b25a72a6eb89b0613ee736486f76a1d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b25a72a6eb89b0613ee736486f76a1d2_JaffaCakes118
Size

1.2MB
MD5

b25a72a6eb89b0613ee736486f76a1d2
SHA1

e60ab9b0060859ea6a86c28e8ae902a0226f4134
SHA256

3d93eae1ef8aeb69ceb4797021d839c4e6f251d14abc2bf68d5e0eec68c7549a
SHA512

e464be3b54d02eed260bd094b2af3b04ec111e2e6707e23f2ba09dd46017f9a1593e5f36de5f3b99b3b219753d1ed1560e1ed160acd3e9be4d5079b792e3e828
SSDEEP

24576:ADLirUjp0Q2GVyM4xgr87v65iMBilOWRJPF7p:sLiQjRXx5r8L6kMBiTJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
b25a72a6eb89b0613ee736486f76a1d2_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/CTTBasic.exe
unpack001/CTTService.exe
unpack001/DesktopFixer.exe
unpack001/FProtMod.sys
unpack001/FProtect.exe
unpack001/FileBackup.exe
unpack001/FixedWall.exe
unpack001/InstSvc.exe
unpack001/MemRes.exe
unpack001/PrgFlt.dll
unpack001/ProgFilter.exe
unpack001/RsvAgent.exe
unpack001/SMFDApp.exe
unpack001/SMFDDrv.Sys
unpack001/TrafficLogger.exe
unpack001/UnRegDll.exe
unpack001/UserPassManager.exe
unpack001/WebInterception.new
unpack001/cdproc.dll
unpack001/clsdesk.exe
unpack001/iefence.exe
unpack001/pollock.exe
unpack001/rodexec.dll
unpack001/shrestart.exe
unpack001/trans.exe
unpack001/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

b25a72a6eb89b0613ee736486f76a1d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CTTBasic.exe
.exe windows:4 windows x86 arch:x86

f89ff27f900e3f8db7702ac3d83d583c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetSystemTime
GetTimeZoneInformation
GetFileType
SetStdHandle
CloseHandle
ExitThread
CreateThread
RaiseException
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
ExitProcess
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetProcessVersion
GetFileTime
FileTimeToLocalFileTime
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
FormatMessageA
CreateEventA
SetThreadPriority
SetEvent
lstrcmpA
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
SetLastError
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcpynA
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
GetLocalTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
GetModuleFileNameA
HeapCreate
HeapReAlloc
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
GetLogicalDrives
Thread32First
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleA
LocalAlloc
LocalFree
WideCharToMultiByte
GetPrivateProfileStringA
CopyFileA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetCurrentProcess
GetLastError
HeapAlloc
GetVersionExA
GetFileSize
SetFilePointer
GetProcessHeap
HeapFree
GetSystemDirectoryA
Sleep
GetDriveTypeA
GetWindowsDirectoryA
MulDiv
FindResourceA
LoadResource
LockResource
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
CreateDirectoryA
GlobalAlloc
lstrcpyA
CreateProcessA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
WinExec
FindFirstFileA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetFileAttributesA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
WriteFile
GetEnvironmentStrings

user32

MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
ValidateRect
PostQuitMessage
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
MoveWindow
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
CharUpperA
GetTopWindow
TrackPopupMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
wsprintfA
GetMenuItemCount
GetSubMenu
GetMenuItemID
SetActiveWindow
WinHelpA
GetMenu
GetClassInfoA
DestroyMenu
SetFocus
GetWindow
CharNextA
GetSysColorBrush
IsWindowEnabled
PostMessageA
GetDlgCtrlID
IsIconic
GetFocus
IsChild
AdjustWindowRectEx
RegisterWindowMessageA
SetWindowLongA
ShowWindow
SetWindowPos
GetClassNameA
UpdateWindow
GetDlgItem
GetWindowDC
SetRect
SetCursorPos
GetAsyncKeyState
mouse_event
keybd_event
UnhookWindowsHookEx
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetSystemMetrics
LockWindowUpdate
IsWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
KillTimer
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
RegisterClipboardFormatA
SetTimer
DefWindowProcA
LoadCursorA
RegisterClassA
FindWindowA
PtInRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetDC
ReleaseDC
EnumWindows
GetWindowTextLengthA
GetDesktopWindow
GetWindowTextA
ScreenToClient
LoadIconA
MessageBoxA
IsWindowVisible
GetParent
GetWindowRect
SetCursor
GetWindowLongA
SendMessageA
GetClientRect
CopyRect
FrameRect
InflateRect
FillRect
GetSysColor
OffsetRect
DrawStateA
DrawFocusRect
GetActiveWindow
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
InvalidateRect
GetIconInfo
RedrawWindow
LoadImageA
DestroyIcon
DestroyCursor
EnableWindow
LoadBitmapA
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportOrgEx
LPtoDP
GetBkColor
GetTextColor
DPtoLP
GetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
ScaleViewportExtEx
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
LineTo
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
BitBlt
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
Rectangle
Ellipse
GetPixel
FloodFill
CreateFontIndirectA
GetDIBits
SetDIBits
GetDeviceCaps
CreatePen
GetTextExtentPoint32A
DeleteDC
GetStockObject
SelectObject
DeleteObject
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
ChangeServiceConfigA
LookupAccountNameA
GetAce
RegEnumValueA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
FreeSid
RegGetKeySecurity

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoRegisterMessageFilter

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysFreeString

wininet

InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
DeleteUrlCacheEntry

shlwapi

SHDeleteKeyA
PathCompactPathA

url

InetIsOffline

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CTTBasic.kor
CTTService.exe
.exe windows:4 windows x86 arch:x86

b95fc30dfae729e17003c7cb947f6650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetFileType
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RaiseException
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitProcess
GetCommandLineA
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetEndOfFile
SetFilePointer
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcatA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
GlobalFree
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpyA
EnterCriticalSection
lstrcpynA
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FreeLibrary
TerminateProcess
InterlockedExchange
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
FlushFileBuffers
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
WriteFile
ReadFile
CreateFileA
GetTickCount
Sleep
GetLastError
GetVersion
GetSystemDirectoryA
CopyFileA
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetCurrentProcessId
WinExec
GetModuleHandleA
GetModuleFileNameA
WritePrivateProfileStringA
SetEvent
CreateThread
CreateEventA
WaitForSingleObject
LCMapStringA
CloseHandle

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
LoadIconA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
ShowWindow
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SetCursor
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
DefWindowProcA
wsprintfA
SetWindowPos
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
SetFocus
GetNextDlgTabItem
GetActiveWindow
GetSystemMetrics
DestroyWindow
GetDlgItem
CopyRect
GetClientRect
GetDC
ReleaseDC
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
PostMessageA
PostQuitMessage
RegisterWindowMessageA
GetWindowRect
SendMessageA

gdi32

GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SelectObject
DeleteObject
DeleteDC

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
CreateServiceA
QueryServiceStatusEx
StartServiceA
OpenServiceA
RegCreateKeyExA
RegCloseKey
StartServiceCtrlDispatcherA
RegSetValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ChangeServiceConfigA
OpenSCManagerA

comctl32

ord17

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DesktopFixer.exe
.exe windows:4 windows x86 arch:x86

32e007993337156be530cc14770085b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2781
ord2770
ord924
ord356
ord941
ord5710
ord6877
ord2818
ord858
ord922
ord3181
ord860
ord926
ord4058
ord772
ord6142
ord500
ord4277
ord5860
ord1576
ord3178
ord6883
ord668
ord1168
ord537
ord541
ord6143
ord535
ord801
ord1105
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord800
ord540
ord4673
ord825
ord5861
ord823

msvcrt

_controlfp
_except_handler3
__set_app_type
__CxxFrameHandler
_setmbcp
_mbscmp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strchr
calloc
free

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
Sleep
CloseHandle
GetLastError
GetModuleHandleA
GetStartupInfoA
FindNextChangeNotification
GetCurrentProcess
SetProcessWorkingSetSize
WaitForSingleObject
FindFirstChangeNotificationA
DeleteFileA
CopyFileA
GetFileAttributesA
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
FindFirstFileA
CreateDirectoryA
GetWindowsDirectoryA
OutputDebugStringA
GetVersionExA
LocalFree
LocalAlloc
ExitProcess
LoadLibraryA
GetProcAddress

advapi32

RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FProtBg.bmp
FProtMod.sys
.sys windows:4 windows x86 arch:x86

ce1b937842a80b7e2abedcead10ee9fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

ExAcquireFastMutex
KeGetCurrentIrql
ExReleaseFastMutex

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
InterlockedIncrement
sprintf
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
strncpy
ExAcquireResourceSharedLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
IoQueryVolumeInformation
ZwClose
ObfDereferenceObject
IoAttachDeviceByPointer
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
RtlInitUnicodeString
DbgPrint
ProbeForWrite
_except_handler3
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
IoReleaseCancelSpinLock
wcsncpy
KeClearEvent
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IoCancelIrp
InterlockedExchange
MmMapLockedPages
ExDeleteResourceLite
ExDeleteNPagedLookasideList
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FProtect.exe
.exe windows:4 windows x86 arch:x86

dfc2315d42500c98ff78992e3b68d707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord609
ord686
ord5214
ord296
ord860
ord2621
ord1200
ord2575
ord4396
ord3574
ord1146
ord1168
ord384
ord755
ord470
ord6905
ord2408
ord2862
ord6453
ord6215
ord6885
ord3081
ord6886
ord2642
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord3663
ord926
ord6883
ord772
ord6142
ord4673
ord5860
ord6696
ord2096
ord3499
ord2515
ord355
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4129
ord5683
ord6143
ord6140
ord5861
ord5858
ord1105
ord4277
ord858
ord823
ord541
ord341
ord801
ord654
ord3301
ord3998
ord6907
ord2379
ord535
ord4243
ord693
ord3640
ord4402
ord2582
ord3874
ord4853
ord4224
ord537
ord6199
ord4234
ord2302
ord800
ord825
ord324
ord567
ord540
ord641
ord656
ord3610
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord500
ord2976
ord4425
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4376
ord924
ord5265
ord1576

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
_mbscmp
exit
strchr
sprintf
__p___argv
ftell
fseek
fopen
fclose
fwrite
fread
free
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetVersionExA
lstrcpynA
CreateMutexA
ReleaseMutex
GetDriveTypeA
GetLogicalDrives
CreateFileA
GetLastError
GetCurrentDirectoryA
lstrlenA
FindFirstFileA
SearchPathA
FindClose
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
CopyFileA
LoadLibraryA
GetProcAddress
GetTickCount
DeviceIoControl
Sleep
CloseHandle
TerminateThread
GetVersion
GetFileAttributesA
GetStartupInfoA

user32

IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
FindWindowA
wsprintfA
MessageBoxA
SendMessageA
GetCursorPos
CreatePopupMenu
SetForegroundWindow
AppendMenuA
EnableWindow
IsWindowVisible

advapi32

RegSetValueExA
InitializeAcl
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
GetAce
RegDeleteValueA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetMalloc
DragQueryFileA
DragFinish
Shell_NotifyIconA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ord17

ole32

CoInitialize

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileBackup.exe
.exe windows:4 windows x86 arch:x86

474a3fe98a8d4cbf673948064becf08c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord568
ord500
ord541
ord324
ord4234
ord4287
ord6197
ord4710
ord1105
ord800
ord823
ord535
ord654
ord5863
ord5860
ord6883
ord341
ord5163
ord5683
ord922
ord4277
ord858
ord540
ord5608
ord2065
ord668
ord1980
ord5858
ord3319
ord3310
ord3181
ord4058
ord2781
ord2770
ord924
ord356
ord2818
ord537
ord2379
ord4376
ord5710
ord755
ord470
ord5861
ord6143
ord6142
ord860
ord1576
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord5265
ord2514
ord801
ord819
ord772
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4129
ord4673
ord1168

msvcrt

__set_app_type
free
_setmbcp
_stricmp
strrchr
__CxxFrameHandler
_mbscmp
malloc
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strchr
calloc
_controlfp

kernel32

GetStartupInfoA
LoadLibraryA
GetVersionExA
Sleep
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetLastError
FindNextChangeNotification
WaitForMultipleObjects
SetProcessWorkingSetSize
GetCurrentProcess
FindFirstChangeNotificationA
CopyFileA
DeleteFileA
SetFileAttributesA
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateFileA
ReadFile
WriteFile
CloseHandle
LocalFree
GetProcAddress
LocalAlloc

user32

EnableWindow
wsprintfA

advapi32

RegGetKeySecurity
RegSetKeySecurity
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileCleaner.els
FixedWall.exe
.exe windows:4 windows x86 arch:x86

9ed1239ec86e78c4d19fbe92836533a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3147
ord561
ord825
ord815
ord823
ord617
ord800
ord540
ord4160
ord4204
ord537
ord5214
ord296
ord1576
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3738
ord4673
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_mbscmp
_controlfp
_setmbcp
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_stricmp

kernel32

SetFileAttributesA
GetWindowsDirectoryA
WideCharToMultiByte
GetVersionExA
Sleep
DeleteFileA
SetProcessWorkingSetSize
lstrlenA
GetModuleHandleA
GetStartupInfoA
ReleaseMutex
GetLastError
CreateMutexA
GetCurrentProcess
CopyFileA
MultiByteToWideChar

user32

MessageBoxA
SystemParametersInfoA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IEFence.eng
IEFence.kor
InstSvc.exe
.exe windows:4 windows x86 arch:x86

e985713afc73d0b39cd02dd794d7c8a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6142
ord860
ord500
ord922
ord4277
ord5860
ord1567
ord690
ord1988
ord5207
ord6143
ord268
ord939
ord2393
ord940
ord5856
ord772
ord5861
ord296
ord5214
ord617
ord561
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord1576
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4202
ord2764
ord356
ord541
ord2770
ord2781
ord4058
ord3181
ord6883
ord1980
ord801
ord668
ord5683
ord4129
ord533
ord5194
ord6407
ord1997
ord798
ord2818
ord1168
ord941
ord535
ord823
ord926
ord537
ord924
ord825
ord540
ord858
ord389
ord800

msvcrt

_controlfp
_setmbcp
_stricmp
__CxxFrameHandler
strcpy
strlen
strcat
_mbscmp
sprintf
memset
free
calloc
strchr
atol
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ

kernel32

CreateToolhelp32Snapshot
Process32First
CloseHandle
OpenProcess
WinExec
Sleep
DeleteFileA
MoveFileA
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
RemoveDirectoryA
FindFirstFileA
FindClose
FindNextFileA
SetFileAttributesA
GetFileAttributesA
Process32Next
GetWindowsDirectoryA
WritePrivateProfileStringA
CopyFileA
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
LocalFree
LocalAlloc
GetLastError
TerminateProcess
GetStartupInfoA
WideCharToMultiByte

user32

PeekMessageA
GetMessageA
TranslateMessage
EnumWindows
SendMessageTimeoutA
SendMessageA
FindWindowA
DispatchMessageA

advapi32

FreeSid
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoTaskMemFree

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MemRes.exe
.exe windows:4 windows x86 arch:x86

3d07f9e1674a8007e38cebafbc8d3792

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LocalFree
LocalAlloc
ReleaseMutex
GetLastError
CreateMutexA
LCMapStringA
ReadFile
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringW

user32

MessageBoxA
SendMessageA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PrgFlt.dll
.dll windows:4 windows x86 arch:x86

11814fcb09c5ccabf9ce9f630eae2eef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetCurrentProcessId
CloseHandle
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SetWindowsHookExA
EnumWindows
CallNextHookEx
SendMessageA
SendMessageTimeoutA
UnhookWindowsHookEx

Exports

Exports

StartHook
StopHook

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProgFilter.exe
.exe windows:4 windows x86 arch:x86

a8f9b6c1f64730dcdf72a7946f2069a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord815
ord540
ord800
ord641
ord801
ord2514
ord858
ord4129
ord5683
ord537
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord825
ord5277
ord4627
ord4425
ord3597
ord6143
ord541
ord324
ord4234
ord2818
ord924
ord6199
ord4710
ord6215
ord535
ord4202
ord4277
ord6374
ord6453
ord6883
ord536
ord2379
ord823
ord5861
ord772
ord6142
ord860
ord500
ord5860
ord1576
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2124
ord4673
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
__p___argv
_setmbcp
_stricmp
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strchr
calloc
free
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
GetLastError
LocalAlloc
LocalFree
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
Process32Next
CloseHandle
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA

user32

EnableWindow
KillTimer
IsWindowVisible
FindWindowA
SendMessageA
SetTimer

advapi32

RegQueryValueExA
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegCreateKeyA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegCleaner.els
RsvAgent.exe
.exe windows:4 windows x86 arch:x86

70b01480c4b82eac6e5c6739b56e5207

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_setmbcp
_stricmp
free
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_mbsicmp
_mbscmp
sprintf
calloc
strchr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit

mfc42

ord4465
ord3136
ord3262
ord2985
ord535
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3259
ord1168
ord1576
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord6883
ord5860
ord4277
ord500
ord541
ord6142
ord6143
ord772
ord801
ord2818
ord5861
ord537
ord858
ord860
ord941
ord940
ord540
ord800
ord3081

kernel32

GetModuleHandleA
FreeLibrary
Sleep
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
ReadFile
GetCurrentProcess
HeapAlloc
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
HeapFree
GetProcessHeap
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
GetLastError
GetStartupInfoA

advapi32

InitializeSecurityDescriptor
GetAce
RegQueryValueExA
RegCreateKeyA
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
GetSidSubAuthority
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegGetKeySecurity
RegCloseKey
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
GetUserNameA
LookupAccountNameA
GetSidIdentifierAuthority
GetSidSubAuthorityCount

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SMFDApp.exe
.exe windows:4 windows x86 arch:x86

782f2dd087cb0c55c9aa8b842a699d0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4277
ord5683
ord654
ord341
ord823
ord1200
ord5858
ord5861
ord6140
ord1105
ord798
ord1997
ord926
ord5465
ord860
ord5194
ord533
ord6407
ord6877
ord4202
ord2764
ord772
ord6142
ord500
ord5860
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord3136
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord609
ord5214
ord296
ord6696
ord2575
ord4396
ord3574
ord2065
ord1168
ord2379
ord755
ord470
ord4220
ord2584
ord3654
ord3663
ord6215
ord2438
ord6270
ord1644
ord3876
ord4224
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3597
ord4425
ord5280
ord4407
ord941
ord939
ord6143
ord3874
ord6675
ord3301
ord922
ord6883
ord4853
ord924
ord3998
ord6907
ord6199
ord540
ord2818
ord5710
ord800
ord4129
ord858
ord535
ord537
ord4710
ord6197
ord4234
ord2302
ord801
ord825
ord324
ord567
ord541
ord641
ord656
ord693
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord1146
ord3262
ord1775
ord6052
ord2514
ord4998
ord4376
ord5265
ord3610
ord4698
ord3402
ord1576

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
_mbscmp
atoi
fclose
fprintf
fopen
sprintf
strchr
free
calloc
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
_except_handler3
__set_app_type
__p__fmode

kernel32

lstrcpynA
CreateDirectoryA
GetFileAttributesA
GetModuleHandleA
GetModuleFileNameA
CreateMutexA
ReleaseMutex
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
WriteFile
ReadFile
DeviceIoControl
CreateFileA
GetTickCount
Sleep
GetLastError
GetVersion
GetSystemDirectoryA
SetFileAttributesA
CopyFileA
CloseHandle
DeleteFileA
GetStartupInfoA

user32

IsWindowVisible
GetWindowRect
GetCursorPos
CreatePopupMenu
AppendMenuA
SetForegroundWindow
DrawIcon
LoadIconA
wsprintfA
EnableWindow
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect

advapi32

RegCreateKeyA
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
CloseServiceHandle
CreateServiceA
QueryServiceStatusEx
StartServiceA
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
SetSecurityDescriptorDacl
GetAce

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SMFDDrv.Sys
.sys windows:4 windows x86 arch:x86

562bfa8e993b5ea7324bf03293bd6aef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

ExAcquireFastMutex
KeGetCurrentIrql
ExReleaseFastMutex

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExAllocatePoolWithTag
ZwOpenFile
ZwDeleteFile
sprintf
toupper
ZwQueryVolumeInformationFile
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
strncpy
ExGetPreviousMode
KeGetCurrentThread
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeServiceDescriptorTable
ZwSetInformationFile
IofCompleteRequest
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
RtlAssert
DbgPrint
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoDeleteSymbolicLink
ExInitializeResourceLite
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Toolbars.inf
TrafficLogger.exe
.exe windows:4 windows x86 arch:x86

8379efec1961b4bc767f7a9fa2c68eb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5731
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord654
ord772
ord3337
ord924
ord3811
ord939
ord6140
ord4129
ord5683
ord537
ord341
ord500
ord1576
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2818
ord858
ord5858
ord540
ord860
ord800
ord3830
ord825
ord1168

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argv
_setmbcp
fprintf
fclose
fopen
__CxxFrameHandler
__p__commode

kernel32

GetStartupInfoA
GetCurrentProcess
SetProcessWorkingSetSize
GetModuleHandleA
Sleep

iphlpapi

GetIcmpStatistics
GetTcpStatistics
GetUdpStatistics

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnRegDll.exe
.exe windows:4 windows x86 arch:x86

9d463227e661023572ea41de8d4f9155

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord5731
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord926
ord2818
ord540
ord535
ord537
ord1576
ord2512
ord2554
ord4486
ord6375
ord4274
ord3081
ord4673
ord1168

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argc
__p___argv
__CxxFrameHandler
_setmbcp
_acmdln

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
OutputDebugStringA

ole32

CoInitialize

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPassManager.eng
UserPassManager.exe
.exe windows:4 windows x86 arch:x86

d0489fe2d90212e50c8e30fe6c39bc55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
GetACP
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetFileType
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RaiseException
GetCommandLineA
GetStartupInfoA
ExitProcess
RtlUnwind
SetErrorMode
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
lstrcpynA
MulDiv
SetLastError
WaitForSingleObject
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrlenA
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
WideCharToMultiByte
GetCurrentProcess
FreeLibrary
GetModuleHandleA
TerminateProcess
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
MultiByteToWideChar
GetModuleFileNameA
GetSystemDefaultLangID
GetPrivateProfileStringA
GetLastError
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
LCMapStringA

user32

DrawTextA
GrayStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
PostQuitMessage
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
PostMessageA
UpdateWindow
TabbedTextOutA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
BeginPaint
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SendDlgItemMessageA
EndPaint
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
RegisterWindowMessageA
GetWindowRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
PeekMessageA
GetMessageA
ClientToScreen
GetDC
ReleaseDC
ValidateRect
GetCursorPos
SetCursor
TranslateMessage
DispatchMessageA
EnableWindow
SendMessageA
wsprintfA
UnregisterClassA

gdi32

GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectA
SelectObject
DeleteObject
DeleteDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

InitializeAcl
LogonUserA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegGetKeySecurity
RegSetKeySecurity
GetLengthSid
InitializeSecurityDescriptor
LookupAccountNameA
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA

comctl32

ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPassManager.kor
WebInterception.new
.dll regsvr32 windows:4 windows x86 arch:x86

2c8d43c05c2a1ec9bad3e697a6ed8d6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrlenA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
MultiByteToWideChar
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenW
lstrcmpiA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adfilter.dat
cdproc.dll
.dll windows:4 windows x86 arch:x86

67e2350fe9ed16db63ac087f557e2946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
FindWindowA
FindWindowExA
CallNextHookEx
SendMessageA
PostMessageA

kernel32

VirtualFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

RemoveHook
SetHook

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clsdesk.exe
.exe windows:4 windows x86 arch:x86

8b6bf94260fb6887b494e0bed9a269ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord1089
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3262
ord4673
ord1168

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
__p__commode

kernel32

ReleaseMutex
CreateMutexA
Sleep
GetModuleHandleA
GetStartupInfoA
GetLastError

cdproc

ord2

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iefence.exe
.exe windows:4 windows x86 arch:x86

916d11702df04c65ac6c32a2e809354b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2567
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2514
ord860
ord858
ord4129
ord5683
ord537
ord1134
ord641
ord795
ord693
ord801
ord772
ord3619
ord5265
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord3721
ord1168
ord324
ord2302
ord4234
ord4710
ord755
ord6172
ord5789
ord2566
ord470
ord6215
ord2086
ord6199
ord4376
ord3571
ord2860
ord535
ord4278
ord5710
ord2827
ord6877
ord922
ord924
ord823
ord5861
ord2818
ord2582
ord4402
ord3370
ord3640
ord6883
ord6143
ord541
ord472
ord6907
ord3998
ord3301
ord6675
ord4224
ord926
ord6453
ord3089
ord4476
ord500
ord5860
ord6142
ord5606
ord4277
ord2764
ord4202
ord6696
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord5788
ord4297
ord4133
ord283
ord2122
ord1146
ord289
ord6880
ord1640
ord1641
ord613
ord2859
ord5875
ord540
ord3874
ord800
ord2864
ord5981
ord5053
ord2405
ord2379
ord4284
ord4275
ord5785
ord2414
ord3626
ord3663
ord825
ord567
ord556
ord323
ord609
ord809
ord6888
ord640
ord1776
ord4078
ord6055
ord1200
ord2575
ord1576

msvcrt

_setmbcp
memset
__CxxFrameHandler
strlen
_ftol
_mbsnbcpy
strcpy
atoi
_mbscmp
__p___argv
sprintf
free
calloc
strchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
OutputDebugStringA
WinExec
GetSystemDefaultLangID
GetPrivateProfileStringA
GetModuleFileNameA
GetStartupInfoA

user32

DestroyCursor
DestroyMenu
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
PtInRect
IsIconic
GetSystemMetrics
DrawIcon
DrawTextA
LoadIconA
EnableWindow
FrameRect
LoadImageA
DestroyIcon
CreateIconIndirect
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetWindowLongA
SendMessageA
GetActiveWindow
InvalidateRect
GetParent
SetCursor
GetIconInfo
GetNextDlgTabItem

gdi32

CreateFontIndirectA
CreateFontA
GetObjectA
SetPixel
GetPixel
CreateBitmap
SelectObject
SetBkColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject

advapi32

RegQueryValueExA
RegCreateKeyA
AllocateAndInitializeSid
FreeSid
RegDeleteKeyA
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoInitialize

winmm

PlaySoundA

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pollock.exe
.exe windows:4 windows x86 arch:x86

7ff8689a563d23f666efb52992981033

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord1089
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1105
ord541
ord801
ord341
ord654
ord800
ord5858
ord6883
ord2818
ord540
ord858
ord6140
ord6143
ord535
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3079
ord4673
ord1168

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_mbscmp
_setmbcp
__setusermatherr

kernel32

ReleaseMutex
CreateMutexA
Sleep
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsWindowVisible
SendMessageA
IsWindow
GetParent
GetClassNameA
EnumWindows
MessageBoxA
GetDesktopWindow
GetWindowTextA
GetWindowTextLengthA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rodexec.dll
.dll regsvr32 windows:4 windows x86 arch:x86

120219ccfd1fb5a1013aad505ec7427d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\Project\CTTBasic\rodexec\export\rodexec.pdb

Imports

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
FlushFileBuffers
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
GetACP
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GlobalFree
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
LockResource
GetThreadLocale
SetThreadLocale
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
ExitProcess
IsProcessorFeaturePresent

user32

RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetSysColor
GrayStringA
DrawTextExA
DrawTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
GetWindowTextA
SetWindowTextA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
CharNextA
DestroyWindow
DefWindowProcA
SetWindowLongA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
PeekMessageA
GetCursorPos
GetSysColorBrush
DestroyMenu
IsIconic
ShowWindow
GetClassInfoExA
LoadCursorA
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcA
PtInRect
UnionRect
SetFocus
IsChild
GetFocus
GetParent
IsWindow
InvalidateRect
GetKeyState
RegisterClassExA
CreateWindowExA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
CharUpperA
TabbedTextOutA

gdi32

ScaleWindowExtEx
GetStockObject
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SelectObject
Escape
ExtTextOutA
RectVisible
PtVisible
GetClipBox
SetTextColor
SetBkColor
DeleteObject
CreateBitmap
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
GetClipRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
OleLoadFromStream
CoInitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleRegGetMiscStatus

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shrestart.exe
.exe windows:4 windows x86 arch:x86

db92b0187bb7a3953650526d0ecaf582

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord1089
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord801
ord654
ord800
ord4129
ord341
ord541
ord5858
ord5861
ord6140
ord6143
ord535
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3831
ord4673
ord1168

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
_stricmp
_adjust_fdiv

kernel32

CloseHandle
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetStartupInfoA
TerminateProcess

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smfdopt.ini
smfdset.ini
trans.exe
.exe windows:4 windows x86 arch:x86

a18e3afb68e1af257179f97ddaab9c26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord5199
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1105
ord1576
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord2985
ord4274
ord1168

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
__p__commode

kernel32

ReleaseMutex
CreateMutexA
Sleep
GetCurrentProcess
SetProcessWorkingSetSize
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

SendMessageA
InvalidateRect
FindWindowA
FindWindowExA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 153KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 9KB - Virtual size: 9KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

f89ff27f900e3f8db7702ac3d83d583c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

shlwapi

url

Sections

.text Size: 500KB - Virtual size: 496KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 56KB - Virtual size: 69KB

.rsrc Size: 584KB - Virtual size: 580KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 153KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 500KB - Virtual size: 496KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 56KB - Virtual size: 69KB

.rsrc
Size: 584KB - Virtual size: 580KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 160B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 696B

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 5KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 164KB - Virtual size: 162KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB