a34bca85a0305e2d5cba18c5c926ce8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a34bca85a0305e2d5cba18c5c926ce8b_JaffaCakes118
Size

10.7MB
MD5

a34bca85a0305e2d5cba18c5c926ce8b
SHA1

28cd276cc433af2ee514399a65876ae308f6c7fa
SHA256

866fcebde4e328bd8a97d8eb6838297963de5f12d12d57c7b3989e7051d287c7
SHA512

89897a519552a811ab1b0b4b7bc9c422b34dc4ab842af81b30fd13528c1b1ab89f4ccf5603e6a2d8a5250a50832ebd037e04bd80c6de00b55bc02ec9f9a8f37e
SSDEEP

196608:skZRZSpEsEcpJiaLxjzmSqZEUPhOWUP6gzD1JV6lHKQ4WEvcVFmdPfG:skDAKcyaZzmGMwD/VkqvWEvc2dPfG

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Game.dat	aspack_v212_v242

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Game.dat
unpack001/Main.dat
unpack001/Net.dat
unpack001/Sysy.dat
unpack001/WS2HELP.dll
unpack001/WeDp.dat
unpack001/龙炎免费版.exe

Files

a34bca85a0305e2d5cba18c5c926ce8b_JaffaCakes118
.rar
Game.dat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 754KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 5KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWVG
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWVG
Size: 133KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWVG
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWVG
Size: 121KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UWVG
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main.dat
.exe windows:5 windows x86 arch:x86

2eacd1c1b2bf83265055aa95f4f0f2e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\我的作品\XK2新版\20111213\FK_Login(XK2)\Release\FK_Login.pdb

Imports

kernel32

DeleteFileA
Sleep
CopyFileA
CreateProcessA
GetModuleFileNameA
Module32First
Module32Next
ReadFile
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
RaiseException
EnterCriticalSection
LoadLibraryExA
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ExitProcess
GetCurrentDirectoryA
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentThreadId
SetLastError
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
FindFirstFileA
FindClose
GetThreadContext
SetThreadContext
VirtualQueryEx
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetSystemDirectoryA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FindResourceA
FreeLibrary
LoadLibraryA
lstrcatA
SuspendThread
ResumeThread
OpenThread
Thread32Next
Thread32First
GetLastError
GetCurrentProcess
VirtualProtect
GetProcAddress
GetModuleHandleA
Process32Next
ReadProcessMemory
OpenProcess
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
lstrlenA
TerminateProcess
lstrcpyA
lstrcmpA
CloseHandle
WriteFile
CreateFileA
LockResource
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadResource
SizeofResource
GetStringTypeA

user32

GetWindowThreadProcessId
ShowWindow
MessageBoxA
FindWindowA
EndDialog
SendDlgItemMessageA
CharNextA
DialogBoxParamA
FindWindowExA
GetDlgItem
GetDlgItemTextA
SetFocus
SendMessageA
SetTimer
ChangeDisplaySettingsA
CreateDialogParamA
IsDlgButtonChecked
SetDlgItemTextA
EnableWindow
IsWindow
KillTimer
CheckDlgButton
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
BeginPaint
EndPaint
IsChild
GetFocus
GetWindow
UnregisterClassA
GetClassNameA
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExA
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcA
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongA
SetWindowLongA
DefWindowProcA
LoadCursorA
RegisterClassExA
SetWindowTextA
LoadIconA
GetClientRect

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
GetStockObject
GetObjectA
GetDeviceCaps
DeleteDC

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA

shell32

DragQueryFileA
DragFinish

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
OleUninitialize
StringFromGUID2
OleLockRunning
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VarUI4FromStr
VariantInit
VariantClear
SysFreeString

shlwapi

StrStrA
StrStrIA

comctl32

ord6
ord17

psapi

GetMappedFileNameA
GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

htons
inet_addr

msvcrt

malloc

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xkxkxkx
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xkxkxkx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Net.dat
.dll windows:4 windows x86 arch:x86

e28126b3cd0bb15ced6dd13568ec146c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PeekMessageA

advapi32

RegCloseKey

oleaut32

SysFreeString

ole32

CoCreateInstance

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo

Exports

Exports

ks_CheckKeyE
ks_GetData
ks_GetMsg
ks_advapi
ks_apidatafree
ks_destr
ks_edit
ks_editK
ks_exit
ks_prepaid
ks_reguser
ks_setExtVal
ks_setKVal
ks_setSoftVal
ks_setUVal
ks_setUpVal
ks_unbind
ks_viewinfo

Sections

CODE
Size: - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sysy.dat
.dll windows:5 windows x86 arch:x86

0b68d6d851b4db15705bc55312cc2135

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
lstrcmpA
lstrcpyA
WritePrivateProfileStringA
GetModuleFileNameA
lstrcatA
CreateMutexA
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForSingleObject
ReleaseMutex
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
ExitThread
Sleep
CreateDirectoryA
FindFirstFileA
lstrlenA
FindNextFileA
FindClose
DeleteFileA
VirtualProtect
IsBadReadPtr
ExitProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleA
GetLocaleInfoA
CloseHandle
GetVersionExA
CreateRemoteThread
GetStringTypeW
GetStringTypeA
LCMapStringW
GetSystemTimeAsFileTime
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
RaiseException
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

KillTimer
SetDlgItemInt
EndDialog
MessageBoxA
CallNextHookEx
GetKeyState
CreateDialogParamA
SetWindowTextA
ShowWindow
SetWindowsHookExA
SetTimer
SendMessageA
GetDlgItemInt
GetDlgItem
EnableWindow
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
DialogBoxParamA
MessageBoxA

comctl32

ord17
ord6

shlwapi

StrStrA
StrStrIA

Exports

Exports

EncrytData
GetGame
GetLoginText
GetLoginThread
GetMirText
_EncrytData@16
_GetGame@12
_GetLoginText@12
_GetLoginThread@20
_GetMirText@12
��/v̴0�р��&w��Y�.{ x c��~��1�s��|��<R��ڜ,[Ғ�Gx�ՙJ��H XE� ��V� k�5(n#��I��7��u�ܪ��S�}��::dr��&,��ܑv�I�K��W�R��[�\��]m�Ҍ�u�@T�:�ū{��@q��,�L�I0�_��,��Di'P�9��ߨ��j�y%#��!��B��0��ȿ��_��N�A��bR�=�Q�ܤ��?={�M�G�x��I[6��`i!W�C��.��O��^'II�{�*W�l3/�4��x�K�O,6V(,�OD�k{\ZP�R� ?|T�y�LK ��C^t��s�Y��i��.}j��Kw�8|�Ͷ��_U��ǽ��<±ȓl�Sf�:O�A��N��928�a��y��-ʵU�x�K��ɣ��j?�3?�c��Ϥg!��Z��Kcϩ��{ ȡ�ջ��?�FW��Ml�`e�6W8� ��-��<��`ڵ B��j�t��rrW��wߓ<C9@��뱱��I-�q�?��u��C�#)�>B��c 4�/�:��A�K�54/�#;�AI�e�[�w>�\�3=ڑq1w��c�y!Fw]�'N/G c��VH��Б\�� <��r��-��R��S�]�+�uE�i��IU��yJٔ�ُ��ݓ��[|�)��Usӳ�N�{+�.��8!��A�0*�D��#�n o~��9I�W�?�V�O{��oJE�<�;�w�!�S�A� �w��(TY<�F�ɕ��]�0��<Z<��)�&+ue��d�W\�{�tsywN|��cg��W'A�ZF}�B�u��'��:��h��o9-��F��M��aĐy��E�D�8``�p Q�zː@u�U!��q�V�p}V�ߛ^r�` ��I.誋q��jOj�C��¶��@U��T��.:�a~�"��H��i~�hZ��v$:�~M��ePnU!�)�:�g'J�"۵�Ke1[x�NvR�q��_��}��-�AE̷�-�q�^�B'� �;�ǘ3fJ�)I� �6f%X��S�m_�~�h�+y�m ��JN-4��FH$9�[��]��#n<s�h፠@>YN5)��D_v��4�>�D��8z؅��;>x�}�e�b'��0=�bD�@��T�oDS ��uף'ڳ�ޓ��M�e\��m�>��`��4��s�y��Q\�P�h�r�uj��H��J��r��#:��8��R�&=�W*��-�u�%��hg��&�绵)��mPI��&��l��g�ԥ"@��׍(��\�6T��a(�b��*2ϔ9�o��}��&��&�U�J��=|��5�tS ��.r. +#�j�"�+��j�9��Bw��c��?��.��E:�.:�r�.̏�ٳp��B�<��ڞ��m�Uҗ�<��MG[eX��R��}`;ӟ$��P솆j� ��e7&u�s�b�èJ�6R5(�B��P��D�\d��~.�R�h�1.a�a��޵��و��x��[J�iޝ��:��J�w�Vݚ_+�A��h��M�%m<h哹}��LR��LX#�p"7�5��Z��5?�~��߫�m��<\�11�nX��1M��mi%�ɴ��L��x�*LM�>?��_⑬�i�V��>D�vg��,�dpŭ盞��>��^ҫ�<8Uj|�*:̜ǩz&��|��l�+9�mj4_�^�rWI�Z�ZI��%�ؔR1"��6wJQpf��H�Aӹ�H��7*I��S̻m��$W�:Jӂ��m/�6&��´�k�\�i�W��4\H��pI��kD)D��V2��j� �)Y��|�^��!�l�r[�.<H��p}U<g��cFY��2*A��w�%�c�<�*�):;�� ] �}��X��^�k��X�A�uS�9��5�>��ٳ.��h`x��;7�c�1gme��Q�Ey�A��t0�6�S��=>KgZ��"��NB��`��3�@$��}�^Zi�y��Gh}�L�{��f�6� ��W'��q�� N%�n(��f�t�^��4\=�{Y��X�F�D_{�#{;��a��D��(H�g��Z8��M�z�_��", �/�RO��G/��/��L�q��F��Wo+ve��"��N!�C�?G�s��5R�Y��5K�� #�>j�6_�-�� (�� 9s�|)Z��j�E�>Ja]�u�R=E�.�7Ѩ9� ��<t\��z`�whC.r�ß+�ox��oĴ�,u#�2�n�@#��F]i)H��}d��>��f��30��L��t ��Lq�\��5J��^��3a�_�G@�7NM��9��j��*u,�{J�&��K��]�D��3{>;]��öq͕B1r�]}vG�(6eld.0uak��.T�z�X��Pҿ��Ԍ�d��d�X;��յ�s�^��Y]��ݼ]�A�E�7��1*��bY%='��y6�mnu��2�z��v��.�Odo�>E N�]c��8�u{ꡳ�y�;�� P��aa��Ԫ��_ǔ��`�1��Q\��݆�USJq "ArZ�f�:�*U9)U� ��Y�C�,/��&,৆ÏsVo�Jk�7�V��M��u�Dn�,��T[Է�AR�v~��+Ƚb�e��1%�:7'3��JZ#�k��Fý��1�8p�,��}��I�o��A�KN��84�H%?�6М|��ZQY��o֞ ��ţ��%z�G"�P��i��<�N&*X23�n�kY P��$ e��w?�rUq��\��je+��U��򠣡`8�,6ܑJM��+��+�u�r��1nJkNg�/Md�]��5��?�g��g��W

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bmw
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ses0
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ses1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ses2
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WS2HELP.dll
.dll windows:4 windows x86 arch:x86

db111001b1244590f5322ec622db6241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiOutUnprepareHeader
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs

ws2_32

WSAAsyncSelect
ioctlsocket
getpeername
closesocket
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
recv
recvfrom
gethostname
accept

kernel32

MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
IsBadCodePtr
SetStdHandle
InterlockedExchange
IsBadWritePtr

user32

IsZoomed
PostQuitMessage
CopyAcceleratorTableA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetDesktopWindow
GetClassInfoA
DefWindowProcA
GetDlgCtrlID
GetDlgItem
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
GetKeyState
GetClassNameA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetWindowTextA
GetSubMenu
GetSysColorBrush
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
UnregisterClassA
LoadStringA

gdi32

GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
ExcludeClipRect
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
SetStretchBltMode
GetClipRgn

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CLSIDFromProgID

oleaut32

UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear

comctl32

ord17
ImageList_Destroy

comdlg32

GetSaveFileNameA
ChooseColorA
GetFileTitleA
GetOpenFileNameA

Exports

Exports

DLL�ӿ�
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification
��ip��ַ

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WeDp.dat
.dll windows:5 windows x86 arch:x86

049b7095cd2f38288c4c91f3c3928754

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
lstrcatA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
OpenProcess
VirtualQuery
HeapSize
ExitProcess
GetModuleHandleA
VirtualAllocEx
CreateRemoteThread
GetExitCodeProcess
TerminateProcess
Sleep
GetCurrentProcess
GetLastError
LoadLibraryA
GetProcAddress
HeapFree
VirtualProtect
HeapAlloc
WriteProcessMemory
HeapCreate
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges

psapi

GetModuleFileNameExA

user32

MessageBoxA

Exports

Exports

DoUnFuck
Find001
Find002
_Find001@20
_Find002@12
��v-�3��(W��3:� G5;��`:`��s�a(�<.u��]OH:��ޡ��-=�b)��*��Y��Ԟ:ĝ��j�@CK�Eh%P�}��*��!ȫ.�Tʉa��;hY�<W��%֍疧�S��J4��f��4�GBxijs6n6��\q�#� v.�[��q�;�E��s#{��q�y�2�^�H��A�Iz�V~"i�{6$�o��s�� 1�ۉ��cF�O:$K�޷tB7 ��?��>|Q�ӖR�Ho��튬�\�̓��K� 86�7��_L�Ş�bс�^,�ӚTU�3�T��7��VUyd��#�/D߀#��ҩc�Q&X7�i�.��q��5��v(��(��^�I��ԢZ��w�;��l�} � �>�&��ߝ�$�*��dO��c2�<mф@̰�7&��i��s*��]�'G1��I�x<��tt��a��0�3Oo��9?w��o^��zD��HK��z�dr�-R�E�%M��k�$�z��dB��z��.ڰv��WmO>�] �y�֬��u��NZAT�a-��:� -��I�<x]�1*��hĝ��Z��|a��d�^3�疔�=��<X}��k_!��1��%��M�G��))�5B��Џ�]�,װ2��~��v$g%;��lE��4��B��N��`�48`�=��a��ikV�ٵ8$F=B�}L�tL*��l�8�GH�Ez&��EY9�-�]�Rg~�h7��v |�a�~�F� ��漟�"�(8W��f tU�?T{� �0��D�p!�Q~�P�d�N�GM�Z�0��{��I��d4��7+�WD��&�r:��o ��{f��/&�6��]�� ̨�Q,��:nuL��OźMX��(5/eW_Wh.��ҭK�^�D�LMtI�~��Ijq!%"d�� 3 ��M��m �pZ�3Ti٧n֋ ��64<)��h ��FMZ:�('��s��q�5@��>3��A�\6y��x�/�Q�9�L�x齟ӏa}�=��A�2*UHLg�|TS��Q'3�h6ݖ%��2P�;ۉ��/��m t�+y8�2�j�:�H�_\��=��K��Y��N� �wv�1�ڗ�OJ��u��-��_`+uB�5W/6��i�� S��<H�<0��>lE��q�g�t6�� l�m�,iI�8��&e=�rf[��ﳯ�X�}�d�z��}ٻ��ğ9Ņ2�.Ctn85 e��͙�)ʹ�Աw ��NV�&�c�lHF2h��j��r+*7��{v/�� $Q/|k G:�`#琥j�"(��CO��ߕ:�bQ��t2by��b~گ�e(��Uy��^{�~�t#E�-��+ï��{9�?gp��9#UM�E��Ǎ��?�j�݄�z}��L��Ux��eE�£�Tuj�~��Ijɂ�¾z�)?�ѳ\�'�z��bH2 s,�� %��h�L,�n��I�-�a� %F��o�{ PLa?��1-�[�`��a��D��7�2y� :q�M�9��e0��?A3�I+b�V�Ҕ��xV��"S�h��<A]�.�Źi1O��}Oe�Z�[�z��k�=�v�z�1~�Jn�gQ��+�1��h�$��w"�� &��2��h WҐ��|��4j�Tv��9aB_�Qb��&G6ץ��Y[}�Ä�ݙz��$t�"��ҽ�́G�1GBd&��Ъ?��kk�t��k�2�'��wr}'63��*�5��ƒ��_��T��P��>7Vο7��'�()T�.��v�!�䟷pC+f9`��ȀT"@��{�$prb��D��槅��nS��1E�ӖҰSl$N�ҁ0��-��I��? >rT��꺎/#:]��-�Z�|�Ï.�婂�r�8��y��h��)�룵�F�Ϊb��)��G�d�-�\ ͖��mj�hv��R��4-��#��6�D�5��8W�՚r��}T�� TUߺƼ/bP#��?=�V7J��o;M^a#�� <��b�MS�E�ˍGOw _�s]��@��,��R�i��F��&?Wq� ]�Ԫ(E�2�0X�c/�M�F��qzUud��x��_e��r"Q�x�8��Í�桐��& aM��Z��z��u��%�V!�/�ۜb��ݛxH�F�U{��\��c��{��b�"�s�z�)� �V��>��E��'@�Z'�I��6�E��D��A��Z��P�c��`�m�J�@�I�FZ��ȤVG��R��G��Vޮ��،��VC��M��{_�8�p��r�:�2�c��'go��;iw�>�6��C�Sr>��xi��~��0]#�3�S4��Y�d6��tA�t})��U9��ڬ]�d�ݲaf��c�=�UDU�=��w�]��ߖ�1 �� P/i��Z�.ޭ�n�;RcX�8�ˍ��b,烖�H�P�A��;�Tw�L�yX�G�e � 0)��^��7Ǯ��9e�ĵ&##��U�ѤחY�f� jA��;z7��J,WS��7��E�+�(��0H2j�/FA��M��+Of�`�_�|�H9�a��L�\��gi ��9]�EV �}Exk~��#V�f�uT��%�dd�b{}Y9�S �PH��v��UB��:+蹄�#��!@�V�d]�5]�*�v��e4 �EU6�L��[��fA��ڵ� ��ݣd�4D��s�ӟ��`"Ȯ�$%��_ >�Di<��~�\�]�7��k�U�5N`��z�ܲ�x�D�Ӳ�9ca��D�5[n2��A��.�: �6��Լ0l a�4�dXFI�Ep�".֐��Z�(�� ʍ�d�ǜ6 �#��

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

textx
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ale0
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ale1
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ale2
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
report.ini
免费版本使用说明.txt
配置文件/SKY引擎/龙炎（战）.ini
配置文件/SKY引擎/龙炎（法）.ini
配置文件/飘荡软件.url
.url
飘荡软件.url
.url
龙炎免费版.exe
.exe windows:4 windows x86 arch:x86

c607046934c43b077cb9c158834cebc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCommandLineA
GetStartupInfoA
HeapSize
GetACP
GetTimeZoneInformation
HeapReAlloc
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapFree
HeapAlloc
GetDriveTypeA
GetVersion
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
MulDiv
TerminateProcess
ExitProcess
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
WritePrivateProfileStringA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GlobalFlags
FreeLibrary
lstrcpynA
SetLastError
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
lstrcatA
GetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
CloseHandle
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcpyA
GlobalFree
LocalFree
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetStdHandle
GetFileType
CreateProcessA
LoadResource
CreateMutexA
GetModuleFileNameA
SizeofResource
LockResource
GetProfileStringA
FindResourceA
EnumResourceNamesA
LoadLibraryExA
WaitForSingleObject

user32

AdjustWindowRectEx
SetFocus
MapWindowPoints
CopyRect
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
ShowWindow
LoadStringA
DestroyMenu
InflateRect
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
SetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
SetRect
GrayStringA
DrawTextA
TabbedTextOutA
FillRect
UpdateWindow
GetDC
ReleaseDC
LoadBitmapA
GetSysColor
GetWindowLongA
InvalidateRect
GetParent
DrawTextExA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
GetTopWindow
GetCapture
WinHelpA
wsprintfA
SetWindowPos
GetMessagePos
GetClassInfoA
GetForegroundWindow
GetMenuCheckMarkDimensions
GetWindowRect
CheckMenuItem
OffsetRect
CharNextA
DefDlgProcA
ShowCaret
UnregisterClassA
HideCaret
ExcludeUpdateRgn
IsWindowUnicode
DrawFocusRect

gdi32

GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
CreateBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateSolidBrush
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetBkMode
SetMapMode
SetViewportOrgEx
CreateFontIndirectA
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
IntersectClipRect
DeleteObject
GetDeviceCaps
PatBlt
CreateDIBitmap
GetTextExtentPointA
SetTextColor
OffsetViewportOrgEx

comdlg32

GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
龙炎辅助官网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 754KB - Virtual size: 2.2MB

DATA Size: 22KB - Virtual size: 48KB

BSS Size: 5KB - Virtual size: 1.2MB

.idata Size: 12KB - Virtual size: 16KB

.UWVG Size: 512B - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.UWVG Size: 133KB - Virtual size: 144KB

.rsrc Size: 124KB - Virtual size: 1.1MB

.UWVG Size: 1.3MB - Virtual size: 1.3MB

.UWVG Size: 121KB - Virtual size: 128KB

.reloc Size: - Virtual size: 4KB

.UWVG Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

2eacd1c1b2bf83265055aa95f4f0f2e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

version

ws2_32

msvcrt

iphlpapi

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.xkxkxkx Size: 1.5MB - Virtual size: 1.5MB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 98KB - Virtual size: 100KB

.xkxkxkx Size: 4KB - Virtual size: 4KB

e28126b3cd0bb15ced6dd13568ec146c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ole32

shell32

iphlpapi

Exports

Exports

Sections

CODE Size: - Virtual size: 153KB

DATA Size: - Virtual size: 4KB

BSS Size: - Virtual size: 19KB

.idata Size: - Virtual size: 3KB

.edata Size: - Virtual size: 431B

.vmp0 Size: - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 7KB

.vmp1 Size: - Virtual size: 664KB

.vmp2 Size: 775KB - Virtual size: 775KB

.reloc Size: 512B - Virtual size: 240B

0b68d6d851b4db15705bc55312cc2135

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

CODE
Size: 754KB - Virtual size: 2.2MB

DATA
Size: 22KB - Virtual size: 48KB

BSS
Size: 5KB - Virtual size: 1.2MB

.idata
Size: 12KB - Virtual size: 16KB

.UWVG
Size: 512B - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.UWVG
Size: 133KB - Virtual size: 144KB

.rsrc
Size: 124KB - Virtual size: 1.1MB

.UWVG
Size: 1.3MB - Virtual size: 1.3MB

.UWVG
Size: 121KB - Virtual size: 128KB

.reloc
Size: - Virtual size: 4KB

.UWVG
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.xkxkxkx
Size: 1.5MB - Virtual size: 1.5MB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 98KB - Virtual size: 100KB

.xkxkxkx
Size: 4KB - Virtual size: 4KB

CODE
Size: - Virtual size: 153KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 19KB

.idata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 431B

.vmp0
Size: - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 7KB

.vmp1
Size: - Virtual size: 664KB

.vmp2
Size: 775KB - Virtual size: 775KB

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 173KB - Virtual size: 172KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 18KB

bmw
Size: 512B - Virtual size: 48B

.rsrc
Size: 14KB - Virtual size: 14KB

.ses0
Size: 19KB - Virtual size: 18KB

.ses1
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 24B

.ses2
Size: 46KB - Virtual size: 46KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 60KB - Virtual size: 182KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 76KB - Virtual size: 74KB

.text
Size: 35KB - Virtual size: 35KB

HookStub
Size: 512B - Virtual size: 152B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 10KB

textx
Size: 512B - Virtual size: 24B

.ale0
Size: 3KB - Virtual size: 3KB

.ale1
Size: 19KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 24B

.ale2
Size: 42KB - Virtual size: 41KB

.reloc
Size: 2KB - Virtual size: 2KB