8a940b1ec4f57d590e1ff230344a88bd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a940b1ec4f57d590e1ff230344a88bd_JaffaCakes118
Size

2.0MB
MD5

8a940b1ec4f57d590e1ff230344a88bd
SHA1

7ff077c2b5fbf499022e435207bdbda67c4cb446
SHA256

5318739a0a7ac64d992edf27091adad9610a821c92f4a92793543b214d96a308
SHA512

b38a41f4624cf850e97a00e49f7b8425a929504fffa59bc477faad3739fa4e0fcd2e44089cb2198467a26016670f444321b3a5bba2745c7937ded307f740b246
SSDEEP

49152:2JXLBOvL5O7f+FMC0LW+TRxO82j1jEhf4YeS:2JXLcvL52+mfMbBjEhRL

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
8a940b1ec4f57d590e1ff230344a88bd_JaffaCakes118
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/BgWorker.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/SkinBtn.dll
unpack002/$PLUGINSDIR/SkinProgress.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/WndProc.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/nsDialogs.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

8a940b1ec4f57d590e1ff230344a88bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/simple_bg.bmp
$PLUGINSDIR/simple_loading1.bmp
$PLUGINSDIR/simple_loading2.bmp
$_47_/Skin/Default/BottomBackground.bmp
$_47_/Skin/Default/Clear_Background.png
.png
$_47_/Skin/Default/Clear_down.png
.png
$_47_/Skin/Default/DownLoadForm_BK.bmp
$_47_/Skin/Default/DownLoadForm_Progress1.bmp
$_47_/Skin/Default/DownLoadForm_Progress2.bmp
$_47_/Skin/Default/Entergame_Down.png
.png
$_47_/Skin/Default/Entergame_Normal.png
.png
$_47_/Skin/Default/Entergame_Over.png
.png
$_47_/Skin/Default/FloatForm_Body.png
.png
$_47_/Skin/Default/FloatForm_Left.png
.png
$_47_/Skin/Default/FormExitMenu_Exit.png
.png
$_47_/Skin/Default/FormExitMenu_ExitOver.png
.png
$_47_/Skin/Default/FormExitMenu_Open.png
.png
$_47_/Skin/Default/FormExitMenu_OpenOver.png
.png
$_47_/Skin/Default/FormExitMenu_Set.png
.png
$_47_/Skin/Default/FormExitMenu_SetOver.png
.png
$_47_/Skin/Default/FormMain_Background.png
.png
$_47_/Skin/Default/FormMain_Close_Down.png
.png
$_47_/Skin/Default/FormMain_Close_Normal.png
.png
$_47_/Skin/Default/FormMain_Close_Over.png
.png
$_47_/Skin/Default/FormMain_Min_Down.png
.png
$_47_/Skin/Default/FormMain_Min_Normal.png
.png
$_47_/Skin/Default/FormMain_Min_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Add_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Add_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Delete.png
.png
$_47_/Skin/Default/FormMulAccount_Delete_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Delete_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Edit.png
.png
$_47_/Skin/Default/FormMulAccount_Edit_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Edit_Over.png
.png
$_47_/Skin/Default/FormMulAccount_EnterGame_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_EnterGame_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Icon.png
.png
$_47_/Skin/Default/FormMulAccount_Line.jpg
.jpg
$_47_/Skin/Default/FormMulAccount_Line.png
.png
$_47_/Skin/Default/FormSetMenu_About.png
.png
$_47_/Skin/Default/FormSetMenu_AboutOver.png
.png
$_47_/Skin/Default/FormSetMenu_Commonproblem.png
.png
$_47_/Skin/Default/FormSetMenu_CommonproblemOver.png
.png
$_47_/Skin/Default/FormSetMenu_FeedBack.png
.png
$_47_/Skin/Default/FormSetMenu_FeedBackOver.png
.png
$_47_/Skin/Default/FormSetMenu_Officical.png
.png
$_47_/Skin/Default/FormSetMenu_OfficicalOver.png
.png
$_47_/Skin/Default/FormSetMenu_Set.png
.png
$_47_/Skin/Default/FormSetMenu_SetOver.png
.png
$_47_/Skin/Default/FormSetMenu_Version.png
.png
$_47_/Skin/Default/FormSetMenu_VersionOver.png
.png
$_47_/Skin/Default/FormUserMenu_Change.png
.png
$_47_/Skin/Default/FormUserMenu_Change_Over.png
.png
$_47_/Skin/Default/FormUserMenu_Safe.png
.png
$_47_/Skin/Default/FormUserMenu_Safe_Over.png
.png
$_47_/Skin/Default/Form_About_Logo.png
.png
$_47_/Skin/Default/Form_AddClock_Down.png
.png
$_47_/Skin/Default/Form_AddClock_Normal.png
.png
$_47_/Skin/Default/Form_AddClock_Over.png
.png
$_47_/Skin/Default/Form_Background.png
.png
$_47_/Skin/Default/Form_Boder.png
.png
$_47_/Skin/Default/Form_Bottom_Round.png
.png
$_47_/Skin/Default/Form_Checked.png
.png
$_47_/Skin/Default/Form_Close_Down.png
.png
$_47_/Skin/Default/Form_Close_Normal.png
.png
$_47_/Skin/Default/Form_Close_Over.png
.png
$_47_/Skin/Default/Form_Cutline.png
.png
$_47_/Skin/Default/Form_Delete.png
.png
$_47_/Skin/Default/Form_Delete_Squarely.png
.png
$_47_/Skin/Default/Form_DropDown_Normal.png
.png
$_47_/Skin/Default/Form_DropDown_Over.png
.png
$_47_/Skin/Default/Form_EditBg.png
.png
$_47_/Skin/Default/Form_Edit_Round.png
.png
$_47_/Skin/Default/Form_Edit_Squarely.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit_down.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock_down.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock_down.png
.png
$_47_/Skin/Default/Form_FullScreen_bg.png
.png
$_47_/Skin/Default/Form_Help_Down.png
.png
$_47_/Skin/Default/Form_Help_Normal.png
.png
$_47_/Skin/Default/Form_Help_Over.png
.png
$_47_/Skin/Default/Form_KMHook_Frame.png
.png
$_47_/Skin/Default/Form_Large_Clock.png
.png
$_47_/Skin/Default/Form_Left.png
.png
$_47_/Skin/Default/Form_Min1_Down.png
.png
$_47_/Skin/Default/Form_Min1_Normal.png
.png
$_47_/Skin/Default/Form_Min1_Over.png
.png
$_47_/Skin/Default/Form_Min_Down.png
.png
$_47_/Skin/Default/Form_Min_Normal.png
.png
$_47_/Skin/Default/Form_Min_Over.png
.png
$_47_/Skin/Default/Form_MulAccount_bg.png
.png
$_47_/Skin/Default/Form_OK_Down.png
.png
$_47_/Skin/Default/Form_OK_Normal.png
.png
$_47_/Skin/Default/Form_OK_Over.png
.png
$_47_/Skin/Default/Form_RemindBg.png
.png
$_47_/Skin/Default/Form_Restore_Hint.png
.png
$_47_/Skin/Default/Form_Right.png
.png
$_47_/Skin/Default/Form_ScanCode.png
.png
$_47_/Skin/Default/Form_Set_Background_Grey.png
.png
$_47_/Skin/Default/Form_Set_Background_White.png
.png
$_47_/Skin/Default/Form_Set_Bg_Down.png
.png
$_47_/Skin/Default/Form_Set_Bg_Normal.png
.png
$_47_/Skin/Default/Form_Set_Bg_Over.png
.png
$_47_/Skin/Default/Form_SideScanCode.png
.png
$_47_/Skin/Default/Form_Small_Clock.png
.png
$_47_/Skin/Default/Form_Stock_code.png
.png
$_47_/Skin/Default/Form_Tips_Icon.png
.png
$_47_/Skin/Default/Form_Title.png
.png
$_47_/Skin/Default/Form_Title1.png
.png
$_47_/Skin/Default/Form_Unchecked.png
.png
$_47_/Skin/Default/Form_Upgrade_Down.png
.png
$_47_/Skin/Default/Form_Upgrade_New.png
.png
$_47_/Skin/Default/Form_Upgrade_ProBack.png
.png
$_47_/Skin/Default/Form_Upgrade_ProPercent.png
.png
$_47_/Skin/Default/Form_Upgrade_Tips.png
.png
$_47_/Skin/Default/Frame_Boder.png
.png
$_47_/Skin/Default/Frame_Titlebg.png
.png
$_47_/Skin/Default/GameNews_Btn_Normal.png
.png
$_47_/Skin/Default/GameNews_Btn_Over.png
.png
$_47_/Skin/Default/KMHelp.jpg
.jpg
$_47_/Skin/Default/Progress_Back.png
.png
$_47_/Skin/Default/Progress_Point.png
.png
$_47_/Skin/Default/Progress_Roll.png
.png
$_47_/Skin/Default/Radio_Checked.png
.png
$_47_/Skin/Default/Radio_Unchecked.png
.png
$_47_/Skin/Default/Radiobtn_Checked.png
.png
$_47_/Skin/Default/Radiobtn_Unchecked.png
.png
$_47_/Skin/Default/Recharge_down.png
.png
$_47_/Skin/Default/Refresh_down.png
.png
$_47_/Skin/Default/ScrollBackground.png
.png
$_47_/Skin/Default/ScrollDown_Normal.png
.png
$_47_/Skin/Default/ScrollDown_Over.png
.png
$_47_/Skin/Default/ScrollDropdown_Normal.png
.png
$_47_/Skin/Default/ScrollDropdown_Over.png
.png
$_47_/Skin/Default/ScrollPercent_Normal.png
.png
$_47_/Skin/Default/ScrollPercent_Over.png
.png
$_47_/Skin/Default/ScrollUp_Normal.png
.png
$_47_/Skin/Default/ScrollUp_Over.png
.png
$_47_/Skin/Default/ThirdLogin11.png
.png
$_47_/Skin/Default/ThirdLogin12.png
.png
$_47_/Skin/Default/ThirdLogin13.png
.png
$_47_/Skin/Default/Tick_Off.png
.png
$_47_/Skin/Default/Tick_On.png
.png
$_47_/Skin/Default/UserMenu_Binding.png
.png
$_47_/Skin/Default/UserMenu_Binding_Over.png
.png
$_47_/Skin/Default/VIP0.png
.png
$_47_/Skin/Default/VIP1.png
.png
$_47_/Skin/Default/VIP2.png
.png
$_47_/Skin/Default/VIP3.png
.png
$_47_/Skin/Default/VIP4.png
.png
$_47_/Skin/Default/VIP5.png
.png
$_47_/Skin/Default/VIP6.png
.png
$_47_/Skin/Default/VIP7.png
.png
$_47_/Skin/Default/VIP8.png
.png
$_47_/Skin/Default/accelerate_b_down.png
.png
$_47_/Skin/Default/accelerate_b_normal.png
.png
$_47_/Skin/Default/accelerate_b_over.png
.png
$_47_/Skin/Default/accelerate_down.png
.png
$_47_/Skin/Default/accelerate_normal.png
.png
$_47_/Skin/Default/accelerate_over.png
.png
$_47_/Skin/Default/autoclear_normal.png
.png
$_47_/Skin/Default/autoclear_over.png
.png
$_47_/Skin/Default/autoclear_sel_normal.png
.png
$_47_/Skin/Default/autoclear_sel_over.png
.png
$_47_/Skin/Default/binding_floating_background.png
.png
$_47_/Skin/Default/btn_Clear_Down.png
.png
$_47_/Skin/Default/btn_Clear_Normal.png
.png
$_47_/Skin/Default/btn_Clear_Over.png
.png
$_47_/Skin/Default/btn_off.png
.png
$_47_/Skin/Default/btn_on.png
.png
$_47_/Skin/Default/bulletin_down.png
.png
$_47_/Skin/Default/bulletin_normal.png
.png
$_47_/Skin/Default/bulletin_over.png
.png
$_47_/Skin/Default/catechisml_down.png
.png
$_47_/Skin/Default/catechisml_normal.png
.png
$_47_/Skin/Default/catechisml_over.png
.png
$_47_/Skin/Default/clear_normal.png
.png
$_47_/Skin/Default/clear_over.png
.png
$_47_/Skin/Default/clock_down.png
.png
$_47_/Skin/Default/clock_normal.png
.png
$_47_/Skin/Default/clock_over.png
.png
$_47_/Skin/Default/dropdown_down.png
.png
$_47_/Skin/Default/dropdown_normal.png
.png
$_47_/Skin/Default/dropdown_over.png
.png
$_47_/Skin/Default/form_bottom.png
.png
$_47_/Skin/Default/form_remind_active.png
.png
$_47_/Skin/Default/form_remind_background.png
.png
$_47_/Skin/Default/form_remind_clock.png
.png
$_47_/Skin/Default/form_remind_close_down.png
.png
$_47_/Skin/Default/form_remind_close_normal.png
.png
$_47_/Skin/Default/form_remind_close_over.png
.png
$_47_/Skin/Default/form_remind_gift.png
.png
$_47_/Skin/Default/form_standalone_border.png
.png
$_47_/Skin/Default/form_standalone_boss.png
.png
$_47_/Skin/Default/form_standalone_button_down.png
.png
$_47_/Skin/Default/form_standalone_button_normal.png
.png
$_47_/Skin/Default/form_standalone_button_over.png
.png
$_47_/Skin/Default/form_standalone_mute.png
.png
$_47_/Skin/Default/form_standalone_recharge.png
.png
$_47_/Skin/Default/form_standalone_refresh.png
.png
$_47_/Skin/Default/form_standalone_standalone.png
.png
$_47_/Skin/Default/form_standalone_topmost.png
.png
$_47_/Skin/Default/form_standalone_topmost_sel.png
.png
$_47_/Skin/Default/form_standalone_voice.png
.png
$_47_/Skin/Default/fullscreen_down.png
.png
$_47_/Skin/Default/fullscreen_normal.png
.png
$_47_/Skin/Default/fullscreen_over.png
.png
$_47_/Skin/Default/fullscreen_sel_down.png
.png
$_47_/Skin/Default/fullscreen_sel_normal.png
.png
$_47_/Skin/Default/fullscreen_sel_over.png
.png
$_47_/Skin/Default/game_bbs_normal.png
.png
$_47_/Skin/Default/game_bbs_over.png
.png
$_47_/Skin/Default/game_boder.png
.png
$_47_/Skin/Default/game_boss_normal.png
.png
$_47_/Skin/Default/game_boss_over.png
.png
$_47_/Skin/Default/game_bottom.png
.png
$_47_/Skin/Default/game_close_down.bmp
$_47_/Skin/Default/game_close_down.png
.png
$_47_/Skin/Default/game_close_normal.png
.png
$_47_/Skin/Default/game_close_over.png
.png
$_47_/Skin/Default/game_left.bmp
$_47_/Skin/Default/game_max_down.png
.png
$_47_/Skin/Default/game_max_normal.png
.png
$_47_/Skin/Default/game_max_over.png
.png
$_47_/Skin/Default/game_message_down.png
.png
$_47_/Skin/Default/game_message_normal.png
.png
$_47_/Skin/Default/game_message_over.png
.png
$_47_/Skin/Default/game_min_down.png
.png
$_47_/Skin/Default/game_min_normal.png
.png
$_47_/Skin/Default/game_min_over.png
.png
$_47_/Skin/Default/game_nor_down.png
.png
$_47_/Skin/Default/game_nor_normal.png
.png
$_47_/Skin/Default/game_nor_over.png
.png
$_47_/Skin/Default/game_official_normal.png
.png
$_47_/Skin/Default/game_official_over.png
.png
$_47_/Skin/Default/game_right.bmp
$_47_/Skin/Default/game_right.png
.png
$_47_/Skin/Default/game_set_down.png
.png
$_47_/Skin/Default/game_set_normal.png
.png
$_47_/Skin/Default/game_set_over.png
.png
$_47_/Skin/Default/game_skin_down.png
.png
$_47_/Skin/Default/game_skin_normal.png
.png
$_47_/Skin/Default/game_skin_over.png
.png
$_47_/Skin/Default/game_top.png
.png
$_47_/Skin/Default/gift_down.png
.png
$_47_/Skin/Default/gift_normal.jpg
.jpg
$_47_/Skin/Default/gift_normal.png
.png
$_47_/Skin/Default/gift_over.jpg
.jpg
$_47_/Skin/Default/gift_over.png
.png
$_47_/Skin/Default/hidden_down.png
.png
$_47_/Skin/Default/hidden_normal.png
.png
$_47_/Skin/Default/hidden_over.png
.png
$_47_/Skin/Default/home_down.png
.png
$_47_/Skin/Default/home_normal.png
.png
$_47_/Skin/Default/home_over.png
.png
$_47_/Skin/Default/icon.png
.png
$_47_/Skin/Default/keyelves_down.png
.png
$_47_/Skin/Default/keyelves_normal.png
.png
$_47_/Skin/Default/keyelves_over.png
.png
$_47_/Skin/Default/keyelves_stop_down.png
.png
$_47_/Skin/Default/keyelves_stop_normal.png
.png
$_47_/Skin/Default/keyelves_stop_over.png
.png
$_47_/Skin/Default/menu_button_normal.png
.png
$_47_/Skin/Default/menu_button_over.png
.png
$_47_/Skin/Default/more_down.png
.png
$_47_/Skin/Default/more_normal.png
.png
$_47_/Skin/Default/more_over.png
.png
$_47_/Skin/Default/more_sel_down.png
.png
$_47_/Skin/Default/more_sel_normal.png
.png
$_47_/Skin/Default/more_sel_over.png
.png
$_47_/Skin/Default/multaccount_down.png
.png
$_47_/Skin/Default/multaccount_normal.png
.png
$_47_/Skin/Default/multaccount_over.png
.png
$_47_/Skin/Default/official_down.png
.png
$_47_/Skin/Default/official_normal.png
.png
$_47_/Skin/Default/official_over.png
.png
$_47_/Skin/Default/progressbar.png
.png
$_47_/Skin/Default/progressbar_bg.png
.png
$_47_/Skin/Default/recharge_normal.png
.png
$_47_/Skin/Default/recharge_over.png
.png
$_47_/Skin/Default/record_down.png
.png
$_47_/Skin/Default/record_normal.png
.png
$_47_/Skin/Default/record_over.png
.png
$_47_/Skin/Default/record_unable.png
.png
$_47_/Skin/Default/refresh_normal.png
.png
$_47_/Skin/Default/refresh_over.png
.png
$_47_/Skin/Default/remind_down.png
.png
$_47_/Skin/Default/remind_normal.png
.png
$_47_/Skin/Default/remind_over.png
.png
$_47_/Skin/Default/replay_down.png
.png
$_47_/Skin/Default/replay_normal.png
.png
$_47_/Skin/Default/replay_over.png
.png
$_47_/Skin/Default/replay_unable.png
.png
$_47_/Skin/Default/right.bmp
$_47_/Skin/Default/search_down.png
.png
$_47_/Skin/Default/search_normal.png
.png
$_47_/Skin/Default/search_over.png
.png
$_47_/Skin/Default/service_down.png
.png
$_47_/Skin/Default/service_normal.png
.png
$_47_/Skin/Default/service_over.png
.png
$_47_/Skin/Default/shadow_frame.png
.png
$_47_/Skin/Default/shop_down.png
.png
$_47_/Skin/Default/shop_normal.png
.png
$_47_/Skin/Default/shop_over.png
.png
$_47_/Skin/Default/shortcut_down.png
.png
$_47_/Skin/Default/shortcut_normal.png
.png
$_47_/Skin/Default/shortcut_over.png
.png
$_47_/Skin/Default/shutdown_down.png
.png
$_47_/Skin/Default/shutdown_down_b.png
.png
$_47_/Skin/Default/shutdown_normal.png
.png
$_47_/Skin/Default/shutdown_normal_b.png
.png
$_47_/Skin/Default/shutdown_over.png
.png
$_47_/Skin/Default/shutdown_over_b.png
.png
$_47_/Skin/Default/signin_down.png
.png
$_47_/Skin/Default/signin_normal.png
.png
$_47_/Skin/Default/signin_over.png
.png
$_47_/Skin/Default/skin_over_frame.png
.png
$_47_/Skin/Default/skin_selected.png
.png
$_47_/Skin/Default/standalone_down.png
.png
$_47_/Skin/Default/standalone_normal.png
.png
$_47_/Skin/Default/standalone_over.png
.png
$_47_/Skin/Default/stop_down.png
.png
$_47_/Skin/Default/stop_normal.png
.png
$_47_/Skin/Default/stop_over.png
.png
$_47_/Skin/Default/stop_record_down.png
.png
$_47_/Skin/Default/stop_record_normal.png
.png
$_47_/Skin/Default/stop_record_over.png
.png
$_47_/Skin/Default/stop_replay_down.png
.png
$_47_/Skin/Default/stop_replay_normal.png
.png
$_47_/Skin/Default/stop_replay_over.png
.png
$_47_/Skin/Default/stop_unable.png
.png
$_47_/Skin/Default/tab_head_close_normal.png
.png
$_47_/Skin/Default/tab_head_close_over.png
.png
$_47_/Skin/Default/tab_head_normal.png
.png
$_47_/Skin/Default/tab_head_over.png
.png
$_47_/Skin/Default/tab_head_sel_normal.png
.png
$_47_/Skin/Default/taccelerate_down.png
.png
$_47_/Skin/Default/taccelerate_normal.png
.png
$_47_/Skin/Default/taccelerate_over.png
.png
$_47_/Skin/Default/tcatechisml_down.png
.png
$_47_/Skin/Default/tcatechisml_normal.png
.png
$_47_/Skin/Default/tcatechisml_over.png
.png
$_47_/Skin/Default/tclock_down.png
.png
$_47_/Skin/Default/tclock_normal.png
.png
$_47_/Skin/Default/tclock_over.png
.png
$_47_/Skin/Default/tingting_floating_background.png
.png
$_47_/Skin/Default/tingtingtop_down.png
.png
$_47_/Skin/Default/tingtingtop_normal.png
.png
$_47_/Skin/Default/tingtingtop_over.png
.png
$_47_/Skin/Default/tips_reddot.png
.png
$_47_/Skin/Default/tips_reddot2.png
.png
$_47_/Skin/Default/tkeyelves_down.png
.png
$_47_/Skin/Default/tkeyelves_normal.png
.png
$_47_/Skin/Default/tkeyelves_over.png
.png
$_47_/Skin/Default/tmultaccount_down.png
.png
$_47_/Skin/Default/tmultaccount_normal.png
.png
$_47_/Skin/Default/tmultaccount_over.png
.png
$_47_/Skin/Default/tool_button_down.png
.png
$_47_/Skin/Default/tool_button_normal.png
.png
$_47_/Skin/Default/tool_button_over.png
.png
$_47_/Skin/Default/tool_menu_normal.png
.png
$_47_/Skin/Default/tool_menu_over.png
.png
$_47_/Skin/Default/toolmanage_down.png
.png
$_47_/Skin/Default/toolmanage_normal.png
.png
$_47_/Skin/Default/toolmanage_over.png
.png
$_47_/Skin/Default/tshutdown_down.png
.png
$_47_/Skin/Default/tshutdown_normal.png
.png
$_47_/Skin/Default/tshutdown_over.png
.png
$_47_/Skin/Default/tvoice_down.png
.png
$_47_/Skin/Default/tvoice_normal.png
.png
$_47_/Skin/Default/tvoice_over.png
.png
$_47_/Skin/Default/voice_down.png
.png
$_47_/Skin/Default/voice_mute_down.png
.png
$_47_/Skin/Default/voice_mute_normal.png
.png
$_47_/Skin/Default/voice_mute_over.png
.png
$_47_/Skin/Default/voice_normal.png
.png
$_47_/Skin/Default/voice_over.png
.png
$_47_/Skin/Default/web_button_down.png
.png
$_47_/config.ini
Accelerator.dll
.dll windows:5 windows x86 arch:x86

3f2ced7d7b9c010c80ec0afab62fe1a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10
Signer

Actual PE Digest

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

LoadStringW
MessageBoxA
CharNextW
UnhookWindowsHookEx
SetWindowsHookExW
SendMessageW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharNextW
CallNextHookEx

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
SignalObjectAndWait
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

winmm

timeGetTime

Exports

Exports

EnterPoint
GetSpeed
HookAccelerate
SetCallHandle
StartHook
StopHook
UnHookAccelerate

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Basicsurvey.exe
.exe windows:5 windows x86 arch:x86

589088a88a5ac3aa3253042ef4ba3508

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:84:33:65:b0:e1:c6:cc:b1:4f:32:fa:a9:93:50:e6:e6:fc:14:03
Signer

Actual PE Digest

16:84:33:65:b0:e1:c6:cc:b1:4f:32:fa:a9:93:50:e6:e6:fc:14:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\37work\pc_code\gamebox\gamebox\04代码\Bin\Basicsurvey.pdb

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
Sleep
GetCurrentProcessId
GetLocalTime
SystemTimeToFileTime
HeapAlloc
GetProcessHeap
HeapFree
GetTempPathW
CreateDirectoryW
WideCharToMultiByte
CreateEventW
SetEvent
CreateFileW
WriteFile
DeleteFileW
TerminateThread
LoadLibraryExW
MultiByteToWideChar
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
FlushInstructionCache
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetCurrentProcess
SetLastError
IsBadWritePtr
GetTickCount
FindResourceExW
LockResource
CloseHandle
TerminateProcess
WaitForSingleObject
OpenProcess
ReleaseMutex
CreateMutexW
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
SizeofResource
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineW
GetLocaleInfoA
GetModuleFileNameW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount

user32

LoadAcceleratorsW
LoadStringW
UnregisterClassA
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
CharNextW
LoadIconW
LoadCursorW
RegisterClassExW
GetWindowLongW
CreateWindowExW
SetTimer
ShowWindow
UpdateWindow
GetWindowThreadProcessId
PostMessageW
BeginPaint
EndPaint
EnumWindows
PostQuitMessage
DefWindowProcW
SendMessageW
PeekMessageW
GetKeyState
IsChild
SetWindowPos
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
SetWindowLongW
DestroyWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent

gdi32

CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteObject
BitBlt
DeleteDC

advapi32

RegDeleteValueW
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi

shlwapi

PathFileExistsW

iphlpapi

IcmpSendEcho
GetNetworkParams
IcmpCreateFile

ws2_32

WSASocketW
ntohl
ntohs
recvfrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
htons
WSAEventSelect
WSACreateEvent
socket
WSACleanup
inet_ntoa
WSAStartup
gethostbyname
inet_addr

winmm

timeGetTime

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MouseHook.dll
.dll windows:5 windows x86 arch:x86

2ec69b2244de641991caee6a5bdb9daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:6b:31:f9:df:c5:b1:9f:09:28:10:94:5e:68:03:46:b8:9b:4e:06
Signer

Actual PE Digest

e2:6b:31:f9:df:c5:b1:9f:09:28:10:94:5e:68:03:46:b8:9b:4e:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\37work\pc_code\gamebox\gamebox\04代码\Bin\MouseHook.pdb

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
TerminateProcess
InterlockedExchange

user32

GetSystemMetrics
SendInput
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetCursorPos
keybd_event
mouse_event

msvcp90

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?close@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?close@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?uncaught_exception@std@@YA_NXZ

msvcr90

??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
_invalid_parameter_noinfo
setlocale
wcstombs
mbstowcs
clock
_itoa_s
atoi
?what@exception@std@@UBEPBDXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
memset

Exports

Exports

Consecutive
KmSimulate
StartHook
StopHook

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Service.ico
Socks.dll
.dll windows:5 windows x86 arch:x86

fdfcb45602dc273638950b32bd46d44e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:e5:20:4a:06:d7:25:51:52:6f:ce:60:29:ba:d0:72:a8:0e:56:f3
Signer

Actual PE Digest

6f:e5:20:4a:06:d7:25:51:52:6f:ce:60:29:ba:d0:72:a8:0e:56:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\37work\pc_code\gamebox\gamebox\04代码\Bin\Socks.pdb

Imports

kernel32

Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetCurrentThread
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateEventW
OutputDebugStringW
LoadLibraryW
SetLastError
GetProcAddress
WideCharToMultiByte
VirtualQuery
GetCurrentProcess
GetModuleHandleW
VirtualFree
SetThreadPriority
FlushInstructionCache
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
SetEvent
InitializeCriticalSection
GetTickCount
GetThreadContext
CreateFileA
GetLocaleInfoW
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
HeapAlloc
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
WriteFile
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WaitForSingleObject

user32

PostMessageW

ws2_32

socket
gethostbyname
inet_ntoa
getsockopt
WSAGetLastError
htons
ntohs
WSASetLastError
__WSAFDIsSet
inet_addr

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

Exports

Exports

ClearProxyException
PingCurrentSocks5Proxy
PingSocks5Proxy
SetConnectToProxyErrorCallback
SetConnectionReportCallback
SetHttpErroReportCallback
SetProxyException
SetProxyStatus
SetSocks5Proxy
TestCurrentProxy

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clock.wav
gamebox.exe
.exe windows:5 windows x86 arch:x86

2ad6d6331df59d04d674f1c62a8c4562

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:b1:57:d3:07:26:fc:a1:9f:53:b9:98:dc:f4:45:91:36:8e:5c:24
Signer

Actual PE Digest

45:b1:57:d3:07:26:fc:a1:9f:53:b9:98:dc:f4:45:91:36:8e:5c:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\37work\pc_code\gamebox\gamebox\04代码\Bin\lander.pdb

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
CreateFileW
WriteFile
TerminateThread
ReadFile
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
MapViewOfFile
CreateFileMappingW
ReleaseMutex
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateMutexW
GetTempPathW
GetACP
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitProcess
VirtualQuery
VirtualProtect
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitThread
lstrlenA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
QueryPerformanceFrequency
QueryPerformanceCounter
GetOEMCP
UnmapViewOfFile
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
CreateDirectoryW
CreateProcessW
lstrcpyA
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileW
GetCommandLineW
CreateThread
GlobalAddAtomW
TerminateProcess
DeleteFileW
CopyFileW
GetLocalTime
Sleep
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
GetModuleFileNameW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GlobalMemoryStatusEx
Process32NextW
SetProcessWorkingSetSize
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
ResumeThread
GetTickCount
WaitForSingleObject
CloseHandle
SetEvent
CreateEventW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage

user32

GetWindowRect
SystemParametersInfoW
IsIconic
UnregisterClassA
GetParent
TranslateMessage
GetMessageW
PeekMessageW
ExitWindowsEx
EqualRect
GetAncestor
SetParent
SetCursor
LoadImageW
DrawTextW
GetAsyncKeyState
IsChild
MessageBoxW
SetFocus
ReleaseCapture
SetCapture
UpdateWindow
ShowWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
DefWindowProcW
SendMessageW
DispatchMessageW
LoadStringW
EnumDisplaySettingsW
PostMessageW
GetKeyState
PtInRect
IsWindow
OffsetRect
UpdateLayeredWindow
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
PostQuitMessage
SetWindowRgn
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
GetDC
GetForegroundWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
KillTimer
SetTimer
CopyRect
InflateRect
SetRect
UnionRect
IsWindowVisible
LoadIconW
SetForegroundWindow
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
GetCursorPos
TrackPopupMenu
RegisterHotKey
UnregisterHotKey
EnableWindow
SetWindowPlacement
GetSystemMetrics
GetWindowPlacement

gdi32

ExtTextOutW
SetBkColor
CreateFontW
CreateSolidBrush
GetStockObject
GetDeviceCaps
RestoreDC
CreateCompatibleBitmap
SetDIBColorTable
GetObjectW
GetPixel
SelectObject
DeleteObject
CreateDIBSection
BitBlt
CreateRoundRectRgn
DeleteDC
SetBkMode
SetTextColor
StretchBlt
CreateCompatibleDC
SaveDC

advapi32

RegOpenKeyExW
CryptReleaseContext
CryptAcquireContextA
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
CryptGenRandom

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoSetProxyBlanket

oleaut32

VariantChangeType
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VarUI4FromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

socks

SetSocks5Proxy
SetHttpErroReportCallback
SetConnectionReportCallback
SetProxyStatus
PingSocks5Proxy
SetConnectToProxyErrorCallback

shlwapi

StrCpyW
StrToIntW
PathFileExistsW
StrCmpW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateBitmapFromScan0

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache
InternetGetConnectedState
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntryW

winmm

waveOutOpen
waveOutSetVolume
waveOutClose
waveOutGetVolume
PlaySoundW

ws2_32

htons
inet_addr
connect
shutdown
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
socket

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lander.ico
tabGame.exe
.exe windows:5 windows x86 arch:x86

067ec56cc02b5e8039116ca67f8de043

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:cf:f6:00:cb:23:50:5a:38:18:00:d9:6e:60:f8:19:f6:cd:ea:a7
Signer

Actual PE Digest

9b:cf:f6:00:cb:23:50:5a:38:18:00:d9:6e:60:f8:19:f6:cd:ea:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\37work\pc_code\gamebox\gamebox\04代码\Bin\tabGame.pdb

Imports

kernel32

FindResourceW
FindResourceExW
OutputDebugStringW
lstrcmpiW
LoadLibraryExW
InterlockedExchange
CreateFileW
WriteFile
Sleep
TerminateThread
GetTickCount
ReadFile
GetVersionExW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
SetFilePointer
LoadResource
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
VirtualProtect
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemTimeAsFileTime
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
LockResource
SizeofResource
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetTempPathW
DeleteFileW
GetCommandLineW
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
lstrcpyA
CloseHandle
SetEvent
CreateEventW
GetCurrentProcessId
WaitForSingleObject
IsBadWritePtr
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
HeapFree
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleMode
GetModuleFileNameW
DeleteCriticalSection
GetUserDefaultLCID

user32

PtInRect
SendMessageW
SetWindowPos
UnregisterClassA
SetWindowLongW
GetWindowLongW
IsWindow
SetFocus
DestroyWindow
SetTimer
PostMessageW
PostQuitMessage
KillTimer
DefWindowProcW
ShowWindow
UpdateWindow
GetKeyState
GetAncestor
GetFocus
SetForegroundWindow
SetParent
GetClientRect
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
EndPaint
BeginPaint
SetWindowTextW
EnableWindow
SetWindowRgn
IsIconic
SystemParametersInfoW
InflateRect
DrawTextW
OffsetRect
SetCursor
GetWindowTextW
LoadIconW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
RegisterWindowMessageW
GetWindowTextLengthW
IsChild

gdi32

CreateFontW
SetBkColor
CreateRoundRectRgn
RestoreDC
SetTextColor
SetBkMode
SaveDC
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoGetClassObject
CoTaskMemFree
CoCreateGuid
OleInitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
VarUI4FromStr
SafeArrayUnaccessData

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipDrawImageI
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight

wininet

InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetGetConnectedState

winmm

waveOutClose
waveOutOpen
waveOutGetVolume
waveOutSetVolume

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-04-2017 00:00

Not After

17-04-2019 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT,O=上海硬通网络科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:13:9b:cd:6b:62:40:2d:28:36:2f:9d:15:3b:76:2e:24:64:47:1e
Signer

Actual PE Digest

c8:13:9b:cd:6b:62:40:2d:28:36:2f:9d:15:3b:76:2e:24:64:47:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinBtn.dll
.dll windows:4 windows x86 arch:x86

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpynA
GetModuleHandleA
GlobalFree

user32

InvalidateRect
GetParent
SetWindowLongA
CallWindowProcA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
RemovePropA
GetWindowLongA
SetPropA

gdi32

GetObjectA
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

Init
Set
onClick

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinProgress.dll
.dll windows:4 windows x86 arch:x86

df38729be926f91d3390389029adf53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

GetWindowRect
BeginPaint
GetWindowDC
CallWindowProcA
ReleaseDC
EndPaint
GetWindowLongA
GetPropA
SetPropA
SetWindowLongA
RemovePropA
LoadImageA
SendMessageA

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
DeleteObject

Exports

Exports

Set

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 797B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WndProc.dll
.dll windows:4 windows x86 arch:x86

b3f659d7637a91b4fec12ff9b930080d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GlobalAlloc

user32

CallWindowProcA
SetWindowLongA
GetPropA
SetPropA
wsprintfA

Exports

Exports

onCallback

Sections

.text
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btn_cancel.bmp
$PLUGINSDIR/btn_close.bmp
$PLUGINSDIR/btn_keepon.bmp
$PLUGINSDIR/btn_ok.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

7cf91a4dff621e722d277a0a1f47b189

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SendMessageA
IsWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
GetDlgItem
PostMessageA
GetWindowTextA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendDlgItemMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/loading1.bmp
$PLUGINSDIR/loading2.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/unbg.bmp
$PLUGINSDIR/uninstall1.bmp
$PLUGINSDIR/uninstall2.bmp
$PLUGINSDIR/uninstall3.bmp

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 293KB - Virtual size: 293KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

3f2ced7d7b9c010c80ec0afab62fe1a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 293KB - Virtual size: 293KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10
Signer

.text
Size: 222KB - Virtual size: 222KB

.itext
Size: 1024B - Virtual size: 748B

.data
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 211B

.reloc
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

16:84:33:65:b0:e1:c6:cc:b1:4f:32:fa:a9:93:50:e6:e6:fc:14:03
Signer

.text
Size: 422KB - Virtual size: 421KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 64KB - Virtual size: 64KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4f:f1:81:0e:4a:94:25:bf:80:e3:b8:bc:ae:ab:42
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

e2:6b:31:f9:df:c5:b1:9f:09:28:10:94:5e:68:03:46:b8:9b:4e:06
Signer