7e8735243b572f24fb40df9a29d99ecb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7e8735243b572f24fb40df9a29d99ecb_JaffaCakes118
Size

8.5MB
MD5

7e8735243b572f24fb40df9a29d99ecb
SHA1

3d3b9b2c629e5d35b54ffffb1240df0a2e155725
SHA256

1dff748cbad8d2b8ec94f26a90f36ff1ace5cc273c95e2aa50aa704361672f84
SHA512

5b877ea523e44d70fb7b4cacdc0d633206bfa9721e4f7a2d9d573831a752069fed0f0c61c4fb7da2cd6957d10bd289856a3fdc9cb3a3c2d43ee3520af020ec1f
SSDEEP

196608:ZYOh1w0V2FM8iGZVV1lgaaRcbElqGeoQ92j0:ZfV/TGZVV1rElecw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
7e8735243b572f24fb40df9a29d99ecb_JaffaCakes118
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/MyNsisExtend.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/locate.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack001/$PLUGINSDIR/xml.dll
unpack001/$TEMP/$_89_/MyNsisSkin.dll
unpack001/DEC130.DLL
unpack001/EDEC.DLL
unpack001/WINPLAY.DLL
unpack001/WINSDEC.DLL
unpack001/WINSTR.DLL
unpack001/tr2gold.exe
unpack001/tr2goldx.exe
unpack001/ʼϷ.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7e8735243b572f24fb40df9a29d99ecb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MyNsisExtend.dll
.dll windows:4 windows x86 arch:x86

9cb11d0d4bed69c64ae8d0549b4ce4ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.2\install\build\MSVC.2005\Tool\GMNsisExtend\release_staticA2\MyNsisExtend.pdb

Imports

shlwapi

PathSkipRootA
PathCombineA

wininet

InternetOpenUrlA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetSetFilePointer
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetOpenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

InitializeCriticalSection
GlobalFree
lstrcpyA
SetEvent
Sleep
ResetEvent
CreateEventA
lstrcpynA
GlobalAlloc
lstrcmpiA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
GetLogicalDriveStringsA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
DisableThreadLibraryCalls
CloseHandle
GetFileSize
CreateFileA
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetPrivateProfileStringA
lstrcmpA
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetVersionExA
SetFileTime
GetFileTime
SetEndOfFile
ResumeThread
GetCurrentThreadId
GetTickCount
GetVersion
ExpandEnvironmentStringsA
GetSystemInfo
SetFileAttributesA
WritePrivateProfileStringA
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryA
DeleteFileA
SearchPathA
CreateDirectoryA
GetFullPathNameA
GetFileSizeEx
InterlockedExchange
DeviceIoControl
GetTempFileNameA
GetSystemDirectoryA
MoveFileExA
GetLongPathNameA
GetFileInformationByHandle
RemoveDirectoryA
GetTempPathA
MoveFileA
GetWindowsDirectoryA
CopyFileA
GetProcAddress
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
LoadLibraryExA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
FindClose
FindFirstFileA
FindNextFileA
GetLocaleInfoW
GetLocaleInfoA
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TlsFree
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CompareStringA
InterlockedIncrement
SetLastError
SetCurrentDirectoryA
CompareStringW
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
CreateThread
ExitThread
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement

user32

GetDlgItem
wsprintfA
SetTimer
KillTimer
SetForegroundWindow
GetWindow
GetWindowRect
AttachThreadInput
GetWindowLongA
SystemParametersInfoA
IsWindowVisible
IsIconic
GetForegroundWindow
SetWindowTextA
GetWindowTextA
MapWindowPoints
IsZoomed
GetClientRect
GetWindowTextLengthA
GetWindowThreadProcessId
GetActiveWindow
SendMessageTimeoutA
GetParent
LoadStringW
SetWindowPos
GetSystemMetrics
ShowWindow
EnumThreadWindows
GetClassNameA
SendMessageA

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegLoadKeyA
RegRestoreKeyA
RegEnumValueA
RegEnumKeyExA
RegSaveKeyA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

Exports

Exports

ChangeInstDirtoMax
CheckInstallLimit
ConvertSoftInstallTime
CreateShortcut
CreateTimer
DecodeFile
DestroyTimer
Exec
ExecWait
Get7zOriginalSize
GetAdvertFileName
GetAdvertID
GetAdvertIcon
GetAdvertLocalFile
GetAdvertName
GetAdvertUrl
GetBaiduHomePageURL
GetChromeHomePageURL
GetExeFileNameFromUrl
GetForceAdvertFileName
GetForceAdvertID
GetForceAdvertLocalFile
GetForceAdvertName
GetForceAdvertUrl
GetHomePageName
GetHomePageName2
GetIEHomePageURL
GetSingleFileSize
GetSougouHomePageURL
GetSpecialBuild
GetSubChannel
HomePageChecksOut
InitPopUpInfo
LoadEncrypedXML
LoadEncrypedXMLFromUrl
LoadXMLFromUrl
LoadXml
OpenUrl
PinToTaskbar
PopUp
PopupAD
SendResearchResult
SetHomePage
SetUnGameList
UnPinFromTaskBar

Sections

.text
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/locate.dll
.dll windows:4 windows x86 arch:x86

7f8181c74f882a780c7cd485241e8b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
MultiByteToWideChar
lstrlenW
lstrlenA
GetWindowsDirectoryW
WideCharToMultiByte
CompareFileTime
FindNextFileA
FindNextFileW
FileTimeToSystemTime
RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindFirstFileW
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

SetWindowTextA
SetWindowTextW
GetDlgItem
FindWindowExA
MessageBoxW

Exports

Exports

_Close
_Find
_GetSize
_Open
_RMDirEmpty
_Unload

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/$_89_/GMSkin_Image_2012_v1.zip
.zip
skin.xml
skin/Thumbs.db
skin/icon1.png
.png
skin/保存目录.png
.png
skin/关闭.png
.png
skin/协议背景.png
.png
skin/卸载背景.png
.png
skin/图片背景框.png
.png
skin/多选.png
.png
skin/安装.png
.png
skin/安装01.png
.png
skin/安装02.png
.png
skin/安装03.png
.png
skin/安装04.png
.png
skin/安装05.png
.png
skin/安装协议.png
.png
skin/安装完成.png
.png
skin/安装完成按钮.png
.png
skin/完成.png
.png
skin/广告关闭.png
.png
skin/按钮.png
.png
skin/最小化.png
.png
skin/最小化2.png
.png
skin/格子.png
.png
skin/欢迎.png
.png
skin/浏览.png
.png
skin/游戏弹出.png
.png
skin/软件弹出.png
.png
skin/进度条.png
.png
skin/进度条背景.png
.png
skin/选项.png
.png
skin/默认背景.png
.png
$TEMP/$_89_/MyNsisSkin.dll
.dll windows:4 windows x86 arch:x86

8b2c18b411d31cbef33f61e5be07509a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.2\install\build\MSVC.2005\Tool\GMSkin\release_static2\MyNsisSkin.pdb

Imports

msimg32

TransparentBlt
AlphaBlend

kernel32

DosDateTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
SetEndOfFile
GetLastError
GetFileTime
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
SystemTimeToFileTime
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
WideCharToMultiByte
lstrcpyW
GetCurrentThreadId
MulDiv
lstrcatW
CreateFileW
GetFileSize
CreateFileA
ReadFile
CloseHandle
MultiByteToWideChar
lstrcmpiW
DisableThreadLibraryCalls
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess

user32

ScreenToClient
ClientToScreen
UpdateWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
CharNextW
InvalidateRect
EnumChildWindows
SetCapture
ReleaseCapture
ShowWindow
SetWindowRgn
OffsetRect
wsprintfW
GetSystemMetrics
SetWindowPos
GetSystemMenu
GetMenuItemInfoW
PostMessageW
PtInRect
SetTimer
GetClassNameW
GetParent
MapWindowPoints
SetPropW
CallWindowProcW
GetPropW
DefWindowProcW
GetClientRect
GetWindowRect
IsWindow
GetWindowLongW
LoadCursorW
SetCursor
TrackMouseEvent
BeginPaint
EndPaint
IsWindowEnabled
GetWindowTextW
SendMessageW
DrawTextW
SetWindowLongW
GetCursorPos
KillTimer

gdi32

CreatePen
SetStretchBltMode
StretchBlt
CreateFontIndirectW
CreateDIBSection
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
RoundRect
GetStockObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetBkMode
SetTextColor
BitBlt
DeleteObject

oleaut32

SysFreeString

Exports

Exports

AddShowImage
AddShowImageFromFile
AddShowText
ClearAllShow
DelShowImage
DelShowText
InitSkin
SetBkImage
SetBtnImage
SetCloseBtnImage
SetEditBkColor
SetProgressBKImage
SetProgressImage
SetProgressTextWindow
SetTextClr
SetWindowID
SlideOff
SlideOn

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/$_89_/config.dat
$TEMP/$_89_/game.jpg
.jpg
DEC130.DLL
.dll windows:4 windows x86 arch:x86

a46540fc59399a1eb3c7f7d9bde7f448

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
HeapFree
RtlUnwind
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
HeapAlloc
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
UnhandledExceptionFilter
LoadLibraryA
SetConsoleCtrlHandler
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EDEC.DLL
.dll windows:4 windows x86 arch:x86

eb3a8f5882b953e13fb5878c5c3baf99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCommandLineA
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
VirtualAlloc
LoadLibraryA
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

Exports

Exports

EC_AlphaMapApply
EC_AlphaMapRemove
EC_AlphaMapRequired
EC_BufferRequired
EC_Frame
EC_Start

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExeConfig.ini
WINPLAY.DLL
.dll windows:4 windows x86 arch:x86

50157174b088d0167aad909bc6a9b180

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winstr

Streamer_GetVideoPitch
Streamer_SetPixelFormat
Streamer_InitVideo
Streamer_MapVideo
Streamer_SetVideoPitch
Streamer_Stream
Streamer_ShutDownVideo
Streamer_InitMovie
Streamer_ShutDownMovie
Streamer_InitSound
Streamer_ShutDownSound
Streamer_InitStreaming
Streamer_DoPreload
Streamer_BeforeStreaming
Streamer_SetPreloadAmount
Streamer_SetVideoMappings
Alpha_CreateEffects
Alpha_GetBuffer
Streamer_AlphaRemove
Streamer_AlphaApply
Movie_GetCurrentFrame
Movie_GetTotalTime
Alpha_FreeEffects
Alpha_GetBufferSize
Alpha_GetHeight
Alpha_GetWidth
Alpha_GetXPos
Alpha_GetYPos
Alpha_SetXPos
Alpha_SetYPos
Movie_GetAuthor
Movie_GetColourDepth
Movie_GetCopyright
Movie_GetCurrentAudioChunk
Movie_GetCurrentVideoChunk
Movie_GetFormat
Movie_GetFrameRate
Movie_GetFramesInBuffer
Movie_GetFramesPerChunk
Movie_GetMovieChunks
Movie_GetName
Movie_GetSoundChannels
Movie_GetSoundFormatString
Movie_GetSoundPrecision
Movie_GetSoundRate
Movie_GetSyncAdjust
Movie_GetTotalFrames
Movie_GetXSize
Movie_GetYSize
Movie_SetFrameRate
Movie_SetSyncAdjust

ddraw

DirectDrawCreate

dsound

DirectSoundCreate

kernel32

GetLastError
GetCPInfo
VirtualAlloc
TerminateProcess
GetLocaleInfoW
GetLocaleInfoA
SetFilePointer
SetStdHandle
CloseHandle
QueryPerformanceFrequency
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
TlsAlloc
TlsFree
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
GetProcAddress
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WideCharToMultiByte
GetCurrentThreadId
TlsSetValue
GetStartupInfoA
GetModuleFileNameA
SetLastError
TlsGetValue
SetHandleCount
GetFileType
GetStdHandle
FreeEnvironmentStringsA
WriteFile
GetACP
GetOEMCP
FreeEnvironmentStringsW
MultiByteToWideChar
GetEnvironmentStrings
GetEnvironmentStringsW

user32

SetRect

Exports

Exports

Alpha_CreateEffects
Alpha_FreeEffects
Alpha_GetBuffer
Alpha_GetBufferSize
Alpha_GetHeight
Alpha_GetWidth
Alpha_GetXPos
Alpha_GetYPos
Alpha_SetXPos
Alpha_SetYPos
Movie_GetAuthor
Movie_GetColourDepth
Movie_GetCopyright
Movie_GetCurrentAudioChunk
Movie_GetCurrentFrame
Movie_GetCurrentVideoChunk
Movie_GetFormat
Movie_GetFrameRate
Movie_GetFramesInBuffer
Movie_GetFramesPerChunk
Movie_GetMovieChunks
Movie_GetName
Movie_GetSoundChannels
Movie_GetSoundFormatString
Movie_GetSoundPrecision
Movie_GetSoundRate
Movie_GetSyncAdjust
Movie_GetTotalFrames
Movie_GetTotalTime
Movie_GetXSize
Movie_GetYSize
Movie_SetFrameRate
Movie_SetSyncAdjust
Player_AdvanceTimer
Player_AlphaApply
Player_AlphaRemove
Player_BeforePlayback
Player_BlankScreen
Player_DoPreload
Player_GetDDErrorCode
Player_GetDSErrorCode
Player_GetMovieTime
Player_GetTimerFrequency
Player_GetVolume
Player_GrabRect
Player_InitMovie
Player_InitMoviePlayback
Player_InitPlaybackMode
Player_InitSound
Player_InitSoundSystem
Player_InitVideo
Player_InitVideoSystem
Player_MapVideo
Player_PassInDirectDrawObject
Player_PlayFrame
Player_ReleasePlaybackMode
Player_RestoreRect
Player_ResumeSound
Player_ReturnPlaybackMode
Player_SetPreloadAmount
Player_SetVideoMappings
Player_SetVolume
Player_ShutDownMovie
Player_ShutDownSound
Player_ShutDownSoundSystem
Player_ShutDownVideo
Player_ShutDownVideoSystem
Player_StartTimer
Player_StopSound
Player_StopTimer

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WINSDEC.DLL
.dll windows:4 windows x86 arch:x86

eb3a8f5882b953e13fb5878c5c3baf99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCommandLineA
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
VirtualAlloc
LoadLibraryA
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

Exports

Exports

SC_BufferRequired
SC_Frame
SC_Start

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WINSTR.DLL
.dll windows:4 windows x86 arch:x86

d942f5acb438eb9dce6d04d831e491b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dec130

ord202
ord205
ord204
ord200

edec

EC_BufferRequired
EC_AlphaMapApply
EC_AlphaMapRequired
EC_AlphaMapRemove
EC_Start
EC_Frame

winsdec

SC_Frame
SC_Start
SC_BufferRequired

kernel32

GetFileType
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetLocaleInfoW
GetLocaleInfoA
CreateFileA
VirtualAlloc
GetSystemInfo
VirtualFree
HeapAlloc
HeapFree
GetLastError
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapDestroy
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
CloseHandle
SetFilePointer
FlushFileBuffers
WriteFile
SetHandleCount
MultiByteToWideChar
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
ReadFile
GetEnvironmentStringsW
WideCharToMultiByte
SetStdHandle
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW

Exports

Exports

Alpha_CreateEffects
Alpha_FreeEffects
Alpha_GetBuffer
Alpha_GetBufferSize
Alpha_GetHeight
Alpha_GetWidth
Alpha_GetXPos
Alpha_GetYPos
Alpha_SetXPos
Alpha_SetYPos
Movie_GetAuthor
Movie_GetColourDepth
Movie_GetCopyright
Movie_GetCurrentAudioChunk
Movie_GetCurrentFrame
Movie_GetCurrentVideoChunk
Movie_GetFormat
Movie_GetFrameRate
Movie_GetFramesInBuffer
Movie_GetFramesPerChunk
Movie_GetMovieChunks
Movie_GetName
Movie_GetSoundChannels
Movie_GetSoundFormatString
Movie_GetSoundPrecision
Movie_GetSoundRate
Movie_GetSyncAdjust
Movie_GetTotalFrames
Movie_GetTotalTime
Movie_GetXSize
Movie_GetYSize
Movie_SetFrameRate
Movie_SetSyncAdjust
Streamer_AlphaApply
Streamer_AlphaRemove
Streamer_BeforeStreaming
Streamer_DoPreload
Streamer_GetSoundBuffer
Streamer_GetSoundDecodeMode
Streamer_GetVideoPitch
Streamer_InitMovie
Streamer_InitSound
Streamer_InitStreaming
Streamer_InitVideo
Streamer_MapVideo
Streamer_NoMalloc_InitMovie
Streamer_NoMalloc_InitSound
Streamer_NoMalloc_InitVideo
Streamer_NoMalloc_MovieBufferRequired
Streamer_NoMalloc_ShutDownMovie
Streamer_NoMalloc_ShutDownSound
Streamer_NoMalloc_ShutDownVideo
Streamer_NoMalloc_SoundBufferRequired
Streamer_NoMalloc_VideoBufferRequired
Streamer_SetPixelFormat
Streamer_SetPreloadAmount
Streamer_SetSoundBuffer
Streamer_SetSoundDecodeMode
Streamer_SetVideoMappings
Streamer_SetVideoPitch
Streamer_ShutDownMovie
Streamer_ShutDownSound
Streamer_ShutDownVideo
Streamer_Stream

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/MAIN.SFX
data/credit00.pcx
data/credit01.PCX
data/credit02.PCX
data/credit03.PCX
data/credit04.PCX
data/credit05.PCX
data/credit06.PCX
data/credit07.PCX
data/credit08.PCX
data/credit09.pcx
data/legalg.PCX
data/level1.tr2
data/level2.tr2
data/level3.tr2
data/level4.tr2
data/level5.tr2
game.ico
tomb0000.tga
tomb0001.tga
tomb0002.tga
tomb0003.tga
tomb0004.tga
tomb0005.tga
tomb0006.tga
tr2gold.exe
.exe windows:4 windows x86 arch:x86

564bb156bd8d9664e25f1a75096e692e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dinput

DirectInputCreateA

dsound

ord1
ord2

ddraw

DirectDrawCreate
DirectDrawEnumerateA

winmm

joyGetPosEx
mciSendCommandA
auxSetVolume
auxGetDevCapsA
auxGetNumDevs
timeGetTime
joyGetDevCapsA

user32

FindWindowA
wsprintfA
GetWindowLongA
DispatchMessageA
TranslateMessage
PeekMessageA
WaitMessage
UpdateWindow
ShowWindow
GetWindowRect
SetWindowPos
GetClientRect
GetWindowTextA
AdjustWindowRectEx
RegisterClassA
DrawEdge
MoveWindow
LoadStringA
EndDialog
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
SendMessageA
EnableWindow
GetDlgItem
CallWindowProcA
GetParent
LoadImageA
MessageBoxA
SetWindowLongA
SetDlgItemTextA
PostMessageA
SetForegroundWindow
IsWindow
GetDC
UnregisterClassA
CreateWindowExA
DefWindowProcA
ReleaseDC
GetAsyncKeyState
FillRect
PostQuitMessage
BeginPaint
InvalidateRect
EndPaint
SetCursor
RegisterClassExA
LoadIconA
LoadCursorA
MapWindowPoints

comctl32

PropertySheetA
ord17

advapi32

RegDeleteValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

gdi32

GetSystemPaletteEntries
UnrealizeObject
SelectPalette
RealizePalette
SetDIBitsToDevice
CreatePalette
DeleteObject
GetStockObject

kernel32

GlobalFree
CloseHandle
CreateFileA
GlobalAlloc
GetStringTypeA
SetFilePointer
SetStdHandle
LoadLibraryA
FlushFileBuffers
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetHandleCount
GetOEMCP
GetFileType
GetCPInfo
WideCharToMultiByte
GetACP
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
MultiByteToWideChar
VirtualFree
HeapCreate
VirtualAlloc
GetModuleFileNameA
GetStdHandle
HeapDestroy
GetLastError
HeapSize
SetUnhandledExceptionFilter
GetProcAddress
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetVersion
HeapAlloc
HeapFree
GetModuleHandleA
TerminateProcess
ExitProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemTime
GetStringTypeW
GetLocalTime
GetTimeZoneInformation
RtlUnwind
RaiseException
FindResourceA
LoadResource
LockResource
ReadFile
GetDriveTypeA
GetCurrentProcess
lstrcpyA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLogicalDrives
GetFileSize
WriteFile

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tr2goldx.exe
.exe windows:4 windows x86 arch:x86

564bb156bd8d9664e25f1a75096e692e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dinput

DirectInputCreateA

dsound

ord1
ord2

ddraw

DirectDrawCreate
DirectDrawEnumerateA

winmm

joyGetPosEx
mciSendCommandA
auxSetVolume
auxGetDevCapsA
auxGetNumDevs
timeGetTime
joyGetDevCapsA

user32

FindWindowA
wsprintfA
GetWindowLongA
DispatchMessageA
TranslateMessage
PeekMessageA
WaitMessage
UpdateWindow
ShowWindow
GetWindowRect
SetWindowPos
GetClientRect
GetWindowTextA
AdjustWindowRectEx
RegisterClassA
DrawEdge
MoveWindow
LoadStringA
EndDialog
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
SendMessageA
EnableWindow
GetDlgItem
CallWindowProcA
GetParent
LoadImageA
MessageBoxA
SetWindowLongA
SetDlgItemTextA
PostMessageA
SetForegroundWindow
IsWindow
GetDC
UnregisterClassA
CreateWindowExA
DefWindowProcA
ReleaseDC
GetAsyncKeyState
FillRect
PostQuitMessage
BeginPaint
InvalidateRect
EndPaint
SetCursor
RegisterClassExA
LoadIconA
LoadCursorA
MapWindowPoints

comctl32

PropertySheetA
ord17

advapi32

RegDeleteValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

gdi32

GetSystemPaletteEntries
UnrealizeObject
SelectPalette
RealizePalette
SetDIBitsToDevice
CreatePalette
DeleteObject
GetStockObject

kernel32

GlobalFree
CloseHandle
CreateFileA
GlobalAlloc
GetStringTypeA
SetFilePointer
SetStdHandle
LoadLibraryA
FlushFileBuffers
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetHandleCount
GetOEMCP
GetFileType
GetCPInfo
WideCharToMultiByte
GetACP
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
MultiByteToWideChar
VirtualFree
HeapCreate
VirtualAlloc
GetModuleFileNameA
GetStdHandle
HeapDestroy
GetLastError
HeapSize
SetUnhandledExceptionFilter
GetProcAddress
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetVersion
HeapAlloc
HeapFree
GetModuleHandleA
TerminateProcess
ExitProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemTime
GetStringTypeW
GetLocalTime
GetTimeZoneInformation
RtlUnwind
RaiseException
FindResourceA
LoadResource
LockResource
ReadFile
GetDriveTypeA
GetCurrentProcess
lstrcpyA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLogicalDrives
GetFileSize
WriteFile

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ʼϷ.exe
.exe windows:4 windows x86 arch:x86

db14222dff4ad9d88d8e8a3d01d8328c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Apps\release\GameLoginTool.pdb

Imports

gdiplus

GdipLoadImageFromStream
GdipCreateFont
GdipDeletePen
GdipCreatePen1
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFree
GdipDeleteGraphics
GdipCloneBrush
GdipCreateFromHDC
GdipAlloc
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipGetFontStyle
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipSetTextRenderingHint
GdipAddPathArcI
GdipClosePathFigure
GdipSetPageUnit
GdipSetPenMode
GdipDrawPath
GdipFillPath
GdipReleaseDC
GdipDrawLineI
GdipDrawString
GdipCreateSolidFill
GdipDrawImageRectRectI
GdipDrawImageI
GdipGetImageWidth
GdipFillRectangleI
GdipGetImageHeight
GdipGetPathWorldBounds
GdipDisposeImage
GdipResetPath
GdipDeleteFont

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetOpenUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetQueryDataAvailable
InternetCrackUrlW
InternetWriteFile
InternetSetStatusCallbackW
InternetGetLastResponseInfoW

kernel32

CopyFileW
GetDriveTypeW
CreateDirectoryW
GetFileAttributesW
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetCurrentThreadId
ResumeThread
GetVersion
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetSystemInfo
LocalFree
LocalAlloc
SetEndOfFile
GetFileTime
ReadFile
SetFileTime
WriteFile
SetFilePointer
GetFileInformationByHandle
GetFileSizeEx
DeviceIoControl
GetFullPathNameW
GetLongPathNameW
MoveFileW
MoveFileExW
SetCurrentDirectoryW
GetWindowsDirectoryW
CreateEventW
SetEvent
ResetEvent
TerminateProcess
GetExitCodeProcess
SuspendThread
GetCurrentProcess
SetErrorMode
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVolumeInformationW
GetDiskFreeSpaceW
InterlockedExchange
InterlockedIncrement
RemoveDirectoryW
CreateThread
TerminateThread
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreW
TlsFree
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
GetOverlappedResult
LoadLibraryA
WriteFileGather
SetFilePointerEx
ReadFileScatter
CreateFileA
GetQueuedCompletionStatus
CreateWaitableTimerW
InterlockedCompareExchange
TlsSetValue
InterlockedExchangeAdd
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetSystemTimeAsFileTime
QueueUserAPC
SleepEx
TlsGetValue
SetWaitableTimer
TlsAlloc
CreateIoCompletionPort
SetLastError
GetModuleHandleA
CancelIo
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GlobalMemoryStatusEx
VirtualUnlock
VirtualLock
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
MulDiv
GetThreadLocale
SystemTimeToFileTime
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalReAlloc
GlobalHandle
LocalReAlloc
FileTimeToLocalFileTime
GlobalFlags
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryA
GetDriveTypeA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetFileAttributesW
GetModuleHandleW
WaitForMultipleObjects
GetCurrentDirectoryW
GetVersionExW
ExitThread
CreateMutexW
FormatMessageW
GetLastError
GetACP
CompareStringW
lstrlenW
lstrlenA
FileTimeToSystemTime
lstrcpyW
GlobalFree
OpenProcess
Sleep
DeleteFileW
WaitForSingleObject
CloseHandle
WritePrivateProfileStringW
GetLocalTime
GetFileSize
CreateFileW
LockResource
MultiByteToWideChar
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
CreateProcessW
GetTempFileNameW
GetTempPathW
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
WideCharToMultiByte
FreeResource
GlobalUnlock
LoadLibraryW
GetProcAddress
FreeLibrary
OpenEventA
CreateWaitableTimerA
FormatMessageA
InterlockedDecrement

user32

IsDialogMessageW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CharNextW
MapDialogRect
SetWindowContextHelpId
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
SetCapture
ReleaseCapture
PostQuitMessage
ValidateRect
GetMessageW
SetCursor
GetNextDlgGroupItem
MessageBeep
DestroyMenu
GetSysColorBrush
LoadCursorW
UnregisterClassW
RegisterClipboardFormatW
CharUpperW
PostThreadMessageW
GetClassLongW
EndPaint
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetWindowTextW
SetWindowTextW
SetWindowPos
GetForegroundWindow
GetActiveWindow
GetDlgItem
ShowWindow
SendMessageTimeoutW
GetDC
LoadIconW
DrawIcon
GetSystemMetrics
GetSystemMenu
TranslateMessage
DispatchMessageW
IsIconic
ReleaseDC
LoadImageW
PeekMessageW
SetWindowRgn
MoveWindow
CreatePopupMenu
SetWindowLongW
GetWindowLongW
AppendMenuW
SetForegroundWindow
GetCursorPos
GetParent
RegisterWindowMessageW
PostMessageW
IsWindow
SendMessageW
SystemParametersInfoW
GetClientRect
InvalidateRect
PtInRect
SetTimer
EnableWindow
KillTimer
GetWindowRect
GetDesktopWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
GetSubMenu
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
MapWindowPoints
CallNextHookEx
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcW
UnregisterClassA
CallWindowProcW
OffsetRect

gdi32

SelectObject
GetRgnBox
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetMapMode
CreateBitmap
ExtSelectClipRgn
CreateCompatibleBitmap
CreateCompatibleDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
DeleteObject
DeleteDC
CreateDIBSection
CreateRoundRectRgn
CreateRectRgnIndirect
CombineRgn
GetClipBox
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
BitBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFileInfoW
CommandLineToArgvW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
UrlUnescapeW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
SysAllocString
VariantClear

ws2_32

getsockname
bind
htonl
WSASocketW
__WSAFDIsSet
getservbyname
ntohs
WSASetLastError
getsockopt
accept
WSAIoctl
getpeername
WSAStringToAddressA
WSARecvFrom
WSASendTo
ntohl
listen
ioctlsocket
WSAAddressToStringA
WSARecv
WSASend
connect
inet_ntoa
WSAStartup
inet_addr
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send

mswsock

GetAcceptExSockaddrs
AcceptEx

Exports

Exports

DecodeFile

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 176KB

.rsrc Size: 15KB - Virtual size: 15KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

9cb11d0d4bed69c64ae8d0549b4ce4ce

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 436KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 17KB

.rmnet Size: 60KB - Virtual size: 60KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 176KB

.rsrc
Size: 15KB - Virtual size: 15KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 440KB - Virtual size: 436KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 17KB

.rmnet
Size: 60KB - Virtual size: 60KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 848B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.rmnet
Size: 56KB - Virtual size: 60KB