gh0strat | MLG[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

MLG.rar
Size

6.8MB
MD5

8c94062c950734dbaf26330d25c5754b
SHA1

d13145e15eee1407a26e4605a41002e9a43730d6
SHA256

5579aa23c42883755bab458b7e359bf600f00406f274c8a001ac1a2669452a6c
SHA512

00d2aaf48d3ee8ab6c4d230ebca95a243dc4fa79d40297f2256ad8610bef24597acc741d353d6529f88f01f0a52ba615be24f1c49956a3526573d68da0a7421d
SSDEEP

196608:aHRCL3FzpJcSckCDI+CFreDlumk0eHAMuk:aWXJcSFiIDADcmmAk

Score

10^/10

upx gh0strat lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
static1/unpack001/摩纳哥企业版虚拟桌面版本V5.4.exe	family_lumma_v4

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/摩纳哥企业版虚拟桌面版本V5.4.exe	family_gh0strat

Gh0strat family
gh0strat
Lumma family
lumma

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SkinH.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SkinH.dll	upx
static1/unpack002/out.upx	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SkinH.dll
unpack002/out.upx
unpack001/Tools/IPUpdate.exe
unpack001/Tools/MSTSCAX.DLL
unpack001/Tools/mstsc.exe
unpack001/Update/Install.dat
unpack001/摩纳哥企业版虚拟桌面版本V5.4.exe

Files

MLG.rar
.rar
SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/IPUpdate.exe
.exe windows:4 windows x86 arch:x86

77f2a6b3e475e55480b0129029e9b348

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAStartup
gethostbyname
gethostname
ioctlsocket
inet_addr
ntohl

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

shell32

ShellExecuteA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharNextA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@$xp$17Zlibex@EZLibError
@$xp$17Zlibex@TZStrategy
@$xp$18Zlibex@TZStreamRec
@$xp$21Zlibex@TCustomZStream
@$xp$25Zlibex@EZCompressionError
@$xp$25Zlibex@TZCompressionLevel
@$xp$26Zlibex@TZCompressionStream
@$xp$27Zlibex@EZDecompressionError
@$xp$28Zlibex@TZDecompressionStream
@@Gfrtl@Finalize
@@Gfrtl@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@Zlibex@EZCompressionError@
@Zlibex@EZDecompressionError@
@Zlibex@EZLibError@
@Zlibex@Finalization$qqrv
@Zlibex@TCustomZStream@
@Zlibex@TCustomZStream@$bctr$qqrp15Classes@TStream
@Zlibex@TCustomZStream@DoProgress$qqrv
@Zlibex@TZCompressionStream@
@Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevel
@Zlibex@TZCompressionStream@$bctr$qqrp15Classes@TStream25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy
@Zlibex@TZCompressionStream@$bdtr$qqrv
@Zlibex@TZCompressionStream@GetCompressionRate$qqrv
@Zlibex@TZCompressionStream@Read$qqrpvi
@Zlibex@TZCompressionStream@Seek$qqrius
@Zlibex@TZCompressionStream@Write$qqrpxvi
@Zlibex@TZDecompressionStream@
@Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStream
@Zlibex@TZDecompressionStream@$bctr$qqrp15Classes@TStreami
@Zlibex@TZDecompressionStream@$bdtr$qqrv
@Zlibex@TZDecompressionStream@Read$qqrpvi
@Zlibex@TZDecompressionStream@Seek$qqrius
@Zlibex@TZDecompressionStream@Write$qqrpxvi
@Zlibex@ZCompress$qqrpxvirpvri25Zlibex@TZCompressionLevel
@Zlibex@ZCompress2$qqrpxvirpvri25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy
@Zlibex@ZCompressStr$qqrx17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStr2$qqrx17System@AnsiString25Zlibex@TZCompressionLevelii17Zlibex@TZStrategy
@Zlibex@ZCompressStrEx$qqrx17System@AnsiString25Zlibex@TZCompressionLevel
@Zlibex@ZCompressStrWeb$qqrx17System@AnsiString
@Zlibex@ZCompressStream$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevel
@Zlibex@ZCompressStream2$qqrp15Classes@TStreamt125Zlibex@TZCompressionLevelii17Zlibex@TZStrategy
@Zlibex@ZDecompress$qqrpxvirpvrii
@Zlibex@ZDecompress2$qqrpxvirpvriii
@Zlibex@ZDecompressStr$qqrx17System@AnsiString
@Zlibex@ZDecompressStr2$qqrx17System@AnsiStringi
@Zlibex@ZDecompressStrEx$qqrx17System@AnsiString
@Zlibex@ZDecompressStream$qqrp15Classes@TStreamt1
@Zlibex@ZDecompressStream2$qqrp15Classes@TStreamt1i
@Zlibex@initialization$qqrv
_Form1
_Form2
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 623KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/MSTSCAX.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

kernel32

lstrcatA
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
GetSystemDefaultLangID
SetEvent
GetVersion
FreeResource
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetCommandLineA
IsBadReadPtr
SetFilePointer
ReadFile
DuplicateHandle
GlobalFree
GlobalHandle
Beep
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
Sleep
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
IsBadCodePtr
SetStdHandle
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
OutputDebugStringA

advapi32

RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyA

user32

SetRect
GetWindowDC
DestroyCursor
CreateCursor
AttachThreadInput
GetWindowThreadProcessId
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
MessageBeep
FlashWindow
SetCapture
ReleaseCapture
GetMessageExtraInfo
UnhookWindowsHookEx
CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
FillRect
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
BringWindowToTop
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
GetKeyboardLayout
DestroyWindow
InflateRect
GetSysColorBrush
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetSystemMetrics
GetWindowPlacement
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
OffsetRect
wsprintfA

gdi32

CreateSolidBrush
PatBlt
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
DeleteObject
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
StretchBlt
RealizePalette
SelectPalette
CreateDIBitmap
CreateBrushIndirect
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
GetBitmapBits
GdiFlush
GetPaletteEntries
Polyline
Polygon
SetPolyFillMode
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetTextColor
SetMapMode
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx

winspool.drv

SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterA
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
GetPrinterDriverW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleLoadFromStream
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
OleInitialize
CoGetMalloc

oleaut32

VariantClear
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

winmm

waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen

wsock32

ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
WSAAsyncSelect
WSAAsyncGetHostByName
connect
htons
socket
closesocket
send
recv
WSAStartup
bind
sendto
recvfrom
gethostbyname
gethostname
WSACancelAsyncRequest
WSAGetLastError

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/QQwry.dat
Tools/SkinH.she
Tools/mstsc.exe
.exe windows:5 windows x86 arch:x86

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mstsc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetModuleHandleW
lstrlenW
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn

user32

TranslateMessage
GetWindowDC
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageTime
GetCursorPos
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Update/Install.dat
.exe windows:4 windows x86 arch:x86

a120862eac10a4093b7e2d1c6fe780c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
WaitForSingleObject
VirtualAlloc
GetModuleHandleA
GetStartupInfoA

ws2_32

socket
gethostbyname
htons
connect
WSAStartup
send
recv

msvcrt

_initterm
_controlfp
_except_handler3
exit
memcpy
_exit
__set_app_type
_acmdln
__getmainargs
_XcptFilter
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
摩纳哥企业版虚拟桌面版本V5.4.exe
.exe windows:4 windows x86 arch:x86

1484f954ff4ec9e35526e59701aa8675

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVISaveOptionsFree
AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileExit
AVIFileInit

msvfw32

DrawDibOpen
DrawDibClose
ord2
DrawDibDraw

shlwapi

PathRemoveFileSpecA
SHAutoComplete

winmm

PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose

kernel32

GetStartupInfoA
GetCommandLineA
GetACP
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
GetProfileIntA
GetProfileStringA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
VirtualProtect
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempPathA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
GetExitCodeThread
ResetEvent
ExitThread
VirtualAlloc
GetFileAttributesA
lstrcatA
GetModuleFileNameA
WriteFile
lstrlenA
lstrcpyA
ReadFile
GetFileSize
CreateFileA
GetTickCount
GetLastError
CreateProcessA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
DeleteFileA
MoveFileA
CreateDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
OutputDebugStringA
InterlockedExchange
CancelIo
VirtualQueryEx
ReadProcessMemory
TerminateProcess
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceA
ExitProcess
GetSystemDirectoryA
GetCurrentDirectoryA
LocalSize
LocalReAlloc
lstrcmpA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
FormatMessageA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
SetLastError
MulDiv
GetCurrentThread
SetThreadPriority
SuspendThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesA
SetErrorMode
HeapFree
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetDriveTypeA

user32

GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
CreateMenu
GetMenuStringA
InsertMenuA
FillRect
IntersectRect
GetIconInfo
CreatePopupMenu
GetActiveWindow
SetWindowTextW
LockWindowUpdate
GetFocus
GetDesktopWindow
DestroyIcon
MessageBeep
InflateRect
SystemParametersInfoA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetScrollBarInfo
ShowScrollBar
DrawIconEx
GetKeyState
GetWindowLongA
SetWindowLongA
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
LoadStringA
WinHelpA
IsChild
GetMenuState
GetSystemMenu
AppendMenuA
CheckMenuRadioItem
SetClassLongA
ClipCursor
DestroyCursor
DeleteMenu
CharNextA
EnableMenuItem
GetMenuItemCount
CheckMenuItem
GetDlgCtrlID
SetWindowPos
SendMessageTimeoutA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
GetParent
ClientToScreen
AdjustWindowRectEx
GrayStringA
DrawTextA
TabbedTextOutA
RedrawWindow
LoadImageA
SetParent
ReleaseDC
IsIconic
GetSystemMetrics
DrawIcon
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
LoadIconA
EnableWindow
SendMessageA
InvalidateRect
SetRect
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetClipboardFormatNameA
GetAsyncKeyState
IsWindowUnicode
GetWindowLongW
SetWindowLongW
DrawEdge
GetDoubleClickTime
SetCursorPos
UnionRect
GetMenuDefaultItem
SetWindowRgn
GetCursor
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
PostQuitMessage
ShowOwnedPopups
PostThreadMessageA
InvertRect
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetTabbedTextExtentA
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetDialogBaseUnits
GetClassNameA
IsRectEmpty
FindWindowA
IsZoomed
GetMenuStringW
LookupIconIdFromDirectoryEx
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetWindowRgn
HideCaret
ShowCaret
IsMenu
GetMenuItemInfoA
CreateIconIndirect
CreateIconFromResourceEx
DrawFrameControl
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
WaitMessage
MapVirtualKeyA
ValidateRect
DrawFocusRect
DrawStateA
MessageBoxA
wsprintfA
PostMessageA
PtInRect
GetWindowRect
GetCursorPos
GetSubMenu
LoadMenuA
GetWindow
GetDlgItemTextA
GetSysColor
SetTimer
LoadCursorA
EqualRect
IsWindow
CopyIcon
UpdateWindow
SetCursor
WindowFromPoint
ScreenToClient
IsWindowVisible
GetClientRect
LoadBitmapA
GetDC
OffsetRect
CopyRect
SetCapture
ReleaseCapture
GetCapture
KillTimer

gdi32

Polygon
GetTextAlign
CreateDIBitmap
SetPixel
GetCurrentObject
GetDIBits
PtInRegion
EnumFontFamiliesExA
GetBitmapBits
ExtCreateRegion
GetRgnBox
CreatePolygonRgn
RoundRect
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
CloseFigure
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
GetWindowOrgEx
GetTextColor
CopyMetaFileA
GetTextMetricsA
GetCharWidthA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgnIndirect
PatBlt
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
ExtSelectClipRgn
CreateRectRgn
GetClipRgn
PolyBezierTo
GetCurrentPositionEx
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetPolyFillMode
GetStockObject
RestoreDC
SaveDC
GetClipBox
CreatePen
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
StretchBlt
StretchDIBits
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
GetMapMode
DPtoLP
GetBkColor
BeginPath
EndPath
StrokeAndFillPath
GetTextExtentPoint32A
GetPixel
SetPixelV
PolyBezier
GetObjectA
CreateFontA
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA

shell32

DragQueryFileA
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ShellExecuteA
DragAcceptFiles
SHGetPathFromIDListA
SHAppBarMessage
ExtractIconA
SHBrowseForFolderA
DragFinish

comctl32

ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

oledlg

ord1
ord8

ole32

ReleaseStgMedium
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoDisconnectObject
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
LoadTypeLi
SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VarBstrFromDate
VarDateFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa
getpeername
closesocket
WSACleanup
select
connect
htons
gethostbyname
ioctlsocket
socket
WSAStartup
sendto
inet_addr
listen
bind
WSAEventSelect
WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAGetLastError
WSARecv
WSASend
setsockopt
WSACloseEvent
WSAIoctl
gethostname
ntohs
getsockname
shutdown
accept
WSAEnumNetworkEvents

skinh

SkinH_AttachEx
SkinH_Detach

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmAssociateContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
摩纳哥企业版虚拟桌面版本V5.4.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 140KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX0 Size: 12KB - Virtual size: 9KB

.UPX1 Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 8KB

77f2a6b3e475e55480b0129029e9b348

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

comctl32

comdlg32

gdi32

shell32

user32

oleaut32

Exports

Exports

Sections

.text Size: 623KB - Virtual size: 624KB

.data Size: 48KB - Virtual size: 68KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 12KB

.edata Size: 3KB - Virtual size: 4KB

.rsrc Size: 188KB - Virtual size: 188KB

.reloc Size: 44KB - Virtual size: 44KB

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

ole32

oleaut32

winmm

wsock32

shell32

Exports

Exports

Sections

.text Size: 539KB - Virtual size: 539KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 26KB - Virtual size: 25KB

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX0
Size: 12KB - Virtual size: 9KB

.UPX1
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 623KB - Virtual size: 624KB

.data
Size: 48KB - Virtual size: 68KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 12KB

.edata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 188KB - Virtual size: 188KB

.reloc
Size: 44KB - Virtual size: 44KB

.text
Size: 539KB - Virtual size: 539KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 151KB - Virtual size: 151KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 221KB - Virtual size: 221KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 656B

.data
Size: 1024B - Virtual size: 920B

.text
Size: 2.2MB - Virtual size: 2.2MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 412KB - Virtual size: 408KB

.data
Size: 1.5MB - Virtual size: 2.0MB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB