winos4[.]0修复优化版[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

winos4.0修复优化版.7z
Size

19.9MB
MD5

46b957f3dec9aaadf869c2164ada5844
SHA1

f55c44d47aa287e9cc755bcba6ec9f07a07ee3c8
SHA256

e61f9a96946a17699e816f06b9aa2fb2220e2eadc2609caf471ed3597437d1a5
SHA512

cbcaa7d3e44e31e55e0864677eefb662843811a75ab3eb22a3fcc4aa1a69e94248ff8b868bd77113f5d12740274349b5e8db887529d429f30cb0577960100a37
SSDEEP

393216:FLgedLWvvUxAMgBKEhwJo56IQhA4ByeRiSTehciju9SfjdwMUwBdYJO:Fs+BL+QZByFStipfxjYJO

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ebx1.0.exe
unpack001/OtherPlugins/x64/一键提权启动.dll
unpack001/OtherPlugins/x64/企鹅解密.dll
unpack001/OtherPlugins/x64/写计划任务每次.dll
unpack001/OtherPlugins/x64/断网启动.dll
unpack001/OtherPlugins/x64/更新白文件DLL.dll
unpack001/OtherPlugins/x64/添加用户x64.dll
unpack001/OtherPlugins/x64/禁止微信升级.dll
unpack001/OtherPlugins/x64/结束进程下载文件.dll
unpack001/OtherPlugins/x64/驱动插件.dll
unpack001/OtherPlugins/x86/K核晶360.dll
unpack001/OtherPlugins/x86/企鹅解密.dll
unpack001/OtherPlugins/x86/写计划任务每次.dll
unpack001/OtherPlugins/x86/更新白文件DLL.dll
unpack001/OtherPlugins/x86/添加用户x86.dll
unpack001/OtherPlugins/x86/禁止微信升级.dll
unpack001/OtherPlugins/x86/结束进程下载文件.dll
unpack001/OtherPlugins/x86/驱动插件.dll

Files

winos4.0修复优化版.7z
.7z
Ebx1.0.exe
.exe windows:5 windows x86 arch:x86

0c3cba76cf00268efbf1f39077e8f29e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\winos\EBX\主控\Release\Ebx1.0.pdb

Imports

kernel32

GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemPowerStatus
GetModuleHandleExW
GetEnvironmentVariableA
WaitForSingleObjectEx
SetThreadExecutionState
CreateMutexW
SetFilePointerEx
GlobalMemoryStatusEx
QueryPerformanceFrequency
Process32First
Process32Next
DeviceIoControl
GetOverlappedResult
VerSetConditionMask
VerifyVersionInfoW
DeleteTimerQueueTimer
CreateTimerQueueTimer
InterlockedExchangeAdd
TryEnterCriticalSection
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
DeleteTimerQueueEx
CreateTimerQueue
OutputDebugStringW
GetUserDefaultLangID
GetPrivateProfileSectionNamesW
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
GetCurrencyFormatW
ResetEvent
LoadLibraryExW
lstrcpynW
GetModuleHandleA
SetConsoleCtrlHandler
GetStringTypeW
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetFileAttributesA
GetConsoleCP
GetConsoleMode
CreateProcessA
WriteConsoleW
GetDriveTypeW
CancelIo
SetEnvironmentVariableA
GetStdHandle
HeapQueryInformation
HeapSize
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
VirtualQuery
GetSystemInfo
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
ExitThread
EncodePointer
DecodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
SearchPathW
GetProfileIntW
GetTempPathW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
SystemTimeToFileTime
GetUserDefaultLCID
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
GlobalGetAtomNameW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
MoveFileW
lstrcmpiW
GetStringTypeExW
lstrlenA
lstrcmpA
ReleaseActCtx
CreateActCtxW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
CopyFileW
MulDiv
SetFileAttributesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
FlushFileBuffers
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
IsBadWritePtr
WaitForMultipleObjects
lstrcpyW
DeleteFileW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
lstrcmpW
ActivateActCtx
DeactivateActCtx
HeapCreate
HeapDestroy
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
TerminateThread
GetExitCodeThread
SetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
GetTickCount
FindClose
SetFilePointer
GlobalSize
GetThreadLocale
lstrlenW
HeapFree
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
VirtualProtect
SetLastError
GlobalFree
lstrcatW
CreateFileA
GetModuleFileNameA
CreateThread
CreateProcessW
WriteFile
CreateDirectoryW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
FreeLibrary
ExitProcess
GetExitCodeProcess
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
GetProcAddress
LoadLibraryW
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenFileMappingW
ReleaseSemaphore
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
InterlockedIncrement
GetCurrentProcessId
LocalFree
FormatMessageW
GetLastError
MultiByteToWideChar
WaitForSingleObject
GetCurrentThreadId
InterlockedExchange
Sleep
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetLocalTime
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualAlloc
VirtualFree

user32

TrackPopupMenu
SetParent
UnpackDDElParam
ScrollWindow
MapWindowPoints
MonitorFromWindow
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetScrollInfo
SetScrollInfo
SetWindowPlacement
SetMenu
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
GetMenuStringW
GetMenuItemID
SetScrollRange
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
ShowScrollBar
SetForegroundWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthW
SetFocus
PostQuitMessage
ValidateRect
ShowOwnedPopups
IsZoomed
RealChildWindowFromPoint
GetSysColorBrush
GetScrollPos
SetScrollPos
GetWindowPlacement
GetScrollRange
SetRect
IsWindowVisible
RemovePropW
GetPropW
SetPropW
EnableWindow
SendMessageW
LoadIconW
DestroyIcon
IsWindow
MessageBoxW
GetWindowLongW
GetParent
ShowWindow
GetWindowThreadProcessId
GetKeyState
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
UnregisterClassW
ClipCursor
SystemParametersInfoW
EnumWindows
FindWindowW
CreatePopupMenu
InvalidateRgn
SetWindowContextHelpId
ChangeDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplaySettingsW
GetClipboardSequenceNumber
ToUnicode
FlashWindowEx
AttachThreadInput
CreateIconFromResource
RegisterRawInputDevices
GetRawInputDeviceList
GetClassLongW
DialogBoxIndirectParamW
SystemParametersInfoA
RegisterWindowMessageA
RegisterClassExW
GetRawInputData
TrackMouseEvent
GetMessageExtraInfo
GetClipCursor
UnregisterDeviceNotification
UnregisterClassA
RegisterClassExA
CreateWindowExA
RegisterDeviceNotificationW
MsgWaitForMultipleObjects
GetTabbedTextExtentA
IsWindowUnicode
GetWindowLongA
SetWindowLongA
ShowCaret
EnumDisplayMonitors
SetLayeredWindowAttributes
UnionRect
GetDCEx
LockWindowUpdate
GetMenuDefaultItem
GetAsyncKeyState
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
CopyImage
GetNextDlgGroupItem
DestroyAcceleratorTable
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
IsCharLowerW
MapVirtualKeyExW
UpdateLayeredWindow
IsMenu
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
LookupIconIdFromDirectoryEx
CreateIconIndirect
CreateIconFromResourceEx
GetCursor
VkKeyScanExW
GetKeyboardLayoutList
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
DrawAnimatedRects
AppendMenuW
GetCursorPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfW
GetFocus
GetSystemMenu
InvalidateRect
EnableMenuItem
GetDesktopWindow
PostMessageW
IntersectRect
LoadImageW
wsprintfA
LoadCursorW
DestroyCursor
KillTimer
ReleaseDC
SetClassLongW
CheckMenuRadioItem
GetIconInfo
GetDC
CheckMenuItem
GetMenuState
SetTimer
DrawTextW
GetClipboardData
DrawIconEx
RegisterWindowMessageW
GetSysColor
MonitorFromPoint
GetMonitorInfoW
OffsetRect
UpdateWindow
PtInRect
WindowFromPoint
InflateRect
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
CheckDlgButton
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
MoveWindow
IsWindowEnabled
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsRectEmpty
FillRect
SetWindowRgn
ClientToScreen
RemoveMenu
MapVirtualKeyW
GetKeyNameTextW
CopyRect
GetMessagePos
MessageBoxA
SetWindowLongW
wvsprintfW
CharUpperBuffW
GetDoubleClickTime
SubtractRect
EnumChildWindows
GetActiveWindow
CreateMenu
MessageBeep
CharNextW
MapDialogRect
GetSubMenu
LoadMenuW
SendMessageTimeoutW
ReleaseCapture
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
TabbedTextOutW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoW
DestroyMenu
CharUpperW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
GetRawInputDeviceInfoA
ReuseDDElParam
GetMessageW
PostThreadMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
GetClassNameW
GetWindowTextW
mouse_event
SetCursor
SetCapture
GetWindow
RedrawWindow
DeleteMenu
GetMenuItemCount
LoadBitmapW
InsertMenuW
GetWindowRgn
GetTabbedTextExtentW
GetWindowRect

gdi32

SelectClipRgn
GetClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
SetRectRgn
CombineRgn
GetMapMode
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetLayout
GetCharWidthW
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetCurrentObject
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
Polygon
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
RoundRect
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
SetBkMode
GetDeviceCaps
GetDIBits
GetTextCharsetInfo
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
CreateBitmap
CreateDCW
CopyMetaFileW
PatBlt
DeleteObject
DeleteDC
SelectObject
SetDIBColorTable
CreateCompatibleDC
GetObjectW
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetBkColor
SetTextColor
ExtTextOutW
StretchBlt
TextOutW
CreateFontW
CreateCompatibleBitmap
SetLayout
BitBlt
CreateSolidBrush
CreateBrushIndirect
BeginPath
EndPath
StrokePath
ExtCreateRegion
GetBitmapDimensionEx
GetBitmapBits
SetPixelFormat
ChoosePixelFormat
GdiFlush
GetObjectA
GetTextExtentPoint32A
FillPath
StrokeAndFillPath
CloseFigure
GetICMProfileW
SetDeviceGammaRamp
GetDeviceGammaRamp
DescribePixelFormat
SwapBuffers
GetPixelFormat
GetDIBColorTable
Polyline
CreateRectRgnIndirect

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
IsTextUnicode
RegCloseKey
RegDeleteValueW
RegCreateKeyW
RegSetValueExW
RegSetValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW

shell32

SHAppBarMessage
SHGetMalloc
SHGetFolderPathW
SHGetDesktopFolder
Shell_NotifyIconW
SHAddToRecentDocs
DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetFileInfoW
ExtractIconExW
SHGetSpecialFolderLocation
ExtractIconW
ShellExecuteW
DragFinish
DragQueryFileW

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_AddMasked
ImageList_DrawEx
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent

shlwapi

PathCombineW
StrChrW
StrPBrkW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW
SHAutoComplete
PathStripPathW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
SHCreateStreamOnFileW

ole32

CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
CoTaskMemFree
PropVariantClear
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
OleDuplicateData
CoInitializeEx
CoDisconnectObject
CoCreateGuid
CLSIDFromString
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleFlushClipboard
DoDragDrop
StgCreateDocfileOnILockBytes
OleIsCurrentClipboard
OleRun
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize

oleaut32

VarBstrFromDate
VarDateFromStr
SysStringLen
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
OleLoadPicturePath
VarUdateFromDate
VariantChangeTypeEx
SafeArrayCreateVector
VarCmp
OleCreateFontIndirect
GetErrorInfo

oledlg

OleUIAddVerbMenuW
OleUIBusyW

gdiplus

GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipFillPieI
GdipFillRectangleI
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipCreateLineBrushI
GdipSetPathGradientBlend
GdipSetPathGradientCenterPointI
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipSetLineBlend
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetCompositingQuality
GdipSetCompositingMode
GdipSetStringFormatTrimming
GdipDrawPath
ord1
GdipAddPathPie
GdipAddPathEllipse
GdipCreateLineBrush
GdipGetImageHeight
GdipSetClipRectI
GdipTranslateWorldTransform
GdipRestoreGraphics
GdipSaveGraphics
GdipRotateWorldTransform
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDrawString
GdipDeleteStringFormat
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipFillRectangle
GdipDrawRectangle
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigures
GdipFillPolygon
GdipAddPathPolygon
GdipGetSmoothingMode
GdipFillPath
GdipIsVisiblePathPointI
GdipCreatePath
GdipAddPathCurve
GdipDeletePath
GdipDrawLine
GdipCreatePen1
GdipDeletePen
GdipCreateHatchBrush
GdipCreateLineBrushFromRect
GdipSetLinePresetBlend
GdipCreateSolidFill
GdipFillEllipse
GdipSetSmoothingMode
GdipScaleWorldTransform
GdipGetDpiY
GdipGetDpiX
GdipSetPageUnit
GdipDeleteFont
GdipMeasureString
GdipCreateFontFromLogfontW
GdipDeleteBrush

ws2_32

WSASend
sendto
getsockname
WSAAddressToStringW
WSASetLastError
WSAStringToAddressW
WSARecv
shutdown
ioctlsocket
getsockopt
setsockopt
WSAIoctl
WSAGetLastError
closesocket
recv
send
connect
htons
inet_addr
gethostbyname
WSACleanup
socket
WSAStartup
inet_ntoa
ntohs
bind
WSAGetOverlappedResult
listen
WSARecvFrom
WSASendTo

avifil32

AVIFileCreateStreamW
AVIMakeCompressedStream
AVISaveOptionsFree
AVIFileInit
AVISaveOptions
AVIFileRelease
AVIStreamRelease
AVIStreamWrite
AVIStreamSetFormat
AVIFileOpenW
AVIFileExit

msvfw32

DrawDibOpen
DrawDibDraw
ord2
DrawDibClose

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

winmm

timeGetTime
PlaySoundW
waveOutWrite
waveOutPrepareHeader
waveOutGetErrorTextW
timeBeginPeriod
waveOutOpen
waveOutUnprepareHeader
waveInGetErrorTextW
waveInStart
waveInReset
waveInOpen
waveInClose
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetNumDevs
waveInGetDevCapsW
timeGetDevCaps
timeEndPeriod
waveOutClose
waveOutGetDevCapsW
waveOutGetNumDevs
waveOutReset

imm32

ImmGetIMEFileNameA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetCandidateListW
ImmSetCandidateWindow
ImmGetContext
ImmGetOpenStatus
ImmNotifyIME
ImmAssociateContext
ImmReleaseContext

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

glu32

gluProject
gluLookAt
gluPerspective
gluUnProject

opengl32

glReadPixels
glClearAccum
glClearColor
glMaterialfv
glLightModelfv
glLightfv
glColorMaterial
glBlendFunc
glShadeModel
glHint
glLoadIdentity
glMatrixMode
glViewport
glClearDepth
glEnable
glClear
wglMakeCurrent
glFlush
glFinish
wglCreateContext
glGetIntegerv
glPopMatrix
glTranslated
glAccum
glPushMatrix
wglDeleteContext
glGetDoublev
glPopAttrib
glEnd
glVertex3d
glBegin
glLineWidth
glColor3f
glDisable
glPushAttrib
glMultMatrixd
glCallList
glNormal3d
glRotated
glEndList
glGetError
glNewList
glDeleteLists
glIsEnabled

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

SDL_AddEventWatch
SDL_AddHintCallback
SDL_AddTimer
SDL_AllocFormat
SDL_AllocPalette
SDL_AllocRW
SDL_AtomicAdd
SDL_AtomicCAS
SDL_AtomicCASPtr
SDL_AtomicGet
SDL_AtomicGetPtr
SDL_AtomicLock
SDL_AtomicSet
SDL_AtomicSetPtr
SDL_AtomicTryLock
SDL_AtomicUnlock
SDL_AudioInit
SDL_AudioQuit
SDL_AudioStreamAvailable
SDL_AudioStreamClear
SDL_AudioStreamFlush
SDL_AudioStreamGet
SDL_AudioStreamPut
SDL_BuildAudioCVT
SDL_CalculateGammaRamp
SDL_CaptureMouse
SDL_ClearComposition
SDL_ClearError
SDL_ClearHints
SDL_ClearQueuedAudio
SDL_CloseAudio
SDL_CloseAudioDevice
SDL_ComposeCustomBlendMode
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertPixels
SDL_ConvertSurface
SDL_ConvertSurfaceFormat
SDL_CreateColorCursor
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateRGBSurfaceWithFormat
SDL_CreateRGBSurfaceWithFormatFrom
SDL_CreateRenderer
SDL_CreateSemaphore
SDL_CreateShapedWindow
SDL_CreateSoftwareRenderer
SDL_CreateSystemCursor
SDL_CreateTexture
SDL_CreateTextureFromSurface
SDL_CreateThread
SDL_CreateThreadWithStackSize
SDL_CreateWindow
SDL_CreateWindowAndRenderer
SDL_CreateWindowFrom
SDL_DXGIGetOutputInfo
SDL_DYNAPI_entry
SDL_DelEventWatch
SDL_DelHintCallback
SDL_Delay
SDL_DequeueAudio
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroyRenderer
SDL_DestroySemaphore
SDL_DestroyTexture
SDL_DestroyWindow
SDL_DetachThread
SDL_Direct3D9GetAdapterIndex
SDL_DisableScreenSaver
SDL_DuplicateSurface
SDL_EnableScreenSaver
SDL_EncloseFPoints
SDL_EnclosePoints
SDL_Error
SDL_EventState
SDL_FillRect
SDL_FillRects
SDL_FilterEvents
SDL_FlashWindow
SDL_FlushEvent
SDL_FlushEvents
SDL_FreeAudioStream
SDL_FreeCursor
SDL_FreeFormat
SDL_FreePalette
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_GL_BindTexture
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_ExtensionSupported
SDL_GL_GetAttribute
SDL_GL_GetCurrentContext
SDL_GL_GetCurrentWindow
SDL_GL_GetDrawableSize
SDL_GL_GetProcAddress
SDL_GL_GetSwapInterval
SDL_GL_LoadLibrary
SDL_GL_MakeCurrent
SDL_GL_ResetAttributes
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GL_UnbindTexture
SDL_GL_UnloadLibrary
SDL_GameControllerAddMapping
SDL_GameControllerAddMappingsFromRW
SDL_GameControllerClose
SDL_GameControllerEventState
SDL_GameControllerFromInstanceID
SDL_GameControllerFromPlayerIndex
SDL_GameControllerGetAppleSFSymbolsNameForAxis
SDL_GameControllerGetAppleSFSymbolsNameForButton
SDL_GameControllerGetAttached
SDL_GameControllerGetAxis
SDL_GameControllerGetAxisFromString
SDL_GameControllerGetBindForAxis
SDL_GameControllerGetBindForButton
SDL_GameControllerGetButton
SDL_GameControllerGetButtonFromString
SDL_GameControllerGetJoystick
SDL_GameControllerGetNumTouchpadFingers
SDL_GameControllerGetNumTouchpads
SDL_GameControllerGetPlayerIndex
SDL_GameControllerGetProduct
SDL_GameControllerGetProductVersion
SDL_GameControllerGetSensorData
SDL_GameControllerGetSensorDataRate
SDL_GameControllerGetSerial
SDL_GameControllerGetStringForAxis
SDL_GameControllerGetStringForButton
SDL_GameControllerGetTouchpadFinger
SDL_GameControllerGetType
SDL_GameControllerGetVendor
SDL_GameControllerHasAxis
SDL_GameControllerHasButton
SDL_GameControllerHasLED
SDL_GameControllerHasRumble
SDL_GameControllerHasRumbleTriggers
SDL_GameControllerHasSensor
SDL_GameControllerIsSensorEnabled
SDL_GameControllerMapping
SDL_GameControllerMappingForDeviceIndex
SDL_GameControllerMappingForGUID
SDL_GameControllerMappingForIndex
SDL_GameControllerName
SDL_GameControllerNameForIndex
SDL_GameControllerNumMappings
SDL_GameControllerOpen
SDL_GameControllerRumble
SDL_GameControllerRumbleTriggers
SDL_GameControllerSendEffect
SDL_GameControllerSetLED
SDL_GameControllerSetPlayerIndex
SDL_GameControllerSetSensorEnabled
SDL_GameControllerTypeForIndex
SDL_GameControllerUpdate
SDL_GetAssertionHandler
SDL_GetAssertionReport
SDL_GetAudioDeviceName
SDL_GetAudioDeviceSpec
SDL_GetAudioDeviceStatus
SDL_GetAudioDriver
SDL_GetAudioStatus
SDL_GetBasePath
SDL_GetCPUCacheLineSize
SDL_GetCPUCount
SDL_GetClipRect
SDL_GetClipboardText
SDL_GetClosestDisplayMode
SDL_GetColorKey
SDL_GetCurrentAudioDriver
SDL_GetCurrentDisplayMode
SDL_GetCurrentVideoDriver
SDL_GetCursor
SDL_GetDefaultAssertionHandler
SDL_GetDefaultCursor
SDL_GetDesktopDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayDPI
SDL_GetDisplayMode
SDL_GetDisplayName
SDL_GetDisplayOrientation
SDL_GetDisplayUsableBounds
SDL_GetError
SDL_GetErrorMsg
SDL_GetEventFilter
SDL_GetGlobalMouseState
SDL_GetGrabbedWindow
SDL_GetHint
SDL_GetHintBoolean
SDL_GetKeyFromName
SDL_GetKeyFromScancode
SDL_GetKeyName
SDL_GetKeyboardFocus
SDL_GetKeyboardState
SDL_GetMemoryFunctions
SDL_GetModState
SDL_GetMouseFocus
SDL_GetMouseState
SDL_GetNumAllocations
SDL_GetNumAudioDevices
SDL_GetNumAudioDrivers
SDL_GetNumDisplayModes
SDL_GetNumRenderDrivers
SDL_GetNumTouchDevices
SDL_GetNumTouchFingers
SDL_GetNumVideoDisplays
SDL_GetNumVideoDrivers
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetPixelFormatName
SDL_GetPlatform
SDL_GetPowerInfo
SDL_GetPrefPath
SDL_GetPreferredLocales
SDL_GetQueuedAudioSize
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseMode
SDL_GetRelativeMouseState
SDL_GetRenderDrawBlendMode
SDL_GetRenderDrawColor
SDL_GetRenderDriverInfo
SDL_GetRenderTarget
SDL_GetRenderer
SDL_GetRendererInfo
SDL_GetRendererOutputSize
SDL_GetRevision
SDL_GetRevisionNumber
SDL_GetScancodeFromKey
SDL_GetScancodeFromName
SDL_GetScancodeName
SDL_GetShapedWindowMode
SDL_GetSurfaceAlphaMod
SDL_GetSurfaceBlendMode
SDL_GetSurfaceColorMod
SDL_GetSystemRAM
SDL_GetTextureAlphaMod
SDL_GetTextureBlendMode
SDL_GetTextureColorMod
SDL_GetTextureScaleMode
SDL_GetTextureUserData
SDL_GetThreadID
SDL_GetThreadName
SDL_GetTicks
SDL_GetTicks64
SDL_GetTouchDevice
SDL_GetTouchDeviceType
SDL_GetTouchFinger
SDL_GetTouchName
SDL_GetVersion
SDL_GetVideoDriver
SDL_GetWindowBordersSize
SDL_GetWindowBrightness
SDL_GetWindowData
SDL_GetWindowDisplayIndex
SDL_GetWindowDisplayMode
SDL_GetWindowFlags
SDL_GetWindowFromID
SDL_GetWindowGammaRamp
SDL_GetWindowGrab
SDL_GetWindowICCProfile
SDL_GetWindowID
SDL_GetWindowKeyboardGrab
SDL_GetWindowMaximumSize
SDL_GetWindowMinimumSize
SDL_GetWindowMouseGrab
SDL_GetWindowMouseRect
SDL_GetWindowOpacity
SDL_GetWindowPixelFormat
SDL_GetWindowPosition
SDL_GetWindowSize
SDL_GetWindowSurface
SDL_GetWindowTitle
SDL_GetWindowWMInfo
SDL_GetYUVConversionMode
SDL_GetYUVConversionModeForResolution
SDL_HapticClose
SDL_HapticDestroyEffect
SDL_HapticEffectSupported
SDL_HapticGetEffectStatus
SDL_HapticIndex
SDL_HapticName
SDL_HapticNewEffect
SDL_HapticNumAxes
SDL_HapticNumEffects
SDL_HapticNumEffectsPlaying
SDL_HapticOpen
SDL_HapticOpenFromJoystick
SDL_HapticOpenFromMouse
SDL_HapticOpened
SDL_HapticPause
SDL_HapticQuery
SDL_HapticRumbleInit
SDL_HapticRumblePlay
SDL_HapticRumbleStop
SDL_HapticRumbleSupported
SDL_HapticRunEffect
SDL_HapticSetAutocenter
SDL_HapticSetGain
SDL_HapticStopAll
SDL_HapticStopEffect
SDL_HapticUnpause
SDL_HapticUpdateEffect
SDL_Has3DNow
SDL_HasARMSIMD
SDL_HasAVX
SDL_HasAVX2
SDL_HasAVX512F
SDL_HasAltiVec
SDL_HasClipboardText
SDL_HasColorKey
SDL_HasEvent
SDL_HasEvents
SDL_HasIntersection
SDL_HasIntersectionF
SDL_HasMMX
SDL_HasNEON
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_HasSSE3
SDL_HasSSE41
SDL_HasSSE42
SDL_HasScreenKeyboardSupport
SDL_HasSurfaceRLE
SDL_HideWindow
SDL_Init
SDL_InitSubSystem
SDL_IntersectFRect
SDL_IntersectFRectAndLine
SDL_IntersectRect
SDL_IntersectRectAndLine
SDL_IsGameController
SDL_IsScreenKeyboardShown
SDL_IsScreenSaverEnabled
SDL_IsShapedWindow
SDL_IsTablet
SDL_IsTextInputActive
SDL_IsTextInputShown
SDL_JoystickAttachVirtual
SDL_JoystickClose
SDL_JoystickCurrentPowerLevel
SDL_JoystickDetachVirtual
SDL_JoystickEventState
SDL_JoystickFromInstanceID
SDL_JoystickFromPlayerIndex
SDL_JoystickGetAttached
SDL_JoystickGetAxis
SDL_JoystickGetAxisInitialState
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetDeviceGUID
SDL_JoystickGetDeviceInstanceID
SDL_JoystickGetDevicePlayerIndex
SDL_JoystickGetDeviceProduct
SDL_JoystickGetDeviceProductVersion
SDL_JoystickGetDeviceType
SDL_JoystickGetDeviceVendor
SDL_JoystickGetGUID
SDL_JoystickGetGUIDFromString
SDL_JoystickGetGUIDString
SDL_JoystickGetHat
SDL_JoystickGetPlayerIndex
SDL_JoystickGetProduct
SDL_JoystickGetProductVersion
SDL_JoystickGetSerial
SDL_JoystickGetType
SDL_JoystickGetVendor
SDL_JoystickHasLED
SDL_JoystickHasRumble
SDL_JoystickHasRumbleTriggers
SDL_JoystickInstanceID
SDL_JoystickIsHaptic
SDL_JoystickIsVirtual
SDL_JoystickName
SDL_JoystickNameForIndex
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickRumble
SDL_JoystickRumbleTriggers
SDL_JoystickSendEffect
SDL_JoystickSetLED
SDL_JoystickSetPlayerIndex
SDL_JoystickSetVirtualAxis
SDL_JoystickSetVirtualButton
SDL_JoystickSetVirtualHat
SDL_JoystickUpdate
SDL_LoadBMP_RW
SDL_LoadDollarTemplates
SDL_LoadFile
SDL_LoadFile_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockAudioDevice
SDL_LockJoysticks
SDL_LockMutex
SDL_LockSensors
SDL_LockSurface
SDL_LockTexture
SDL_LockTextureToSurface
SDL_Log
SDL_LogCritical
SDL_LogDebug
SDL_LogError
SDL_LogGetOutputFunction
SDL_LogGetPriority
SDL_LogInfo
SDL_LogMessage
SDL_LogMessageV
SDL_LogResetPriorities
SDL_LogSetAllPriority
SDL_LogSetOutputFunction
SDL_LogSetPriority
SDL_LogVerbose
SDL_LogWarn
SDL_LowerBlit
SDL_LowerBlitScaled
SDL_MapRGB
SDL_MapRGBA
SDL_MasksToPixelFormatEnum
SDL_MaximizeWindow
SDL_MemoryBarrierAcquireFunction
SDL_MemoryBarrierReleaseFunction
SDL_Metal_CreateView
SDL_Metal_DestroyView
SDL_Metal_GetDrawableSize
SDL_Metal_GetLayer
SDL_MinimizeWindow
SDL_MixAudio
SDL_MixAudioFormat
SDL_MouseIsHaptic
SDL_NewAudioStream
SDL_NumHaptics
SDL_NumJoysticks
SDL_NumSensors
SDL_OnApplicationDidBecomeActive
SDL_OnApplicationDidEnterBackground
SDL_OnApplicationDidReceiveMemoryWarning
SDL_OnApplicationWillEnterForeground
SDL_OnApplicationWillResignActive
SDL_OnApplicationWillTerminate
SDL_OpenAudio
SDL_OpenAudioDevice
SDL_OpenURL
SDL_PauseAudio
SDL_PauseAudioDevice
SDL_PeepEvents
SDL_PixelFormatEnumToMasks
SDL_PollEvent
SDL_PremultiplyAlpha
SDL_PumpEvents
SDL_PushEvent
SDL_QueryTexture
SDL_QueueAudio
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_RWclose
SDL_RWread
SDL_RWseek
SDL_RWsize
SDL_RWtell
SDL_RWwrite
SDL_RaiseWindow
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_ReadU8
SDL_RecordGesture
SDL_RegisterApp
SDL_RegisterEvents
SDL_RemoveTimer
SDL_RenderClear
SDL_RenderCopy
SDL_RenderCopyEx
SDL_RenderCopyExF
SDL_RenderCopyF
SDL_RenderDrawLine
SDL_RenderDrawLineF

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.8MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27.2MB - Virtual size: 27.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ebx1.0.exp
Ebx1.0.lib
Ebx1.0.pdb
OtherPlugins/x64/一键提权启动.dll
.dll windows:5 windows x64 arch:x64

b09c74e70f2084f1980b66d566828aa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualProtect
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
CreateThread
GetVersionExW
lstrlenW
GetLastError
LocalFree
GetNativeSystemInfo
FreeLibrary
VirtualFree
IsBadReadPtr
SetLastError
VirtualAlloc
LoadLibraryA
Sleep
lstrcmpW
WinExec
CreateFileW
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
LocalAlloc
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetModuleHandleW
ExitProcess
DecodePointer
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlsGetValue
FlsFree
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
HeapSize

advapi32

RegOpenKeyExW
RegSetKeyValueW
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessWithTokenW
PrivilegeCheck
CreateProcessWithLogonW
OpenProcessToken
RegCloseKey

shell32

ShellExecuteW

oleaut32

SysFreeString
SysStringLen
SysAllocString

Exports

Exports

Main
invalid

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/企鹅解密.dll
.dll windows:5 windows x64 arch:x64

c9e6ad04be0879d0fa7f74b4f971923c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
HeapDestroy
LeaveCriticalSection
HeapCreate
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
Sleep
CreateEventA
GetLastError
CloseHandle
GetCurrentThreadId
SwitchToThread
SetLastError
WideCharToMultiByte
lstrlenW
ResetEvent
CreateEventW
CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
MapViewOfFile
UnmapViewOfFile
CreateRemoteThread
OpenProcess
lstrcmpW
MultiByteToWideChar
VirtualAllocEx
Process32FirstW
CreateFileMappingW
Process32NextW
CreateToolhelp32Snapshot
WriteProcessMemory
ExitProcess
CreateThread
FlushFileBuffers
CreateFileW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
SetHandleCount

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW

ws2_32

WSACreateEvent
WSASetLastError
WSAResetEvent
WSAWaitForMultipleEvents
WSAIoctl
connect
WSAStartup
shutdown
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
select
WSAEventSelect

winmm

timeGetTime

Exports

Exports

Main
invalid

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/写计划任务每次.dll
.dll windows:5 windows x64 arch:x64

121f61f20cfb7c69c28c2bff9bf17d56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
Sleep
CopyFileW
GetModuleFileNameW
lstrlenW
lstrcatW
CreateThread
GetStringTypeW
LCMapStringW
LoadLibraryW
IsValidCodePage
GetOEMCP
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Exports

Exports

Main
invalid

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/断网启动.dll
.dll windows:5 windows x64 arch:x64

455754e79637eb26e2c53c7928ed714b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
CreateThread
GetVersionExW
lstrlenW
GetLastError
LocalFree
SetLastError
Sleep
lstrcmpW
WinExec
CreateFileW
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
LocalAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
LCMapStringW
GetModuleHandleW
ExitProcess
DecodePointer
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlsGetValue
FlsFree
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
MultiByteToWideChar
HeapSize

advapi32

RegOpenKeyExW
RegSetKeyValueW
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessWithTokenW
PrivilegeCheck
CreateProcessWithLogonW
OpenProcessToken
RegCloseKey

oleaut32

SysFreeString
SysStringLen
SysAllocString

Exports

Exports

Main
invalid
run

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/更新白文件DLL.dll
.dll windows:5 windows x64 arch:x64

f01f25d1e595a2935e7f116db799c035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
WriteFile
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
lstrlenW
GetLastError
GetProcAddress
CloseHandle
GetCurrentProcessId
CreateThread
GetStringTypeW
LCMapStringW
ReadFile
GetProcessHeap
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapSize
HeapReAlloc
SetEndOfFile

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Main
invalid

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/添加用户x64.dll
.dll windows:6 windows x64 arch:x64

3d0112411bf23f72b9f1566a74ccbf10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\WeChat-文件管理加压缩\plugins\添加用户\x64\Release\添加用户.pdb

Imports

netapi32

NetLocalGroupAddMembers
NetUserAdd

kernel32

FindClose
WriteConsoleW
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/禁止微信升级.dll
.dll windows:5 windows x64 arch:x64

ea177065d8cb2e0493722e9bb528b44c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
DeleteFileW
lstrlenW
Sleep
WaitForSingleObject
CreateThread
FindFirstFileW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
GetLastError
HeapFree
EncodePointer
DecodePointer
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Main
invalid
run

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/结束进程下载文件.dll
.dll windows:5 windows x64 arch:x64

f01f25d1e595a2935e7f116db799c035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
WriteFile
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
lstrlenW
GetLastError
GetProcAddress
CloseHandle
GetCurrentProcessId
CreateThread
GetStringTypeW
LCMapStringW
ReadFile
GetProcessHeap
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapSize
HeapReAlloc
SetEndOfFile

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Main
invalid

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x64/驱动插件.dll
.dll windows:5 windows x64 arch:x64

43bda4a250cf1a70ca6761a8364397ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetCurrentProcessId
CreateThread
GetFullPathNameW
GetModuleHandleW
GetFileSize
WriteFile
Sleep
GetVersionExW
ReadFile
lstrlenW
MoveFileW
LocalAlloc
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
LocalFree
CreateRemoteThread
VirtualFreeEx
TerminateProcess
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
GetCurrentThreadId
DeviceIoControl
GetProcAddress
GetLastError
CreateFileW
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
Process32FirstW
GetUserDefaultLCID
WriteConsoleW
SetStdHandle
LCMapStringW
FlushFileBuffers
GetStringTypeW
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
ExitProcess
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetStdHandle
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocaleInfoW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
StartServiceW
LookupAccountSidW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessWithTokenW
PrivilegeCheck
CreateProcessWithLogonW
OpenProcessToken
RegSetValueExW

shell32

SHGetFolderPathW

oleaut32

SysFreeString
SysStringLen
SysAllocString

shlwapi

SHSetValueW

Exports

Exports

Main
invalid

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/K核晶360.dll
.dll windows:5 windows x86 arch:x86

99d48424e2d8e57a0d0369479eb52dc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
WaitForSingleObject
WriteFile
Sleep
lstrlenW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
GlobalAddAtomW
CreateThread
GetStringTypeW
MultiByteToWideChar
LCMapStringW
IsProcessorFeaturePresent
RtlUnwind
GetModuleFileNameW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
HeapSize

user32

PostMessageW
FindWindowExA
PostMessageA
MessageBoxW
FindWindowA
keybd_event

Exports

Exports

Main
invalid
run

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/企鹅解密.dll
.dll windows:5 windows x86 arch:x86

9f5530aa7f7570671cdd194ac9051681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
HeapDestroy
LeaveCriticalSection
HeapCreate
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
Sleep
CreateEventA
GetLastError
CloseHandle
GetCurrentThreadId
SwitchToThread
SetLastError
WideCharToMultiByte
lstrlenW
InterlockedExchange
ResetEvent
CreateEventW
CancelIo
TryEnterCriticalSection
SetWaitableTimer
CreateWaitableTimerW
MapViewOfFile
UnmapViewOfFile
CreateRemoteThread
OpenProcess
lstrcmpW
MultiByteToWideChar
VirtualAllocEx
Process32FirstW
CreateFileMappingW
Process32NextW
CreateToolhelp32Snapshot
WriteProcessMemory
ExitProcess
CreateThread
FlushFileBuffers
CreateFileW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
DecodePointer
EncodePointer
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetFileType

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW

ws2_32

shutdown
WSACreateEvent
WSASetLastError
WSAWaitForMultipleEvents
WSAIoctl
connect
WSAStartup
WSAEventSelect
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSAEnumNetworkEvents
WSAGetLastError
WSACloseEvent
select
WSAResetEvent

winmm

timeGetTime

Exports

Exports

Main
invalid

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/写计划任务每次.dll
.dll windows:5 windows x86 arch:x86

213f77713427aa57ad576ff9b2a65b69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
WaitForSingleObject
Sleep
CopyFileW
GetModuleFileNameW
lstrlenW
lstrcatW
CreateThread
GetStringTypeW
LCMapStringW
LoadLibraryW
IsValidCodePage
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
RaiseException
RtlUnwind
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Exports

Exports

Main
invalid

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/更新白文件DLL.dll
.dll windows:5 windows x86 arch:x86

476e54f494f044aadfacecb1120ff424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
WriteFile
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
lstrlenW
GetLastError
GetProcAddress
CloseHandle
GetCurrentProcessId
CreateThread
GetStringTypeW
LCMapStringW
ReadFile
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapSize
HeapReAlloc
SetEndOfFile

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Main
invalid

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/添加用户x86.dll
.dll windows:6 windows x86 arch:x86

e3024255a7594e6449e6cde1261acbd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WeChat-文件管理加压缩\plugins\添加用户\Release\添加用户.pdb

Imports

netapi32

NetLocalGroupAddMembers
NetUserAdd

kernel32

FindNextFileW
DecodePointer
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
CreateFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CloseHandle

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/禁止微信升级.dll
.dll windows:5 windows x86 arch:x86

2d81639cfcf0b7dec5029a96d8ef124e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
DeleteFileW
lstrlenW
Sleep
WaitForSingleObject
CreateThread
FindFirstFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

Main
invalid
run

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/结束进程下载文件.dll
.dll windows:5 windows x86 arch:x86

476e54f494f044aadfacecb1120ff424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
WriteFile
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
lstrlenW
GetLastError
GetProcAddress
CloseHandle
GetCurrentProcessId
CreateThread
GetStringTypeW
LCMapStringW
ReadFile
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapSize
HeapReAlloc
SetEndOfFile

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Main
invalid

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OtherPlugins/x86/驱动插件.dll
.dll windows:5 windows x86 arch:x86

44dec58e0961a6ad363070f49e4d665f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetCurrentProcessId
CreateThread
GetFullPathNameW
GetModuleHandleW
GetFileSize
InterlockedDecrement
WriteFile
Sleep
ReadFile
lstrlenW
MoveFileW
Process32FirstW
LocalAlloc
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
LocalFree
GetCurrentThreadId
DeviceIoControl
GetProcAddress
GetLastError
CreateFileW
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
GetVersionExW
SetStdHandle
WriteConsoleW
LCMapStringW
FlushFileBuffers
GetStringTypeW
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
IsProcessorFeaturePresent
RaiseException
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
StartServiceW
LookupAccountSidW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
CloseServiceHandle
CreateServiceW
OpenProcessToken
RegSetValueExW

shell32

SHGetFolderPathW

oleaut32

SysFreeString
SysStringLen
SysAllocString

shlwapi

SHSetValueW

Exports

Exports

Main
invalid

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c3cba76cf00268efbf1f39077e8f29e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

ws2_32

avifil32

msvfw32

avrt

winmm

imm32

oleacc

glu32

opengl32

setupapi

version

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rodata Size: 12KB - Virtual size: 11KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 3.8MB - Virtual size: 4.3MB

.rsrc Size: 27.2MB - Virtual size: 27.2MB

.reloc Size: 543KB - Virtual size: 542KB

b09c74e70f2084f1980b66d566828aa0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 229KB - Virtual size: 237KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

c9e6ad04be0879d0fa7f74b4f971923c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 83KB - Virtual size: 91KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 4.9MB - Virtual size: 4.9MB

.rodata
Size: 12KB - Virtual size: 11KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 3.8MB - Virtual size: 4.3MB

.rsrc
Size: 27.2MB - Virtual size: 27.2MB

.reloc
Size: 543KB - Virtual size: 542KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 229KB - Virtual size: 237KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 83KB - Virtual size: 91KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 228KB - Virtual size: 237KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 1KB