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/GLChatEx.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

a1860459b757ba53256cb39277f7135f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

mfc42

ord818
ord500
ord567
ord2135
ord2405
ord2414
ord5785
ord1949
ord4275
ord2863
ord2614
ord5572
ord2919
ord5860
ord823
ord6142
ord3663
ord3626
ord283
ord4133
ord4297
ord5788
ord472
ord5875
ord3573
ord755
ord2380
ord2567
ord6172
ord5787
ord1641
ord470
ord2864
ord3619
ord3986
ord2243
ord2438
ord6197
ord6378
ord2152
ord4220
ord2584
ord3654
ord1644
ord1146
ord2859
ord4083
ord537
ord4809
ord6453
ord3571
ord1640
ord323
ord1825
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4238
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord5252
ord4427
ord674
ord366
ord4242
ord3481
ord4467
ord2975
ord3566
ord4457
ord5030
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord4975
ord967
ord3717
ord535
ord939
ord940
ord2370
ord941
ord926
ord1200
ord6199
ord5710
ord4160
ord350
ord2289
ord2763
ord1945
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord5260
ord4432
ord560
ord813
ord4273
ord4723
ord2301
ord641
ord2513
ord293
ord922
ord924
ord3874
ord3731
ord808
ord4269
ord982
ord2860
ord4463
ord4284
ord2121
ord6880
ord3092
ord4034
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2724
ord4079
ord4698
ord5307
ord5289
ord5714
ord3952
ord3401
ord3670
ord772
ord815
ord1134
ord4129
ord5683
ord1199
ord1247
ord6117
ord6354
ord1216
ord6467
ord1227
ord3521
ord6402
ord2817
ord672
ord3946
ord362
ord2463
ord5328
ord5314
ord5316
ord5325
ord5332
ord5334
ord324
ord6222
ord4277
ord4202
ord2867
ord1601
ord6030
ord3204
ord3945
ord1148
ord2915
ord2764
ord1147
ord5856
ord2784
ord4760
ord4765
ord6281
ord4278
ord6930
ord6928
ord6223
ord1651
ord4996
ord2795
ord1150
ord4735
ord665
ord5442
ord3318
ord5186
ord354
ord6877
ord1228
ord6663
ord1892
ord4252
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1226
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord746
ord449
ord2278
ord2266
ord2358
ord2279
ord2361
ord2281
ord2288
ord1265
ord686
ord384
ord2408
ord6270
ord2096
ord4464
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord4541
ord2259
ord4836
ord4440
ord3720
ord527
ord794
ord4264
ord4789
ord2642
ord3779
ord1234
ord1928
ord3138
ord3089
ord4234
ord5280
ord3597
ord4710
ord913
ord5594
ord3706
ord5781
ord5789
ord2754
ord2753
ord700
ord4189
ord398
ord2130
ord5949
ord3916
ord640
ord609
ord2566
ord6442
ord1233
ord3815
ord6379
ord3797
ord3206
ord538
ord1979
ord6385
ord3499
ord2515
ord355
ord6380
ord6605
ord2639
ord2086
ord4123
ord5466
ord5465
ord6407
ord2917
ord1997
ord2808
ord964
ord6317
ord4182
ord6392
ord5448
ord6010
ord5778
ord2606
ord5194
ord3180
ord3183
ord3176
ord3511
ord3724
ord798
ord533
ord6662
ord5854
ord2889
ord2911
ord1177
ord1210
ord2803
ord3402
ord2385
ord6334
ord6282
ord6283
ord5981
ord4853
ord2299
ord2302
ord4425
ord4627
ord6374
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord4502
ord5805
ord2379
ord5033
ord4299
ord4459
ord5880
ord423
ord334
ord985
ord648
ord723
ord5825
ord4424
ord4624
ord4081
ord3080
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord5163
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord1131
ord2488
ord4979
ord4992
ord4415
ord5008
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654

msvcrt

__CxxFrameHandler
_strlwr
fopen
??1type_info@@UAE@XZ
__dllonexit
_mbscmp
_mbsicmp
_mbschr
_lseek
rename
_read
_filelength
_close
_open
_write
_chsize
_tell
_ftol
_stricmp
_strnicmp
atof
_mbsnbcpy
isprint
qsort
_mbspbrk
_mbsnbcmp
strtoul
wcscpy
wcslen
rand
isxdigit
_purecall
_CxxThrowException
atoi
sscanf
_strdup
free
sprintf
memmove
strncpy
strstr
_access
strtok
isdigit
atol
_onexit
_except_handler3
wcsncpy
realloc
strchr
malloc
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_itoa
fclose
strncmp

kernel32

ExitProcess
IsBadReadPtr
IsBadWritePtr
GetCPInfo
lstrlenW
IsDBCSLeadByte
GetWindowsDirectoryA
CreateThread
LocalFree
CopyFileA
DeleteFileA
lstrcmpA
MulDiv
_lopen
_llseek
_lclose
_lread
GetSystemDirectoryA
Sleep
GetVersion
GetCurrentProcess
FlushInstructionCache
lstrlenA
GetProcAddress
GetTickCount
WinExec
lstrcpyA
CreateFileMappingA
GetLastError
lstrcpynA
GetTempPathA
LoadLibraryA
FreeLibrary
lstrcatA
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileStringA
MultiByteToWideChar
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetFileAttributesA
TerminateThread
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
GetFileSize
FindResourceExA
FindResourceA
SizeofResource
LoadResource
LockResource
GetVersionExA
lstrcmpiA
WriteFile
CreateFileA
SetFilePointer
ReadFile
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
LocalAlloc

user32

GetCapture
AppendMenuA
InsertMenuA
LoadIconA
DestroyIcon
LoadBitmapA
DrawTextA
IntersectRect
GetIconInfo
CreateIconFromResource
CreateIconFromResourceEx
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
GetPropA
GetWindow
SetPropA
IsIconic
EndDeferWindowPos
SetWindowRgn
DestroyCursor
DrawIcon
GetClassNameA
GetCursor
IsMenu
GetNextDlgTabItem
GetActiveWindow
WindowFromPoint
GetNextDlgGroupItem
DrawFocusRect
CopyRect
GetWindowRgn
DrawStateA
FrameRect
TabbedTextOutA
GrayStringA
BeginDeferWindowPos
GetClassInfoA
SetRectEmpty
GetFocus
GetDlgCtrlID
DrawFrameControl
SetFocus
GetWindowTextA
IsChild
DrawEdge
IsRectEmpty
ShowScrollBar
ClipCursor
GetClipCursor
InvertRect
AdjustWindowRectEx
SetCaretPos
GetCaretPos
EnableMenuItem
EqualRect
CreatePopupMenu
DestroyWindow
ShowCaret
CreateCaret
DestroyCaret
ShowWindow
CopyIcon
HideCaret
ChildWindowFromPointEx
DrawIconEx
CreateMenu
GetSysColorBrush
LoadCursorFromFileA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
UnionRect
CreateCursor
GetSubMenu
RemoveMenu
CheckMenuItem
ModifyMenuA
GetAsyncKeyState
LoadCursorA
SetCursor
EnumChildWindows
UpdateWindow
SetTimer
GetWindowLongA
GetCursorPos
KillTimer
InflateRect
SetWindowLongA
RegisterWindowMessageA
FindWindowA
EnumWindows
GetDC
LoadImageA
wsprintfA
IsWindowVisible
PostMessageA
InvalidateRect
ScreenToClient
ClientToScreen
PtInRect
GetWindowDC
ReleaseDC
OffsetRect
GetWindowRect
LoadMenuA
GetSystemMetrics
GetParent
SetActiveWindow
GetClientRect
GetSysColor
FillRect
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringA
GetMenuItemInfoA
SetRect
IsWindow
SendMessageA
EnableWindow
RedrawWindow
SetCapture
ReleaseCapture
SystemParametersInfoA
GetKeyState
GetDesktopWindow
MessageBeep
SetForegroundWindow
IsZoomed
DefWindowProcA

gdi32

PatBlt
GetTextExtentPoint32W
CreateDIBitmap
PathToRegion
EndPath
CreateRoundRectRgn
CreateFontA
BeginPath
GetTextAlign
GetRgnBox
RectVisible
GetDeviceCaps
SelectObject
GetObjectA
StretchBlt
CreateFontIndirectA
CreateRectRgnIndirect
GetNearestColor
EnumFontsA
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32A
CreateSolidBrush
LPtoDP
GetTextExtentPointA
CreatePatternBrush
Ellipse
Arc
ExtCreateRegion
GetRegionData
CreatePolygonRgn
GetCurrentObject
LineDDA
Rectangle
GetBkColor
GetDIBColorTable
CreatePalette
CreateHalftonePalette
GetTextExtentExPointA
GetStockObject
GetPaletteEntries
GetSystemPaletteEntries
SetStretchBltMode
DeleteDC
SetDIBitsToDevice
SetMapMode
CreateBitmap
GetPixel
SetTextColor
SetBkColor
CreateDIBSection
SetPixel
RealizePalette
SelectPalette
OffsetRgn
CombineRgn
CreateRectRgn
GetMapMode
FillRgn
FrameRgn
PtVisible
TextOutA
ExtTextOutA
Escape
CreatePen
GetTextMetricsA
GetROP2
GetBkMode
GetTextColor

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteA
SHAppBarMessage
ShellExecuteExA

comctl32

ImageList_GetImageInfo
ImageList_GetIcon
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon

ole32

CoCreateInstance
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SystemTimeToVariantTime
SysAllocString
LoadRegTypeLi

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

ws2_32

WSASetLastError
ioctlsocket
setsockopt
htons
inet_addr
connect
closesocket
WSAGetLastError
gethostbyname
getsockname
socket
htonl
bind

olepro32

ord251

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/GLRoom.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

1d3f0e43b00604e5094cf37b811b9735

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

UrlEscapeA
PathRemoveFileSpecA
PathAppendA

mfc42

ord648
ord985
ord334
ord423
ord5880
ord4459
ord4299
ord5033
ord2379
ord5805
ord4502
ord1168
ord2385
ord6374
ord3402
ord4627
ord3571
ord3619
ord772
ord818
ord2243
ord500
ord567
ord2135
ord3663
ord3626
ord2414
ord2405
ord5785
ord1949
ord4275
ord2863
ord5860
ord823
ord2614
ord5572
ord2919
ord6142
ord537
ord2116
ord283
ord4133
ord4297
ord5788
ord472
ord5875
ord640
ord2452
ord1640
ord323
ord1641
ord3573
ord755
ord2380
ord2567
ord6172
ord5787
ord470
ord2864
ord3986
ord2438
ord6197
ord6378
ord2152
ord4220
ord2584
ord3654
ord1644
ord1146
ord2859
ord5981
ord4083
ord4123
ord4809
ord6453
ord535
ord2575
ord4396
ord3574
ord809
ord609
ord556
ord3089
ord3874
ord6358
ord1088
ord4160
ord2122
ord613
ord6880
ord289
ord5053
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2289
ord2299
ord4234
ord1841
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord364
ord784
ord2302
ord4241
ord4456
ord6131
ord6216
ord5037
ord4284
ord4720
ord5260
ord6270
ord6605
ord1199
ord6402
ord858
ord924
ord4508
ord941
ord3521
ord922
ord2370
ord2297
ord2363
ord3092
ord1200
ord2817
ord2784
ord6283
ord6282
ord6334
ord6403
ord3522
ord6199
ord2818
ord2365
ord939
ord2915
ord6877
ord539
ord2301
ord2642
ord1768
ord1175
ord4538
ord3742
ord1270
ord1232
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord2860
ord2754
ord3706
ord6379
ord1844
ord4400
ord682
ord6654
ord2862
ord1265
ord6720
ord5450
ord6394
ord5440
ord6383
ord4034
ord1945
ord3708
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord813
ord560
ord781
ord4273
ord2111
ord6442
ord4464
ord6134
ord940
ord859
ord6136
ord6222
ord4277
ord4202
ord4278
ord3771
ord3693
ord2450
ord1567
ord268
ord4532
ord4403
ord3996
ord6696
ord6242
ord3138
ord3293
ord2455
ord926
ord1892
ord4252
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1226
ord1212
ord4570
ord4672
ord4843
ord723
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord4594
ord746
ord2278
ord2764
ord1601
ord4267
ord3721
ord795
ord3873
ord5710
ord4129
ord2078
ord384
ord686
ord2408
ord2096
ord6663
ord4476
ord1816
ord2364
ord2298
ord5953
ord3097
ord665
ord1979
ord5442
ord5773
ord5186
ord354
ord6905
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord1849
ord4244
ord2583
ord5253
ord3371
ord3641
ord303
ord6907
ord6007
ord3998
ord4865
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord3317
ord1942
ord5259
ord3399
ord3734
ord4272
ord4507
ord6008
ord3287
ord4125
ord3914
ord3290
ord2358
ord2362
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord2259
ord4836
ord4440
ord4541
ord4732
ord3481
ord3779
ord1234
ord1928
ord1920
ord517
ord1131
ord3755
ord6157
ord3075
ord5766
ord4317
ord2086
ord5146
ord3752
ord6119
ord3076
ord6467
ord1233
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2724
ord4079
ord4698
ord5307
ord5289
ord5714
ord3952
ord3401
ord3670
ord561
ord815
ord1247
ord1134
ord4159
ord6117
ord6354
ord1216
ord1227
ord2911
ord5854
ord2889
ord1177
ord1210
ord3946
ord4996
ord1825
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4238
ord2652
ord1669
ord6385
ord4420
ord861
ord5308
ord4779
ord5811
ord5482
ord2032
ord4447
ord4335
ord4863
ord4975
ord967
ord3717
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord4242
ord5252

msvcrt

_ftol
_itoa
strchr
_splitpath
_stricmp
strcmp
abs
_mbsicmp
_strdup
atol
_chdir
_chdrive
toupper
memcmp
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_strlwr
_strcmpi
strcat
__dllonexit
_onexit
_initterm
_adjust_fdiv
isxdigit
realloc
__CxxFrameHandler
memset
_purecall
memmove
sprintf
strncmp
qsort
strcpy
_mbscmp
strncat
strncpy
strstr
strlen
atoi
malloc
free
isdigit
sscanf
memcpy
_strnicmp

kernel32

MulDiv
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
SetFilePointer
CreateFileA
WriteFile
SizeofResource
GetFileSize
LocalAlloc
LocalFree
GetLastError
MapViewOfFile
UnmapViewOfFile
CreateDirectoryA
_lopen
_lread
_lclose
GetTickCount
CreateFileMappingA
CloseHandle
GetVersionExA
GetCurrentThreadId
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindFirstFileA
FindNextFileA
FindClose
WritePrivateProfileStringA
lstrcatA
GetCurrentDirectoryA
IsDBCSLeadByte
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcpyA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcpynA
lstrlenA
Sleep
GetFileAttributesA
_llseek
IsBadWritePtr
IsBadReadPtr
TerminateThread
CreateThread
ExitProcess

user32

InvertRect
SetRectEmpty
SetWindowRgn
GetClassInfoA
DefWindowProcA
IntersectRect
EqualRect
GetCursorPos
CreatePopupMenu
AppendMenuA
SetWindowLongA
SetCursor
GetWindowLongA
DrawStateA
CopyRect
FrameRect
InflateRect
DrawFocusRect
GetActiveWindow
GetCapture
SetCapture
WindowFromPoint
ReleaseCapture
GetIconInfo
RedrawWindow
DestroyCursor
LoadCursorA
CopyIcon
GetFocus
PostMessageA
KillTimer
ScreenToClient
ClientToScreen
PtInRect
GetWindowDC
ReleaseDC
GetWindowRect
TabbedTextOutA
DrawTextA
GrayStringA
GetDC
SystemParametersInfoA
CreateMenu
wsprintfA
CreateCursor
IsZoomed
UnionRect
DestroyIcon
CreateIconIndirect
IsMenu
OffsetRect
LoadMenuA
SendMessageA
GetSystemMetrics
GetParent
SetActiveWindow
GetClientRect
GetSysColor
FillRect
SetRect
InvalidateRect
LoadImageA
GetMenuStringA
GetMenuItemCount
GetMenuState
GetMenuItemID
GetMenuItemInfoA
IsWindow
EnableWindow
SetTimer
IsWindowVisible
EnumChildWindows
EnumWindows
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawIconEx
UpdateWindow
EndDeferWindowPos
BeginDeferWindowPos
EnableScrollBar
ChildWindowFromPointEx
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetClassNameA
GetDesktopWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
BringWindowToTop
LoadIconA
SetForegroundWindow
RegisterWindowMessageA
LoadBitmapA
FindWindowA
GetSubMenu
PeekMessageA

gdi32

CreateFontIndirectA
SetPixel
GetPixel
GetDeviceCaps
CreatePen
EnumFontsA
GetNearestColor
Escape
DeleteObject
GetTextColor
BitBlt
CreateCompatibleDC
GetObjectA
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
GetStockObject
DeleteDC
SetTextColor
SetBkColor
GetTextExtentPoint32A
GetBkColor
CreateDIBSection
GetPaletteEntries
RealizePalette
SelectPalette
StretchBlt
SetStretchBltMode
SetMapMode
SetDIBitsToDevice
ExtCreateRegion
CreatePalette
CreateDIBitmap
OffsetRgn
CreateFontA
GetTextExtentPointA
CreateBitmap
GetCurrentObject
CombineRgn
CreateRectRgn
PtVisible
BeginPath
RectVisible
ExtTextOutA
GetRgnBox
PathToRegion
EndPath
TextOutA

advapi32

RegQueryValueA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegEnumValueA

shell32

ShellExecuteA
ExtractIconExA

comctl32

ImageList_Draw
ImageList_GetImageInfo
FlatSB_EnableScrollBar
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetIcon

ole32

CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
SysFreeString

wsock32

ioctlsocket
getsockname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

htonl
bind
gethostbyname
socket
closesocket
connect
htons
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError

winmm

PlaySoundA

olepro32

ord251

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 316KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
share/联众完美去广告&会员&多开补丁/glRoom_res.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edbf9fbc9f62bb42248bd204dae34657

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

oleaut32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 29KB - Virtual size: 32KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 4KB - Virtual size: 696B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 124KB

UPX1 Size: 23KB - Virtual size: 24KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 706B

00f99a806b3d857a957b99e979135b92

Headers

File Characteristics

Imports

winmm

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

olepro32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 32KB - Virtual size: 29KB

a1860459b757ba53256cb39277f7135f

Headers

File Characteristics

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 4KB - Virtual size: 696B

UPX0
Size: - Virtual size: 124KB

UPX1
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 706B

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 32KB - Virtual size: 29KB

.text
Size: 692KB - Virtual size: 690KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 68KB - Virtual size: 65KB

.text
Size: 316KB - Virtual size: 320KB

.rdata
Size: 68KB - Virtual size: 72KB

.data
Size: 9KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 26KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 116KB