D:\my2018\nstools\nsSetup\HofoInstallers-2.0\Release\Install_silent.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
01e76af4c10583b6206705253e57eae35541e06a535e2b21e7a5a53daad4828d.exe
Resource
win7-20231129-en
windows7-x64
13 signatures
150 seconds
General
-
Target
01e76af4c10583b6206705253e57eae35541e06a535e2b21e7a5a53daad4828d
-
Size
12.2MB
-
MD5
0002f96de31bff8730e7bf11311c5432
-
SHA1
1b460c763ef910e37c36da24d8f961b11f7027e5
-
SHA256
01e76af4c10583b6206705253e57eae35541e06a535e2b21e7a5a53daad4828d
-
SHA512
51c60a460ce0357d0b13846686f9614c61cc00a9ef9f177887af521026c9805e3bb48e9a2c736b259a9493842312f8502dc1b908d577878bcec57856f4414fa3
-
SSDEEP
393216:BuNYBRVtUInaxV+axrwA24j2srINhkQdvnlE:8CfSya7+j4jdINpx
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 01e76af4c10583b6206705253e57eae35541e06a535e2b21e7a5a53daad4828d
Files
-
01e76af4c10583b6206705253e57eae35541e06a535e2b21e7a5a53daad4828d.exe windows:5 windows x86 arch:x86
a87104b2c908e50c35a7152a4d8bd0db
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
WriteConsoleW
GetTimeZoneInformation
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
FlushFileBuffers
SetFilePointerEx
GetConsoleCP
ReadConsoleW
HeapReAlloc
HeapSize
HeapDestroy
lstrlenW
CloseHandle
GetLastError
CreateMutexW
GetConsoleMode
SetStdHandle
GetFullPathNameW
GetModuleFileNameW
lstrcpyW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetTickCount
CreateThread
WideCharToMultiByte
GetCurrentProcess
MultiByteToWideChar
InterlockedDecrement
GetProcAddress
WaitForSingleObject
GetNativeSystemInfo
GetVersionExW
CreateDirectoryW
GetDiskFreeSpaceExW
lstrcatW
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynW
FreeResource
LoadLibraryW
UpdateResourceW
BeginUpdateResourceW
EndUpdateResourceW
UnmapViewOfFile
LCMapStringA
GetSystemPowerStatus
GetACP
ReadFile
SetFilePointer
lstrcmpiW
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetSystemDirectoryW
GetSystemInfo
SystemTimeToFileTime
CreatePipe
GetStartupInfoW
CreateProcessW
DeleteFileW
CopyFileW
Sleep
lstrcmpW
GetSystemWow64DirectoryW
SetCurrentDirectoryW
TerminateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcessId
FreeLibrary
FindFirstFileW
FindNextFileW
WriteFile
GetCurrentThread
VirtualFreeEx
ResumeThread
Module32FirstW
Module32NextW
GetLocalTime
InitializeCriticalSection
CreateEventW
ResetEvent
VirtualAlloc
VirtualFree
SetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
LoadLibraryExW
VirtualQuery
SetLastError
VirtualProtect
InterlockedCompareExchange
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
VirtualProtectEx
ReadProcessMemory
VirtualQueryEx
ExitProcess
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
MoveFileExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
CompareStringW
LCMapStringW
GetStringTypeW
GetCurrentDirectoryW
user32
SystemParametersInfoW
MessageBoxW
UnregisterClassW
UpdateLayeredWindow
DrawIconEx
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
GetDC
ReleaseDC
wsprintfW
FindWindowW
ShowWindow
IsIconic
SetForegroundWindow
SendMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetSystemMetrics
LoadImageW
PrivateExtractIconsW
GetWindow
ExitWindowsEx
GetWindowRect
SetCursor
LoadCursorW
PostMessageW
GetWindowLongW
DefWindowProcW
LoadIconW
RegisterClassExW
CreateWindowExW
SetWindowLongW
DestroyWindow
MoveWindow
SetWindowPos
BeginPaint
EndPaint
GetClientRect
ClientToScreen
SetLayeredWindowAttributes
SetCapture
GetCursorPos
ReleaseCapture
TrackMouseEvent
FillRect
OffsetRect
SetWindowRgn
EnableWindow
wininet
InternetCloseHandle
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpSendRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetReadFile
FtpOpenFileW
FtpGetFileSize
GetUrlCacheEntryInfoW
InternetGetConnectedState
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
winmm
mciSendStringW
PlaySoundW
gdiplus
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipDisposeImage
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipLoadImageFromFileICM
GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipLoadImageFromFile
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneImage
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipResetWorldTransform
GdipDeleteFont
crypt32
CertFindCertificateInStore
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
wintrust
WinVerifyTrust
urlmon
URLDownloadToFileW
iphlpapi
GetAdaptersInfo
gdi32
SelectObject
MoveToEx
LineTo
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
SetROP2
GetObjectW
CreateRectRgn
CombineRgn
OffsetRgn
CreatePen
GetStockObject
CreateDIBSection
CreateDCW
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetObjectA
SetRectRgn
comdlg32
GetSaveFileNameW
ChooseColorW
GetOpenFileNameW
advapi32
DeleteService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenSCManagerW
CreateServiceW
OpenServiceW
CloseServiceHandle
StartServiceW
ControlService
RegOpenKeyW
RegCreateKeyW
RegSetValueW
RegDeleteKeyW
GetTokenInformation
LookupAccountSidW
RegDeleteValueW
RegNotifyChangeKeyValue
shell32
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ole32
CreateStreamOnHGlobal
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
oleaut32
VariantInit
VariantClear
SysFreeString
VariantChangeType
SysAllocString
shlwapi
PathFileExistsW
PathMakeSystemFolderW
Exports
Exports
?$TSS0@?1??Instance@CNsApp@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsDownload@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsFont@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsHook@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsImage@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsLog@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsNet@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsProcess@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsReg@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsSkin@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsThread@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsUpdate@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsXml@@SAAAV2@XZ@4HA
?$TSS0@?1??Instance@CNsZlib@@SAAAV2@XZ@4HA
??0CLock@@QAE@XZ
??0CNsApp@@QAE@XZ
??0CNsDC@@QAE@PAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
??0CNsDC@@QAE@XZ
??0CNsDownload@@QAE@XZ
??0CNsFont@@QAE@ABV0@@Z
??0CNsFont@@QAE@XZ
??0CNsHook@@QAE@XZ
??0CNsImage@@QAE@ABV0@@Z
??0CNsImage@@QAE@XZ
??0CNsInstaller@@QAE@ABV0@@Z
??0CNsInstaller@@QAE@XZ
??0CNsLog@@QAE@ABV0@@Z
??0CNsLog@@QAE@XZ
??0CNsNet@@QAE@XZ
??0CNsPacket@@QAE@ABV0@@Z
??0CNsProcess@@QAE@XZ
??0CNsReg@@QAE@XZ
??0CNsSkin@@QAE@ABV0@@Z
??0CNsSkin@@QAE@XZ
??0CNsThread@@QAE@ABV0@@Z
??0CNsThread@@QAE@XZ
??0CNsUpdate@@QAE@ABV0@@Z
??0CNsUpdate@@QAE@XZ
??0CNsXml@@QAE@ABV0@@Z
??0CNsXml@@QAE@XZ
??0CNsZlib@@QAE@XZ
??1CLock@@QAE@XZ
??1CNsApp@@QAE@XZ
??1CNsDC@@QAE@XZ
??1CNsDownload@@QAE@XZ
??1CNsFont@@QAE@XZ
??1CNsHook@@QAE@XZ
??1CNsImage@@QAE@XZ
??1CNsInstaller@@QAE@XZ
??1CNsLog@@QAE@XZ
??1CNsNet@@QAE@XZ
??1CNsProcess@@QAE@XZ
??1CNsReg@@QAE@XZ
??1CNsSkin@@QAE@XZ
??1CNsThread@@QAE@XZ
??1CNsUpdate@@QAE@XZ
??1CNsXml@@QAE@XZ
??1CNsZlib@@QAE@XZ
??4CLock@@QAEAAV0@ABV0@@Z
??4CNsApp@@QAEAAV0@ABV0@@Z
??4CNsDC@@QAEAAV0@ABV0@@Z
??4CNsDownload@@QAEAAV0@ABV0@@Z
??4CNsFont@@QAEAAV0@ABV0@@Z
??4CNsHook@@QAEAAV0@ABV0@@Z
??4CNsImage@@QAEAAV0@ABV0@@Z
??4CNsInstaller@@QAEAAV0@ABV0@@Z
??4CNsLog@@QAEAAV0@ABV0@@Z
??4CNsNet@@QAEAAV0@ABV0@@Z
??4CNsPETools@@QAEAAV0@$$QAV0@@Z
??4CNsPETools@@QAEAAV0@ABV0@@Z
??4CNsPacket@@QAEAAV0@ABV0@@Z
??4CNsProcess@@QAEAAV0@ABV0@@Z
??4CNsReg@@QAEAAV0@ABV0@@Z
??4CNsSkin@@QAEAAV0@ABV0@@Z
??4CNsThread@@QAEAAV0@ABV0@@Z
??4CNsUpdate@@QAEAAV0@ABV0@@Z
??4CNsXml@@QAEAAV0@ABV0@@Z
??4CNsZlib@@QAEAAV0@$$QAV0@@Z
??4CNsZlib@@QAEAAV0@ABV0@@Z
?AddDelInfo@CNsInstaller@@AAE_NAAUtagDelInfo@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@HPB_WHHHHHHHHPAUHDC__@@@Z
?AddMovie@CNsImage@@QAE_NPAUHWND__@@PB_WHHHHHHHHPAUHDC__@@@Z
?AddShellMenu@@YAHPB_W0H0H@Z
?AddTask@CNsDownload@@QAEHPB_W0@Z
?AddTimer@CNsThread@@AAEPAUtagNsTimer@@AAU2@@Z
?AdjustTokenPrivilegesForNT@CNsHook@@QAEX_N@Z
?AutoRun@CNsInstaller@@QAEXXZ
?BmToStream@CNsImage@@QAE_NPAUHBITMAP__@@PAUIStream@@PB_W@Z
?CertExists@@YAHPB_W0@Z
?CheckComponent@CNsInstaller@@QAE_NXZ
?CheckDir@CNsInstaller@@QAEXPB_W0@Z
?CheckFont@CNsFont@@QAEHPB_W@Z
?CheckImage@CNsImage@@QAE_NPB_W@Z
?CheckInstalled@@YAHPB_W@Z
?CheckNotice@CNsInstaller@@QAEXXZ
?CheckOneInstance@@YAHPB_W0@Z
?CheckSafeMsg@CNsInstaller@@QAE_NXZ
?CheckSetup@CNsUpdate@@AAEXXZ
?CheckTask@CNsUpdate@@AAEXPB_W@Z
?CheckUpdate@CNsUpdate@@QAEHPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?CheckValid@CNsInstaller@@QAEXXZ
?CloseUsedProc@CNsHook@@QAEXPB_W@Z
?CompVersion@@YAHPB_W0@Z
?CreateCompatibleBitmapEx@CNsDC@@QAEPAUHBITMAP__@@UtagRECT@@@Z
?CreateDirTree@@YAHPB_W@Z
?CreateFolder@@YAHPB_W@Z
?CreateMemDC@CNsDC@@QAEXPAUHDC__@@AAUtagRECT@@_N2PAUHWND__@@@Z
?CreateNewFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?CreateProcWithDll@CNsHook@@QAEXPB_WPBD@Z
?CreateShareMem@@YAPAXPB_WK@Z
?CreateShortcut@@YAHPB_W000G0H@Z
?CreateShortcuts@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUID@@YAXPA_WH@Z
?CreateUninstallCfg@CNsInstaller@@QAEXPAUtagSetupInfo@@@Z
?CreateUrlShortcut@@YAHPB_W0@Z
?CreateUserShortcuts@CNsInstaller@@AAEXXZ
?DecodeFile@CNsZlib@@QAEJPB_W0K@Z
?DecodeGZipBuffer@CNsZlib@@QAEJPAEJPAPAEPAJ@Z
?DelTask@CNsDownload@@QAEHPB_W@Z
?DelTray@@YAHPAUHWND__@@@Z
?DesGo@@YAXQBDPADHH@Z
?DisableFsRedirection@@YAXPAPAX@Z
?DoFunc@@YAHPB_W0@Z
?DoReport@@YAXPB_W00@Z
?DoRun@@YAHPB_W0HH@Z
?DoSetup@CNsInstaller@@AAEXPB_W@Z
?DoUpdate@CNsInstaller@@QAEX_NPB_W@Z
?DownComponent@CNsInstaller@@AAEXPB_W@Z
?DownNotify2@CNsInstaller@@CGXHPB_W_J1N@Z
?DownNotify@CNsInstaller@@CGXHPB_W_J1N@Z
?DownloadThread@CNsDownload@@CGIPAX@Z
?Draw@CNsDC@@QAEXXZ
?DrawCaret@CNsApp@@QAEXPAUHWND__@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHPAUtagRECT@@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@PAVImageAttributes@4@@Z
?DrawImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHPAUtagRECT@@@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@HPB_WMMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@MMMMHHHH@Z
?DrawImgEx@CNsImage@@QAE_NPAUHDC__@@PB_WMMMMHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@HPB_WHHHHHH@Z
?DrawRotate3D@CNsImage@@QAEXPAUHDC__@@PAUIStream@@HHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHH@Z
?DrawRotate@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHH@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawRotateFlip@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHW4RotateFlipType@Gdiplus@@M@Z
?DrawSplitH@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@H@Z
?DrawSplitV@CNsImage@@AAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHPAUtagRECT@@HH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@HPB_WHHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PAVImage@Gdiplus@@HHHHHHHH@Z
?DrawStretchImg@CNsImage@@QAE_NPAUHDC__@@PB_WHHHHHHHH@Z
?DrawString@CNsImage@@QAEXPAUHDC__@@PAUHFONT__@@PB_WHHHHKH_N3H@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@HPB_WKKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PAUIStream@@KKHHHH@Z
?DrawTranImg@CNsImage@@QAE_NPAUHDC__@@PB_WKKHHHH@Z
?EasyEncode@@YAXPADH@Z
?EncodeFile@CNsZlib@@QAEJPB_W0H@Z
?ExecScript@CNsInstaller@@QAEXPB_W@Z
?ExitApp@CNsApp@@QAEXXZ
?ExitThread@CNsThread@@QAEXPAXH@Z
?ExtractCollection@CNsInstaller@@AAE_N_JPB_WPAU_iobuf@@@Z
?ExtractFile@CNsInstaller@@AAE_NPAUtagPacketInfo@@PAU_iobuf@@@Z
?ExtractFileEx@CNsInstaller@@AAE_NPAUtagPacketInfo@@@Z
?ExtractFileName@@YAXPA_W@Z
?ExtractPath@@YAXPA_W@Z
?FileSize@@YA_JPB_W@Z
?FileTime@@YAHPB_WPAU_SYSTEMTIME@@11@Z
?FindRes@CNsSkin@@AAE_NPB_WPAUIStream@@@Z
?ForceLog@CNsLog@@QAEX_N@Z
?FreeSkin@CNsSkin@@QAEXXZ
?GbToTraditional@@YAXPADH@Z
?GetAdvInfo@CNsInstaller@@QAE_NAAUtagStyleInfo@@@Z
?GetBaseBoardByCmd@@YAHPADH@Z
?GetCPUID@@YAXPAD@Z
?GetClipboard@@YAHPA_WH@Z
?GetCloudInfo@CNsInstaller@@QAE_NAAUtagCloudInfo@@@Z
?GetCollectionInfo@CNsInstaller@@QAE_NAAUtagCollectionInfo@@@Z
?GetColorDlg@@YAKPAUHWND__@@K@Z
?GetCurPath@@YAXPA_W@Z
?GetCurPathEx@@YAXPB_WPA_W@Z
?GetDefaultSize@CNsFont@@QAEHXZ
?GetDeskWin@@YAPAUHWND__@@XZ
?GetDesktopPath@@YAHPA_W@Z
?GetEncoderClsid@CNsImage@@QAEHPB_WPAU_GUID@@@Z
?GetFileIcon@@YAPAUHICON__@@PB_WHH@Z
?GetFileVer@@YAHPB_WPA_W@Z
?GetFont@CNsFont@@AAEPAUHFONT__@@AAUtagFontInfo@@@Z
?GetFont@CNsFont@@QAEPAUHFONT__@@HPB_WHHH@Z
?GetFtpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@Z00@Z
?GetHttpFile@CNsDownload@@QAEHPB_W0HP6GXH0_J1N@ZH@Z
?GetImgSize@CNsImage@@QAE_NHAAH0@Z
?GetImgSize@CNsImage@@QAE_NPB_WAAH1@Z
?GetInfoLen@CNsNet@@QAEHXZ
?GetInstallPath@@YAHPB_WPA_W@Z
?GetLogFileName@CNsLog@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetMacAddr@@YAHAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetModuleAddr@CNsHook@@QAE_NPB_WKPAPAE@Z
?GetMoreInfo@CNsInstaller@@QAE_NAAUtagMorePacketInfo@@@Z
?GetMovieIndex@CNsImage@@QAEHH@Z
?GetNodeAttr@CNsXml@@QAEHPB_W0PA_W@Z
?GetOsName@@YAHPA_W@Z
?GetPathUseSpace@@YA_KPB_W@Z
?GetProcByName@CNsProcess@@QAE_NPB_WPAUtagPROCESSENTRY32W@@@Z
?GetProcList@CNsProcess@@QAE_NAAV?$vector@UtagPROCESSENTRY32W@@V?$allocator@UtagPROCESSENTRY32W@@@std@@@std@@@Z
?GetProcessHandle@CNsHook@@QAEPAXPB_W@Z
?GetProgramFilePath@@YAHPA_W@Z
?GetProgramsPath@@YAHPA_W@Z
?GetQuickLaunchPath@@YAHPA_WH@Z
?GetRegInfo@@YAHPAUHKEY__@@PA_W1H1@Z
?GetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1H1@Z
?GetRes@CNsSkin@@QAE_NPB_WPAUIStream@@@Z
?GetResType@CNsSkin@@QAEHXZ
?GetSetupInfo@CNsInstaller@@QAE_NAAUtagSetupInfo@@@Z
?GetSetupInfoEx@CNsInstaller@@QAE_NAAUtagSetupInfo@@@Z
?GetShortcutIcon@@YAHPB_WPA_WPAH@Z
?GetShortcutUrl@@YAHPB_WPA_W@Z
?GetSoftVer@@YAHPB_WPA_W@Z
?GetStartMenuPath@@YAHPA_W@Z
?GetStrSize@CNsImage@@QAE?AUtagSIZE@@PB_WPAUHWND__@@PAUHFONT__@@VRectF@Gdiplus@@@Z
?GetStrWidth@CNsImage@@QAEHPB_WPAUHWND__@@PAUHFONT__@@_N@Z
?GetSystemVersion@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetThemesPath@CNsSkin@@QAEXPA_W@Z
?GetUrlCacheIcon@@YAPAUHICON__@@PB_WH@Z
?GetUrlCacheIconPath@@YAHPB_WPA_W@Z
?GetUrlInfo@@YAHPB_WPADH@Z
?GetUrlInfo@CNsNet@@QAEHPB_WPADHH@Z
?GetUrlShortcutIcon@@YAHPB_WPA_WH@Z
?GetXmlNode@CNsXml@@QAEHPA_WAAH@Z
?GetXmlNodeCount@@YAHPB_W@Z
?GetXmlNodeCount@CNsXml@@QAEHPB_W@Z
?GetXmlNodeValue2@@YAHPB_WPA_WH@Z
?GetXmlNodeValue3@@YAHPB_WPA_WPAH@Z
?GetXmlNodeValue@@YAHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_W@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WH@Z
?GetXmlNodeValue@CNsXml@@QAEHPB_WPA_WPAH@Z
?HideProcess@CNsProcess@@QAEXH@Z
?HookAPI@CNsHook@@QAEXPAPAXPAX@Z
?ImportCACert@@YAHPAXH@Z
?ImportCertFile@@YAHPB_W@Z
?ImportReg@CNsInstaller@@QAEXXZ
?InitPath@CNsInstaller@@AAEXAAUtagSetupInfo@@@Z
?InitZlib@CNsZlib@@QAEJPB_W@Z
?Inject@CNsProcess@@QAE_NKPBD0@Z
?InjectAllProc@CNsHook@@QAEXPBD@Z
?InjectProc@CNsHook@@QAE_NPBDH@Z
?InjectProc@CNsHook@@QAE_NPBDPB_W@Z
?InjectProcEx@CNsHook@@QAE_NPBDH@Z
?InstallCloudFunc@CNsInstaller@@AAE_NXZ
?InstallCloudThread@CNsInstaller@@CGIPAX@Z
?InstallCollectionFunc@CNsInstaller@@AAE_NXZ
?InstallCollectionThread@CNsInstaller@@CGIPAX@Z
?InstallComponent@CNsInstaller@@AAEXXZ
?InstallFunc@CNsInstaller@@AAE_NXZ
?InstallFuncEx@CNsInstaller@@AAE_NXZ
?InstallThread@CNsInstaller@@CGIPAX@Z
?InstallUserComponent@CNsInstaller@@AAEXXZ
?Instance@CNsApp@@SAAAV1@XZ
?Instance@CNsDownload@@SAAAV1@XZ
?Instance@CNsFont@@SAAAV1@XZ
?Instance@CNsHook@@SAAAV1@XZ
?Instance@CNsImage@@SAAAV1@XZ
?Instance@CNsLog@@SAAAV1@XZ
?Instance@CNsNet@@SAAAV1@XZ
?Instance@CNsProcess@@SAAAV1@XZ
?Instance@CNsReg@@SAAAV1@XZ
?Instance@CNsSkin@@SAAAV1@XZ
?Instance@CNsThread@@SAAAV1@XZ
?Instance@CNsUpdate@@SAAAV1@XZ
?Instance@CNsXml@@SAAAV1@XZ
?Instance@CNsZlib@@SAAAV1@XZ
?IntToStrSize@@YAX_JPA_W@Z
?Is64bitSystem@CNsHook@@QAEHXZ
?IsLockRead@CLock@@QAE_NXZ
?IsLockWrite@CLock@@QAE_NXZ
?IsRunasAdmin@CNsHook@@QAE_NPAX@Z
?IsSysProcess@CNsHook@@QAE_NPAX@Z
?IsWin8OrLater@CNsHook@@QAE_NXZ
?IsWow64ProcessEx@CNsHook@@QAEHPAX@Z
?KillProcess@CNsProcess@@QAEXK@Z
?KillProcess@CNsProcess@@QAEXPB_W@Z
?KillTimer@CNsThread@@QAEXH@Z
?LnkToRealPath@@YAJPB_WPA_W@Z
?LoadDrv@@YAHPB_W0@Z
?LoadPngFromRes@CNsImage@@AAEPAVImage@Gdiplus@@HPB_W@Z
?LoadProxyConfig@CNsDownload@@QAEXXZ
?LoadProxyConfig@CNsNet@@QAEXXZ
?LoadSkin@CNsSkin@@QAE_NPB_W@Z
?Lock@CLock@@QAEXXZ
?LockRead@CLock@@QAEXXZ
?LogoutSys@@YAHH@Z
?MD5Go@@YAHPAD0@Z
?MakeSkin@CNsSkin@@QAE_NPB_W0@Z
?MonitorReg@CNsReg@@QAEHPAUHKEY__@@PA_WHP6GXPAX@Z2@Z
?MonitorThread@CNsReg@@SGKPAX@Z
?MovePos@CNsInstaller@@AAEXPAUtagPacketInfo@@PAU_iobuf@@@Z
?MovieThread@CNsImage@@CGIPAX@Z
?MsgLoop@CNsApp@@QAEHXZ
?NsAddJob@@YAHPB_W0H@Z
?NsCheckRegExists@@YA_NPAUHKEY__@@PB_W_N@Z
?NsCheckRegValue@@YA_NPAUHKEY__@@PB_W11_N@Z
?NsCopyFileEx@@YAHPB_W0@Z
?NsDelJob@@YAHXZ
?NsDeleteFileEx@@YAHPB_W@Z
?NsEncode@@YAXQBDPADHH@Z
?NsEncodeFile@@YAHPB_W0@Z
?NsGetProcAddr@@YA_NPB_WPBDPAPAX@Z
?NsGetStrWidth@@YAHPB_WPAUHWND__@@PAUHFONT__@@@Z
?NsReadFile@@YAHPB_WPAXK@Z
?NsRemoveRegKey@@YA_NPAUHKEY__@@PB_W_N@Z
?NsResGetBuff@@YAHHPB_WPAX@Z
?NsResGetBuffEx@@YAHPB_WH0PAX@Z
?NsResGetStream@@YAPAUIStream@@HPB_W@Z
?NsResSave@@YAHHPB_W0@Z
?NsResSaveEx@@YAHPB_WH00@Z
?NsResSize@@YAHHPB_W@Z
?NsResUpdate2@@YAHPB_WH0PAXH@Z
?NsResUpdate@@YAHPB_WH00@Z
?NsSplitString@@YA_NPB_W_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?NsSplitStringA@@YA_NPBD_WAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?NsWriteFile@@YAHPB_WPAXK@Z
?OpenUrl@@YAXPB_WH@Z
?Parse@@YAHPB_W@Z
?Parse@CNsXml@@QAEHPB_W@Z
?ParseParams@CNsInstaller@@QAEXPB_W@Z
?PauseMP3@@YAXPB_W@Z
?PlayMP3@@YAXPB_WH@Z
?PlayMusic@CNsInstaller@@AAEXXZ
?PlayWav@@YAHPB_WH@Z
?Post@CNsNet@@QAEHPB_WPAXHPADHH@Z
?PowerOff@@YAHH@Z
?ReadShareMem2@@YAHPB_WPAXHH@Z
?ReadShareMem@@YAHPB_WPA_W@Z
?RebootSys@@YAHH@Z
?RefreshIconCache@@YAXXZ
?RegFileRelation@@YAXPB_W0000@Z
?RegProtocol@@YAXPB_W0@Z
?ReplaceExeIco@@YAHPB_W0H@Z
?ReplaceRegPath@CNsInstaller@@QAE_NPB_W@Z
?ReplaceSysPath@CNsInstaller@@AAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ResumeMP3@@YAXPB_W@Z
?ResumeProc@CNsProcess@@QAE_NK@Z
?RevertFsRedirection@@YAXPAPAX@Z
?RunasAdmin@CNsHook@@QAEPAXPB_W0@Z
?SavePic@CNsImage@@QAE_NPAUHDC__@@UtagRECT@@PB_W2@Z
?SavePic@CNsImage@@QAE_NPAUHWND__@@PB_W1@Z
?SavePic@CNsImage@@QAE_NPB_W00@Z
?SaveScreen@CNsImage@@QAE_NPB_W0@Z
?SaveUpdateCfg@CNsUpdate@@AAEXXZ
?SetAppName@CNsApp@@QAEXPB_W@Z
?SetAutoRun@@YAHPB_WH0@Z
?SetAutoRun@CNsReg@@QAEHPB_WH0@Z
?SetClipboard@@YAHPB_W@Z
?SetDefaultFont@CNsFont@@QAEXHPB_WH@Z
?SetDelay@CNsUpdate@@QAEXH@Z
?SetFolderIcon@@YAHPB_W00@Z
?SetIcon@@YAHPAUHWND__@@PAUHICON__@@@Z
?SetInst@CNsImage@@QAEXPAUHINSTANCE__@@@Z
?SetMemName@CNsLog@@QAEXPB_WH@Z
?SetPath@CNsUpdate@@QAEXPB_W@Z
?SetPrivilege@@YAHPB_WH@Z
?SetRegInfo@@YAHPAUHKEY__@@PA_W1HPB_W@Z
?SetRegInfo@CNsReg@@QAEHPAUHKEY__@@PA_W1HPB_W@Z
?SetResType@CNsSkin@@QAEXH@Z
?SetRetry@CNsDownload@@QAEXHH@Z
?SetShortcutAsAdmin@@YAHPB_WH@Z
?SetShortcutIcon@@YAHPB_W0@Z
?SetSkinName@CNsSkin@@QAEXPB_W@Z
?SetThemesName@CNsSkin@@QAEXPB_W@Z
?SetTip@@YAHPAUHWND__@@PB_W@Z
?ShowBalloon@@YAHPAUHWND__@@PB_W1H@Z
?ShowLicense@CNsInstaller@@QAEXXZ
?ShowOpenFileDlg@@YAHPA_WHPAUHWND__@@PB_W2H@Z
?ShowSaveFileDlg@@YAHPA_WPAUHWND__@@PB_W2@Z
?ShowSelDir@@YAHPA_WPAUHWND__@@@Z
?ShowTray@@YAHPAUHWND__@@PAUHICON__@@PB_WI@Z
?StartDownload@CNsDownload@@QAEXPB_W0P6GXH0_J1N@ZH@Z
?StartInstall@CNsInstaller@@QAEXPB_WPAUHWND__@@H1@Z
?StartInstallCloud@CNsInstaller@@QAEXPAUHWND__@@H@Z
?StartInstallCollection@CNsInstaller@@QAEXPAUHWND__@@H@Z
?StartMonitor@@YAXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMonitor@CNsReg@@QAEXPAUHKEY__@@PB_WHP6GXPAX@Z2@Z
?StartMovie@CNsImage@@QAEXH@Z
?StartThread@CNsThread@@QAEPAXP6GIPAX@Z0H@Z
?StartTimer@CNsThread@@QAEXHP6GXPAX@ZH0@Z
?StartUpdate@CNsUpdate@@QAEXPB_WP6GXHHH@ZP6GXH0_J2N@Z@Z
?Stop@CNsInstaller@@QAEXXZ
?Stop@CNsNet@@QAEXXZ
?Stop@CNsThread@@QAEXXZ
?StopMP3@@YAXPB_W@Z
?StopMonitor@@YAXXZ
?StopMonitor@CNsReg@@QAEXXZ
?StopMovie@CNsImage@@QAEXH@Z
?StopTask@CNsDownload@@QAEXPB_WH@Z
?StopUpdate@CNsUpdate@@QAEXXZ
?StrToIntSize@@YA_JPB_W@Z
?SuspendProc@CNsProcess@@QAE_NK@Z
?SystemTimeToTimet@@YA_JU_SYSTEMTIME@@H@Z
?TimerThread@CNsThread@@CGIPAX@Z
?TimetToSystemTime@@YA?AU_SYSTEMTIME@@_JH@Z
?ToAsc@@YAXPADH@Z
?ToHex@@YAXPADH@Z
?URLEncode@@YAHPA_W@Z
?UnHookAPI@CNsHook@@QAEXPAPAXPAX@Z
?UnInjectAllProc@CNsHook@@QAEXPB_W@Z
?UnInjectProc@CNsHook@@QAE_NPB_W0@Z
?UnInjectProc@CNsHook@@QAE_NPB_WH@Z
?UnInjectProcEx@CNsHook@@QAE_NPB_WH@Z
?UnLoadDrv@@YAHPB_W@Z
?UninitZlib@CNsZlib@@QAEXXZ
?Unlock@CLock@@QAEXXZ
?UnlockRead@CLock@@QAEXXZ
?UpdateNotify@CNsInstaller@@CGXHHH@Z
?UpdateThread@CNsUpdate@@CGIPAX@Z
?UpdateUninstRes@CNsInstaller@@AAEXXZ
?VerifyFile@CNsUpdate@@QAEHPB_W0H@Z
?VerifySignature@@YAHPB_W@Z
?WaitInstall@CNsInstaller@@AAEXPB_W@Z
?WaitUpdate@CNsInstaller@@QAEXXZ
?WriteLog2@CNsLog@@QAAXPB_WZZ
?WriteLog3@CNsLog@@QAAXPB_WZZ
?WriteLog@@YAXPB_W@Z
?WriteLog@CNsLog@@QAEXPB_W@Z
?WriteReg@CNsInstaller@@QAEHPAUtagSetupInfo@@@Z
?WriteShareMem2@@YAHPB_WPAXHH@Z
?WriteShareMem@@YAHPB_W0H@Z
?WriteSkin@CNsSkin@@AAEXPAU_iobuf@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?Zoom@CNsImage@@QAE_NPB_WMHH00@Z
?_NsReadFile@@YAHPAU_iobuf@@PAXK@Z
?_NsResUpdate@@YAHPAXHPB_W1@Z
?_NsWriteFile@@YAHPAU_iobuf@@PAXK@Z
?_ReplaceExeIco@@YAHPAXPB_WH@Z
?_ins@?1??Instance@CNsZlib@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsApp@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsDownload@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsFont@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsHook@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsImage@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsLog@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsNet@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsProcess@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsReg@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsSkin@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsThread@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsUpdate@@SAAAV2@XZ@4V2@A
?_obj@?1??Instance@CNsXml@@SAAAV2@XZ@4V2@A
?gb2big@@YAXPADH@Z
?isCancel@CNsUpdate@@QAEHXZ
?isConnected@@YAHPB_W@Z
?isConnected@CNsNet@@QAEHPB_W@Z
?isDigital@@YAHPBD@Z
?isDir@@YAHPB_W@Z
?isEnableUAC@@YAHXZ
?isEnglish@@YAHXZ
?isError@CNsUpdate@@QAEHXZ
?isExistsMovie@CNsImage@@AAE_NH@Z
?isExistsShareMem@@YAHPB_W@Z
?isGzip@CNsDownload@@AAEHPAX@Z
?isGzip@CNsNet@@QAEHPAX@Z
?isHZ@@YAHPBD@Z
?isLicense@CNsInstaller@@QAE_NXZ
?isLog@CNsLog@@AAE_NXZ
?isNotebook@@YAHXZ
?isRestart@CNsUpdate@@QAEHXZ
?isSimplified@@YAHXZ
?isStop@CNsDownload@@QAEHPB_W@Z
?isStop@CNsImage@@QAE_NH@Z
?isSupportYaHei@CNsFont@@QAEHXZ
?isSys64@@YAHXZ
?isTraditional@@YAHXZ
?isWin7@@YAHXZ
?isWin8@@YAHXZ
?isWow64@@YAHXZ
?m_bUpdated@CNsInstaller@@0_NA
Sections
.text Size: 396KB - Virtual size: 395KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 110KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ