blackmoon | Leaked by [Serenade[.]Club][.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Leaked by [Serenade.Club].rar
Size

11.1MB
MD5

85f397658294a7d88cb83c3cd3ac69e7
SHA1

50731ac5bc6f78ff1fdcf642cfac653854e0b636
SHA256

087b15d96b2a86e6837631ee05bf24e81a2786df23110bd6fd468798cc904f8f
SHA512

0d4407fdeca2f47b13f0d460491bfff3e13e7ced4b974a53ac1003ec3fa2e41a9c7f61c23e760e315fe5957438c1d20a428dac87463b5b3cdf62ad1e8b6863c1
SSDEEP

196608:v7188PmhUwF0EARTx43WL8hbtyoUHvPeVzehQ97FUNPMsJYSrggKZ7C0ptHA:vkhUQnARWtyoovPeVCf1ZYChUB1A

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/Plugins/DllToByte..exe	family_blackmoon

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SkinH.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HFS/HFS.exe	upx
static1/unpack001/SkinH.dll	upx
static1/unpack003/out.upx	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HFS/HFS.exe
unpack002/out.upx
unpack001/Plugins/AnyFileToByte.exe
unpack001/Plugins/CHAT.dll
unpack001/Plugins/DllToByte..exe
unpack001/Plugins/FILE.dll
unpack001/Plugins/LISTEN.dll
unpack001/Plugins/PRANK.dll
unpack001/Plugins/PROXY.dll
unpack001/Plugins/PROXYMAP.dll
unpack001/Plugins/REGEDIT.dll
unpack001/Plugins/SCREEN.dll
unpack001/Plugins/SCREEN2.dll
unpack001/Plugins/SERVICE.dll
unpack001/Plugins/SHELL.dll
unpack001/Plugins/SYSTEM.dll
unpack001/Plugins/VIDEO.dll
unpack001/SkinH.dll
unpack003/out.upx
unpack001/TianMa~.exe
unpack001/Tools/MSTSCAX.DLL
unpack001/Tools/mstsc.exe
unpack001/Update/Server.dat
unpack001/Update/Server.dll

Files

Leaked by [Serenade.Club].rar
.rar
HFS/HFS.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 846KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 55KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

JCLDEBUG
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HFS/hfs.ips.txt
Plugins/AnyFileToByte.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 316KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/CHAT.dll
.dll windows:6 windows x86 arch:x86

0bb677808f68748565f0b4746f93ec3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
GetLocalTime
GetModuleHandleA
InitializeCriticalSection
GlobalLock
GlobalUnlock
GlobalFree
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetModuleFileNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
WriteConsoleW
FlushFileBuffers
GlobalAlloc
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue

user32

TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
DestroyWindow
GetMessageA
SetWindowTextA
IsDialogMessageA
LoadIconA
SetClassLongA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthA
ShowWindow
SetFocus
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
CreateDialogIndirectParamA
SetWindowPos

ws2_32

closesocket
connect
htons
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
recv

Exports

Exports

PluginMe

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/C_CHAT.h
Plugins/C_FILE.h
Plugins/C_LISTEN.h
Plugins/C_PRANK.h
Plugins/C_PROXY.h
Plugins/C_PROXYMAP.h
Plugins/C_REGEDIT.h
Plugins/C_SCREEN.h
Plugins/C_SCREEN2.h
Plugins/C_SERVICE.h
Plugins/C_SHELL.h
Plugins/C_SYSTEM.h
Plugins/C_VIDEO.h
Plugins/DllToByte..e
Plugins/DllToByte..exe
.exe windows:4 windows x86 arch:x86

065bb0b8f2447a21687970a3f4c81bdb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
LocalFree
WideCharToMultiByte
GetCommandLineW
GetModuleFileNameA
CloseHandle
ExitProcess
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileA
FindClose
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadFile
GetProcessHeap

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFileExistsA

msvcrt

fopen
??3@YAXPAX@Z
sprintf
floor
strrchr
_ftol
atoi
memmove
malloc
modf
free
fclose
strchr
fwrite

user32

TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA
GetMessageA

shell32

CommandLineToArgvW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plugins/Example.Cpp
Plugins/FILE.dll
.dll windows:6 windows x86 arch:x86

f48a453277c58ef2ad15ba21da06c437

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EncodePointer
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
CreateFileA
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
lstrcpyA
lstrcatA
lstrlenA
LoadLibraryA
DecodePointer
CreateDirectoryA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesA
GetFileSize
ReadFile
RemoveDirectoryA
SetFilePointer
GetLastError
CreateProcessA
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
GetLogicalDriveStringsA
MoveFileA
GetVolumeInformationA
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64

user32

CharNextA
wsprintfA

advapi32

RegQueryValueA
RegOpenKeyExA
ImpersonateLoggedOnUser
GetUserNameA
RegCloseKey

shell32

ShellExecuteA
SHGetFolderPathA
SHGetFileInfoA

msvcr110

__crtTerminateProcess
__clean_type_info_names_internal
__crtUnhandledException
_stricmp
??1type_info@@UAE@XZ
_crt_debugger_hook
?terminate@@YAXXZ
_initterm_e
??3@YAXPAX@Z
memmove
strstr
ceil
memcpy
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
memset
_beginthreadex
_purecall
free
malloc
strrchr
_strupr
_except_handler4_common
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm

ws2_32

WSACleanup
WSAStartup
gethostbyname
socket
WSAIoctl
closesocket
connect
htons
recv
select
setsockopt
send

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

PluginMe

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/LISTEN.dll
.dll windows:6 windows x86 arch:x86

aeba4d9699dbdb93b7c3b310ec6631b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
InitializeCriticalSection
lstrcpyA
LoadLibraryA
CreateThread
TerminateThread
ResumeThread
LoadLibraryW
OutputDebugStringW
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
SetFilePointerEx
WriteConsoleW
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
HeapSize
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
ExitThread
LoadLibraryExW
HeapFree
HeapAlloc
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement

user32

TranslateMessage
DispatchMessageA
GetMessageA

ws2_32

WSAIoctl
WSACleanup
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
htons
connect
closesocket

winmm

waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInStop
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInReset
mixerGetNumDevs
mixerGetDevCapsA
mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
waveInGetDevCapsA
waveOutReset
waveInGetNumDevs

Exports

Exports

PluginMe

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PRANK.dll
.dll windows:6 windows x86 arch:x86

5a1cd24a0cc564c668f0e076576ef366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
Sleep
GetCurrentProcess
GetVersion
WriteConsoleW
CloseHandle
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
Beep
WriteFile
SetFilePointerEx
CreateFileA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
LoadLibraryW
HeapSize
CreateFileW

user32

ExitWindowsEx
FindWindowA
GetWindowRect
GetForegroundWindow
MoveWindow
ShowWindow
SendMessageA
SwapMouseButton

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

winmm

mciSendStringA

Exports

Exports

PluginMe

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXY.dll
.dll windows:6 windows x86 arch:x86

6058417d15a9dc4d5d57f7fc9e08936e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateThread
WriteConsoleW
SetStdHandle
HeapSize
LCMapStringEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapReAlloc
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
SetLastError
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
IsValidCodePage
CreateFileW

user32

wsprintfA

ws2_32

WSAStartup
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
WSACleanup
listen
inet_ntoa
inet_addr
htons
getsockname
getpeername
connect
closesocket
bind
accept
__WSAFDIsSet
WSAGetLastError
ntohs

Exports

Exports

CloseProxy
OpenProxy

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXYMAP.dll
.dll windows:6 windows x86 arch:x86

cff395882211804e2d9bcd24e2d03936

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
InitializeCriticalSection
GetProcAddress
LoadLibraryA
GetLastError
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
SetFilePointerEx
WriteConsoleW
FreeLibrary
CreateThread
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RaiseException
RtlUnwind
EncodePointer
DecodePointer
CreateFileW
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte

ws2_32

select
recv
send
connect
closesocket
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
getsockname
htons

Exports

Exports

PluginMe

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/REGEDIT.dll
.dll windows:6 windows x86 arch:x86

26c69a8864064bc9835a39a5dca67010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
ResetEvent
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
SetEvent
CancelIo
CloseHandle
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
WriteConsoleW
LoadLibraryA
CreateFileW
HeapSize
GetStringTypeW
LoadLibraryW
OutputDebugStringW
HeapReAlloc
GetCPInfo
GetOEMCP
SetFilePointerEx
GetACP
IsValidCodePage
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
CreateThread
ExitThread
LoadLibraryExW
HeapFree
HeapAlloc
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ws2_32

htons
recv
closesocket
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSAIoctl
connect
WSACleanup

Exports

Exports

PluginMe

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN.dll
.dll windows:6 windows x86 arch:x86

316de0276dc48557f22e8c20b297ef57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
lstrcmpiA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQuery
GetCurrentThreadId
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringEx
CompareStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetModuleFileNameW
GetCPInfo
WriteFile
InterlockedExchange
Sleep
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
CancelIo
CloseHandle
VirtualFree
DeleteCriticalSection
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadFile
ReadConsoleW
GetSystemInfo
SetEnvironmentVariableA
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
CreateThread
ExitThread
LoadLibraryExW
HeapFree
GetCommandLineA
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap

user32

OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
SendMessageA
GetCursorInfo
GetCursorPos
GetSystemMetrics
BlockInput
SystemParametersInfoA
DestroyCursor
LoadCursorA
ReleaseDC
GetDC
MapVirtualKeyA
mouse_event
keybd_event

gdi32

SelectObject
GetRegionData
GetDIBits
DeleteObject
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
GetDeviceCaps
CreateDIBSection

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

ws2_32

closesocket
connect
htons
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl

Exports

Exports

PluginMe

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN2.dll
.dll windows:6 windows x86 arch:x86

7cbbdfa804887ce7e6a9455fd460c5cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
lstrcmpiA
LoadLibraryA
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetTickCount
SetStdHandle
ResetEvent
GetConsoleCP
FlushFileBuffers
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetEvent
CancelIo
CloseHandle
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetFilePointerEx
WriteConsoleW
GetConsoleMode
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
FlsAlloc

user32

LoadCursorA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
PostMessageA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
keybd_event
GetCursorInfo
GetDesktopWindow
SetRect
GetCursorPos
ReleaseDC
GetDC
BlockInput
SystemParametersInfoA
DestroyCursor
mouse_event
WindowFromPoint
SetCursorPos
GetSystemMetrics
SetCapture
MapVirtualKeyA

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection

ws2_32

closesocket
connect
htons
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl

Exports

Exports

PluginMe

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SERVICE.dll
.dll windows:6 windows x86 arch:x86

5d4129f9fbeb85867801cee9f1fcf17d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
lstrcpyA
lstrlenA
LoadLibraryA
WaitForSingleObject
GetLastError
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
ResetEvent
SetEvent
CancelIo
CloseHandle
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetFilePointerEx
WriteConsoleW
CreateFileW
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
RaiseException
RtlUnwind
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
IsValidCodePage

advapi32

QueryServiceStatus
QueryServiceConfig2A
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
ControlService
CloseServiceHandle
StartServiceA

ws2_32

htons
recv
closesocket
select
send
setsockopt
socket
gethostbyname
WSACleanup
WSAIoctl
connect
WSAStartup

Exports

Exports

PluginMe

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SHELL.dll
.dll windows:6 windows x86 arch:x86

4a610d8f2145837c6ecbbc6e381cfa05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
InitializeCriticalSection
LoadLibraryA
ReadFile
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
TerminateProcess
TerminateThread
CreateProcessA
GetSystemDirectoryA
LocalAlloc
LocalFree
WaitForMultipleObjects
GetStartupInfoA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
SetFilePointerEx
WriteConsoleW
CreateFileW
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameW
GetCPInfo
SetStdHandle
GetOEMCP
GetACP
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
IsValidCodePage

ws2_32

htons
recv
closesocket
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSAIoctl
connect
WSACleanup

Exports

Exports

PluginMe

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SYSTEM.dll
.dll windows:6 windows x86 arch:x86

b746680dadee229dde7bb720f8b3704f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

kernel32

CreateEventA
Sleep
InterlockedExchange
CreateFileA
WriteFile
GetCurrentThreadId
OpenProcess
GetVersionExA
FreeLibrary
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatA
lstrlenA
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
HeapFree
GetProcessHeap
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
GetCommandLineA
FindClose
FindFirstFileA
FindNextFileA
GetFileSize
ReadFile
SetFileAttributesA
GetLastError
GetCurrentProcess
TerminateProcess
TerminateThread
GetPriorityClass
GlobalMemoryStatusEx
WaitForSingleObject
SetEvent
GetWindowsDirectoryA
GetModuleHandleA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
WinExec
lstrcmpA
lstrcpynA
GetLogicalDriveStringsA
GetPrivateProfileStringA
QueryDosDeviceA
GetComputerNameA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WideCharToMultiByte
K32EnumProcessModules
K32GetProcessMemoryInfo
K32GetProcessImageFileNameA
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
LCMapStringEx
GetStringTypeW
LoadLibraryW
OutputDebugStringW
HeapReAlloc
GetSystemInfo
ResetEvent
CancelIo
CloseHandle
CreateFileW
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetFilePointerEx
WriteConsoleW
GetTickCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
GetStartupInfoW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
RaiseException
RtlUnwind
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

ShowWindow
IsWindowVisible
GetDC
ReleaseDC
GetWindowTextA
FindWindowA
EnumWindows
PostMessageA
GetWindowThreadProcessId
GetWindow
GetUserObjectInformationA
wsprintfA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetClassNameA
GetThreadDesktop

gdi32

GetDeviceCaps

advapi32

LookupAccountSidA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

ws2_32

connect
htons
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
inet_ntoa
ntohs
closesocket

Exports

Exports

PluginMe

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/VIDEO.dll
.dll windows:6 windows x86 arch:x86

035b1477a8c896c1efcbb259a6a5a7ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
WriteFile
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
CancelIo
WideCharToMultiByte
GetTickCount
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
DeleteCriticalSection
LoadLibraryW
CloseHandle
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetModuleFileNameW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW
CreateFileW
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetLastError
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
HeapFree
IsProcessorFeaturePresent
HeapAlloc
IsDebuggerPresent
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

ReleaseDC
GetClientRect
GetDC
CreateWindowExA

gdi32

DeleteObject
CreateCompatibleBitmap
GetDIBits

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysFreeString

ws2_32

setsockopt
WSAIoctl
connect
htons
recv
select
send
closesocket
socket
gethostbyname
WSAStartup
WSACleanup

msvfw32

ICCompressorFree
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICClose
ICOpen

Exports

Exports

PluginMe

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TianMa~.exe
.exe windows:6 windows x86 arch:x86

3a53352a7f7fff3c1c920959207c9873

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIFileInit
AVIFileCreateStreamA
AVIFileExit
AVIStreamRelease
AVIStreamSetFormat
AVIStreamWrite
AVIFileRelease
AVIFileOpenA

msvfw32

ICOpen
ICClose
ICSendMessage
ICDecompress
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
DrawDibOpen
DrawDibClose
DrawDibDraw

winmm

waveOutReset
waveInGetNumDevs
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveInStart
waveInStop
waveInReset
PlaySoundA

kernel32

VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
ExitThread
RaiseException
GetCommandLineA
GetModuleHandleExW
AreFileApisANSI
VirtualQuery
HeapSize
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsValidCodePage
GetTimeZoneInformation
GetStringTypeW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetWindowsDirectoryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
CreateFileW
WriteConsoleW
SetEnvironmentVariableA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
GetExitCodeThread
ResetEvent
GetCurrentDirectoryA
QueryPerformanceCounter
SetErrorMode
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
TerminateThread
ResumeThread
InitializeCriticalSectionEx
Sleep
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
ReadFile
SetFilePointer
OutputDebugStringA
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount
GetModuleFileNameA
lstrcmpA
lstrcatA
WriteFile
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrcpyA
LocalAlloc
LocalFree
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
lstrlenA
CreateDirectoryA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
lstrcpynA
MoveFileA
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CopyFileA
VirtualAlloc
VirtualFree
GetPrivateProfileIntA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
GetSystemInfo
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
ExitProcess
FreeResource
FindResourceA
GlobalFree
GlobalSize
SetLastError
MulDiv
FormatMessageA
GetFileAttributesW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetVersion
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
GetVersionExA
FlushFileBuffers
GetFullPathNameA
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
GetVolumeInformationA
GetThreadLocale
GetStringTypeExA
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
GetACP
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
SetFileAttributesA

user32

CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
SetScrollRange
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
SetFocus
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemID
GetMenuStringA
GetScrollBarInfo
SystemParametersInfoA
SetWindowLongA
GetWindowLongA
ClipCursor
GetKeyState
GetIconInfo
DrawIconEx
DestroyCursor
CheckMenuRadioItem
SetClassLongA
IntersectRect
ShowScrollBar
GetMenuState
GetClipboardData
AppendMenuA
CreatePopupMenu
SetWindowTextW
LockWindowUpdate
SetMenuDefaultItem
GetFocus
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetSystemMenu
FillRect
OffsetRect
InflateRect
MessageBeep
GetSystemMetrics
SetRect
LoadCursorW
LoadCursorA
GetWindow
GetParent
WindowFromPoint
ClientToScreen
SetCursor
DeleteMenu
GetMenuItemCount
EnableMenuItem
CheckMenuItem
ReleaseCapture
SetCapture
CharNextA
GetDlgCtrlID
SetWindowPos
SendMessageTimeoutA
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
LoadIconW
GetScrollRange
GetScrollPos
SetScrollPos
UpdateWindow
LoadImageA
LoadBitmapW
SetParent
GetSysColor
GetClientRect
ReleaseDC
CopyIcon
GetDoubleClickTime
SetCursorPos
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
DrawFrameControl
DrawEdge
LoadImageW
IsWindowEnabled
DrawStateA
GetClipboardFormatNameA
SetWindowLongW
SetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetActiveWindow
CharUpperA
GetWindowDC
BeginPaint
EndPaint
GetWindowRgn
GetWindowLongW
IsWindowUnicode
LookupIconIdFromDirectoryEx
CreateMenu
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
EnumChildWindows
FrameRect
EnumDisplayMonitors
SetLayeredWindowAttributes
GetDCEx
RegisterClipboardFormatA
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
DrawFocusRect
GetTabbedTextExtentA
IsClipboardFormatAvailable
LoadBitmapA
GetMenuStringW
GetCursor
GetKeyboardLayoutList
FindWindowA
DrawAnimatedRects
ShowCaret
CreateIconIndirect
CreateIconFromResourceEx
GetUserObjectInformationA
CloseDesktop
OpenInputDesktop
GetMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
SendMessageA
EnableWindow
InvalidateRect
LoadIconA
wsprintfA
MessageBoxA
IsWindowVisible
RedrawWindow
PostMessageA
LoadMenuW
GetSubMenu
UnionRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetWindowRect
GetCursorPos
PtInRect
SetTimer
KillTimer
CharUpperBuffA
ScreenToClient
ModifyMenuA
LoadAcceleratorsW
GetDialogBaseUnits
CopyImage
RealChildWindowFromPoint
UnregisterClassA
GetSysColorBrush
IsRectEmpty
SetWindowRgn
DrawIcon
IsZoomed
GetMenuItemInfoA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
DestroyMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
IsIconic
SetRectEmpty
MapVirtualKeyA
GetKeyNameTextA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
GetDesktopWindow
GetWindowThreadProcessId

gdi32

GetBitmapBits
CloseFigure
FillPath
StrokePath
ExtTextOutW
SetBrushOrgEx
ExtCreateRegion
GetTextFaceA
GetTextExtentPoint32W
GetTextAlign
GetViewportOrgEx
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
PtInRegion
FrameRgn
RoundRect
GetCurrentObject
CreateRoundRectRgn
OffsetRgn
EnumFontFamiliesExA
Rectangle
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetRgnBox
GetTextColor
Ellipse
CreateEllipticRgn
GetTextMetricsA
GetCharWidthA
SetRectRgn
CombineRgn
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolyBezierTo
MoveToEx
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CreateDCA
CopyMetaFileA
SetBkMode
GetObjectA
DeleteDC
CreateDIBSection
SetTextColor
StretchDIBits
SetBkColor
SelectObject
DeleteObject
CreatePen
LPtoDP
DPtoLP
ExtTextOutA
TextOutA
StrokeAndFillPath
EndPath
BeginPath
RectVisible
PtVisible
GetMapMode
GetBkColor
Escape
SetPixelV
GetTextExtentPoint32A
GetPixel
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegSetValueA
RegCreateKeyExA

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
ExtractIconA
SHAppBarMessage
ShellExecuteA
SHAddToRecentDocs
SHGetSpecialFolderLocation
SHGetDesktopFolder
Shell_NotifyIconA
SHGetMalloc

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Draw
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
_TrackMouseEvent
ImageList_Create

shlwapi

PathRemoveFileSpecA
SHAutoComplete
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
UrlUnescapeA
StrFormatKBSizeA

uxtheme

GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoUninitialize
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop

oleaut32

VariantCopy
VarDateFromStr
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
SafeArrayUnaccessData
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysStringByteLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
OleLoadPicturePath
VariantChangeTypeEx
VarUdateFromDate
SysAllocStringByteLen

oledlg

ord8
ord1

ws2_32

shutdown
ntohs
getsockname
gethostname
WSAWaitForMultipleEvents
WSASocketA
WSASend
WSARecv
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError
setsockopt
listen
bind
accept
WSACleanup
WSAStartup
gethostbyname
socket
select
htons
ioctlsocket
connect
inet_ntoa
getpeername
closesocket

skinh

SkinH_AttachEx
SkinH_Detach

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetCrackUrlA

gdiplus

GdipAlloc
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusShutdown
GdipCloneImage
GdipFree
GdiplusStartup

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TianMa~.ini
Tools/Encode.e
Tools/MSTSCAX.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

kernel32

lstrcatA
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
GetSystemDefaultLangID
SetEvent
GetVersion
FreeResource
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetCommandLineA
IsBadReadPtr
SetFilePointer
ReadFile
DuplicateHandle
GlobalFree
GlobalHandle
Beep
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
Sleep
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
IsBadCodePtr
SetStdHandle
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
OutputDebugStringA

advapi32

RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyA

user32

SetRect
GetWindowDC
DestroyCursor
CreateCursor
AttachThreadInput
GetWindowThreadProcessId
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
MessageBeep
FlashWindow
SetCapture
ReleaseCapture
GetMessageExtraInfo
UnhookWindowsHookEx
CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
FillRect
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
BringWindowToTop
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
GetKeyboardLayout
DestroyWindow
InflateRect
GetSysColorBrush
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetSystemMetrics
GetWindowPlacement
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
OffsetRect
wsprintfA

gdi32

CreateSolidBrush
PatBlt
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
DeleteObject
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
StretchBlt
RealizePalette
SelectPalette
CreateDIBitmap
CreateBrushIndirect
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
GetBitmapBits
GdiFlush
GetPaletteEntries
Polyline
Polygon
SetPolyFillMode
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetTextColor
SetMapMode
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx

winspool.drv

SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterA
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
GetPrinterDriverW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleLoadFromStream
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
OleInitialize
CoGetMalloc

oleaut32

VariantClear
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

winmm

waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen

wsock32

ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
WSAAsyncSelect
WSAAsyncGetHostByName
connect
htons
socket
closesocket
send
recv
WSAStartup
bind
sendto
recvfrom
gethostbyname
gethostname
WSACancelAsyncRequest
WSAGetLastError

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/QQwry.dat
Tools/SkinH1.she
Tools/mstsc.exe
.exe windows:5 windows x86 arch:x86

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mstsc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetModuleHandleW
lstrlenW
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn

user32

TranslateMessage
GetWindowDC
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageTime
GetCursorPos
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Update/Server.dat
.dll windows:4 windows x86 arch:x86

3532a6e0319e9e710fb9376d8e1191dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord793
ord692
ord693
ord6515
ord2514
ord2621
ord1134
ord1199
ord1247
ord537
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6743
ord4407
ord3402
ord3719
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5307
ord2446
ord2124
ord5277
ord3370
ord4627
ord3640
ord1200
ord2077
ord1146
ord1168
ord567
ord540
ord324
ord2302
ord4234
ord3996
ord2642
ord3092
ord4710
ord2379
ord755
ord470
ord5809
ord2818
ord1105
ord6669
ord6648
ord6007
ord6929
ord939
ord860
ord3998
ord858
ord536
ord5480
ord535
ord940
ord5651
ord3127
ord3616
ord3663
ord665
ord1979
ord941
ord922
ord3301
ord6385
ord5186
ord3177
ord6334
ord2515
ord355
ord926
ord2820
ord3811
ord350
ord354
ord5308
ord4779
ord5811
ord5482
ord2032
ord4411
ord4447
ord4335
ord4863
ord4975
ord5797
ord5479
ord1995
ord967
ord3717
ord523
ord791
ord4919
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5261
ord4673

msvcrt

_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
free
__CxxFrameHandler
_CxxThrowException
_mbscmp
__dllonexit

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
HeapAlloc
ResetEvent
WaitForSingleObject
SetEvent
GetProcessHeap
VirtualAlloc
CreateEventA
VirtualFree
HeapFree

user32

GetClientRect
DrawIcon
SendMessageA
EnableWindow
IsIconic
GetWindowLongA
SetWindowLongA
LoadIconA
MessageBoxA
GetSystemMetrics

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_slist_append
curl_slist_free_all

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Update/Server.dll
.dll windows:6 windows x86 arch:x86

7d0a3fc7f643234ab4d457e25e3ea083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
connect
htons
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
getsockname
gethostname

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

netapi32

Netbios

mfc110

ord1500
ord265
ord266
ord1498
ord12336
ord14059
ord2950
ord4595
ord2153
ord8525
ord316
ord305
ord310
ord1038
ord5769
ord2931

msvcr110

__CppXcptFilter
_amsg_exit
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_strupr
_stricmp
_beginthreadex
strchr
free
_access
atoi
strncmp
strcspn
realloc
_malloc_crt
rand
atol
exit
sprintf
_vsnprintf
printf
fprintf
fopen
fclose
strstr
strrchr
strncpy
memmove
strcmp
strcat
strcpy
_purecall
strlen
__CxxFrameHandler3
_CxxThrowException
memset
memcmp
ceil
memcpy
_initterm
_initterm_e
?terminate@@YAXXZ
malloc
__clean_type_info_names_internal

kernel32

HeapFree
VirtualProtect
lstrcmpiA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
FreeConsole
MoveFileA
GetExitCodeProcess
CreateMutexA
ReleaseMutex
GetLastError
GetCommandLineA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDefaultUILanguage
MoveFileExA
CopyFileA
GetTempPathA
LoadLibraryA
lstrlenA
lstrcatA
lstrcpyA
GetShortPathNameA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetVersionExA
GetSystemDirectoryA
GetTickCount
GetSystemInfo
GetLocalTime
GlobalMemoryStatusEx
OpenProcess
SetPriorityClass
CreateProcessA
ResumeThread
TerminateThread
SetThreadPriority
GetCurrentThread
TerminateProcess
ExitProcess
GetCurrentProcess
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindClose
CreateDirectoryA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
WinExec
LocalFree
LocalSize
LocalAlloc
VirtualAlloc
VirtualFree
CloseHandle
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
InterlockedExchange
CreateFileA
DeleteFileA
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
CreateThread
GetModuleFileNameA
FindFirstFileA

user32

SendMessageA
IsWindowVisible
GetKeyState
GetAsyncKeyState
ExitWindowsEx
GetSystemMetrics
GetForegroundWindow
GetWindowTextA
MessageBoxA
EnumWindows
ChangeDisplaySettingsA
FindWindowA
GetClassNameA
GetWindow
wsprintfA
GetLastInputInfo

advapi32

RegCloseKey
OpenEventLogA
CloseEventLog
ClearEventLogA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegOpenKeyA
RegOpenKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
LockServiceDatabase
UnlockServiceDatabase
StartServiceA
RegCreateKeyA
OpenSCManagerA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

shlwapi

PathRemoveFileSpecA

ole32

CoCreateInstance
CoInitialize

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

wininet

InternetGetConnectedState

Exports

Exports

fuckyou

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 846KB - Virtual size: 848KB

.rsrc Size: 38KB - Virtual size: 40KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.itext Size: 8KB - Virtual size: 7KB

.data Size: 34KB - Virtual size: 34KB

.bss Size: - Virtual size: 55KB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 84KB - Virtual size: 84KB

.rsrc Size: 468KB - Virtual size: 467KB

JCLDEBUG Size: 360KB - Virtual size: 359KB

Headers

File Characteristics

Sections

MEW Size: - Virtual size: 888KB

�uۊ�� Size: 316KB - Virtual size: 376KB

0bb677808f68748565f0b4746f93ec3a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

065bb0b8f2447a21687970a3f4c81bdb

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

user32

shell32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 60KB

.rsrc Size: 1024B - Virtual size: 664B

f48a453277c58ef2ad15ba21da06c437

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcr110

ws2_32

msvcp110

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 846KB - Virtual size: 848KB

.rsrc
Size: 38KB - Virtual size: 40KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.itext
Size: 8KB - Virtual size: 7KB

.data
Size: 34KB - Virtual size: 34KB

.bss
Size: - Virtual size: 55KB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 468KB - Virtual size: 467KB

JCLDEBUG
Size: 360KB - Virtual size: 359KB

MEW
Size: - Virtual size: 888KB

�uۊ��
Size: 316KB - Virtual size: 376KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 60KB

.rsrc
Size: 1024B - Virtual size: 664B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 22KB - Virtual size: 47KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB