Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
101.exe
windows7-x64
81.exe
windows10-1703-x64
81.exe
windows10-2004-x64
81.exe
windows11-21h2-x64
8360setr.exe
windows7-x64
8360setr.exe
windows10-1703-x64
8360setr.exe
windows10-2004-x64
8360setr.exe
windows11-21h2-x64
88989.exe
windows7-x64
108989.exe
windows10-1703-x64
108989.exe
windows10-2004-x64
108989.exe
windows11-21h2-x64
10988.exe
windows7-x64
7988.exe
windows10-1703-x64
3988.exe
windows10-2004-x64
3988.exe
windows11-21h2-x64
3999999.exe
windows7-x64
10999999.exe
windows10-1703-x64
10999999.exe
windows10-2004-x64
10999999.exe
windows11-21h2-x64
10server.exe
windows7-x64
8server.exe
windows10-1703-x64
8server.exe
windows10-2004-x64
8server.exe
windows11-21h2-x64
8·À½Ù³Ö1.0.exe
windows7-x64
8·À½Ù³Ö1.0.exe
windows10-1703-x64
8·À½Ù³Ö1.0.exe
windows10-2004-x64
8·À½Ù³Ö1.0.exe
windows11-21h2-x64
8Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
1.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
1.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
1.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
360setr.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
360setr.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
360setr.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
360setr.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
8989.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
8989.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
8989.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
8989.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
988.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral14
Sample
988.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
988.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
988.exe
Resource
win11-20240611-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
999999.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral18
Sample
999999.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
999999.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
999999.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
server.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral22
Sample
server.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
server.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
server.exe
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
·À½Ù³Ö1.0.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral26
Sample
·À½Ù³Ö1.0.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
·À½Ù³Ö1.0.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
·À½Ù³Ö1.0.exe
Resource
win11-20240508-en
windows11-21h2-x64
General
-
Target
home.selection.tar
-
Size
2.3MB
-
MD5
4013edef16732f7dd167e3104b559680
-
SHA1
f899b374e0516ba6d93f9120ee6362f7cb97a294
-
SHA256
331a562953f7da86fb6fc344a1c27c49051105177f8ff8661058d801d8f12802
-
SHA512
e55592351ef8588cc3f62e706012812d4e11f5db3f52efa045c82966522b0511fa588173396e164aa3ce48519dbb51e95790f3fff443904a2751458ea84cbdb5
-
SSDEEP
49152:2XkIF4qX74X0XrtpUePzKtA+F3l7BPAeYKHdj/PAHD1QCizINk/Sap19Wt3i:F874X0JpUePzV+xl79AeYKHdj/PGDAIC
Malware Config
Signatures
-
RunningRat payload 7 IoCs
resource yara_rule sample family_runningrat static1/unpack001/1.exe family_runningrat static1/unpack001/360setr.exe family_runningrat static1/unpack001/8989.exe family_runningrat static1/unpack001/999999.exe family_runningrat static1/unpack001/server.exe family_runningrat static1/unpack001/·À½Ù³Ö1.0.exe family_runningrat -
Runningrat family
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/1.exe unpack001/360setr.exe unpack001/8989.exe unpack001/988.exe unpack001/999999.exe unpack001/server.exe unpack001/·À½Ù³Ö1.0.exe
Files
-
home.selection.tar.tar
-
1.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
360setr.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
8989.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
988.exe.exe windows:5 windows x86 arch:x86
870083b6f2d5773ca76f6328d1e7e1a9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetConsoleMode
CompareStringW
LCMapStringW
CreateFileW
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsValidCodePage
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetDateFormatA
GetTimeFormatA
HeapReAlloc
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
FreeLibrary
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetTempPathA
GetTempFileNameA
GetConsoleCP
GetNumberFormatA
GetWindowsDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
DeleteFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
FindResourceExW
GetACP
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
lstrcpyA
lstrcpyW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetStringTypeW
SetErrorMode
GetPrivateProfileIntA
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
GetModuleHandleW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
lstrcmpA
GlobalReAlloc
FreeResource
FindResourceA
ActivateActCtx
DeactivateActCtx
GetModuleHandleA
FileTimeToSystemTime
GetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
WritePrivateProfileStringA
GetPrivateProfileStringA
HeapAlloc
GetThreadLocale
lstrlenA
GetProcessHeap
HeapFree
IsBadReadPtr
SetLastError
VirtualFree
VirtualProtect
VirtualAlloc
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
WriteConsoleW
user32
DefFrameProcA
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawStateA
LoadMenuW
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
LoadImageA
CopyImage
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
IntersectRect
CharUpperA
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
DefMDIChildProcA
InvalidateRect
DeleteMenu
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
DestroyCursor
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetWindowRgn
SetTimer
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetPropA
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
GetPropA
RemovePropA
GetAsyncKeyState
GetWindowRect
PostMessageA
GetFocus
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
IsWindow
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongA
SetFocus
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetParent
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
EnableWindow
UnregisterClassA
gdi32
StretchBlt
SetPixel
Rectangle
OffsetRgn
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
Polygon
GetTextFaceA
CreateDIBitmap
EnumFontFamiliesExA
GetTextMetricsA
SetDIBColorTable
PatBlt
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
CreateCompatibleBitmap
GetMapMode
CombineRgn
SetRectRgn
GetTextCharsetInfo
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateSolidBrush
CreateFontIndirectA
GetObjectA
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
EnumFontFamiliesA
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
advapi32
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA
shell32
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
ShellExecuteA
SHGetSpecialFolderLocation
comctl32
ImageList_GetIconSize
shlwapi
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW
ole32
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
oleaut32
VariantTimeToSystemTime
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime
oledlg
ord8
odbc32
ord15
ord51
ord50
ord45
ord44
ord72
ord4
ord17
ord41
ord10
ord61
ord3
ord16
ord2
ord1
ord5
ord9
ord14
ord20
ord8
ord48
ord49
ord11
ord19
ord12
ord46
ord18
ord13
ord59
ord43
ord68
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
gdiplus
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
winmm
PlaySoundA
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 286KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 305KB - Virtual size: 334KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 77KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
999999.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
server.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
·À½Ù³Ö1.0.exe.exe windows:4 windows x86 arch:x86
24ffff844f7eed74e1f1064cc9840ba9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir
kernel32
CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile
user32
SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon
Sections
.text Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ