b744f1a8f5125055913b68c14237cf97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b744f1a8f5125055913b68c14237cf97_JaffaCakes118
Size

7.4MB
MD5

b744f1a8f5125055913b68c14237cf97
SHA1

5d41b7feba0a2d9f32cc01457d702fb71541f25d
SHA256

b5f5ebbe41f996e232aad626b7a75c06fa1e6db61178406a4e7dfe02d335abcb
SHA512

842f6d0c67169112a1a2ff29b2608a589a7cd8ff2751ed56f306753a4ae6407992521f7e1162e416c61ff1da600184b54ca9e0f6c4b390d2ade98ed4f8119838
SSDEEP

196608:F31DxfECgR3RpPKRHgk7QUgVmekAulpA31+:FFOvR3LPJg7eHufAF+

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/MyNsisExtend.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/$TEMP/$_9_/MyNsisSkin.dll
unpack001/VisualBoyAdvance.exe
unpack001/³¬ÈËÌØ¹¤¶Ó.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

b744f1a8f5125055913b68c14237cf97_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MyNsisExtend.dll
.dll windows:4 windows x86 arch:x86

0b0f6f2578ce650dcdda31f442fb709d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\svn\GameMgr_trunk\build_temp\Win32\compile\release_staticA2\tool\GMNsisExtend\MyNsisExtend.pdb

Imports

shlwapi

PathSkipRootA
PathCombineA
StrStrIA

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetConnectA
InternetSetFilePointer
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetCloseHandle

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleFileNameExA

kernel32

GetCommandLineA
MoveFileA
DeleteFileA
FindNextFileA
FindFirstFileA
SetEvent
Sleep
ResetEvent
CreateEventA
ReadFile
GetFileSize
CreateFileA
SetEndOfFile
WriteFile
SetFilePointer
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA
CloseHandle
GetPrivateProfileIntA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrcmpiA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
DisableThreadLibraryCalls
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExA
lstrcmpA
CreateFileW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
ResumeThread
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
Module32First
Process32Next
Process32First
Module32Next
CreateToolhelp32Snapshot
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
CopyFileA
GetProcessHeap
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetVersion
DeviceIoControl
GetFullPathNameA
SearchPathA
GetFileInformationByHandle
GetTempFileNameA
GetTempPathA
GetFileSizeEx
SetCurrentDirectoryA
SetFileTime
GetWindowsDirectoryA
GetCurrentDirectoryA
GetLongPathNameA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
GetSystemInfo
lstrcatA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetFileTime
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetTimeZoneInformation
HeapAlloc
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetDateFormatA
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
SetConsoleCtrlHandler
GetLocaleInfoW
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
ExitThread
CreateThread
GetCPInfo
FindClose
InterlockedCompareExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
RaiseException
InterlockedIncrement

user32

GetClassNameA
wsprintfA
SendMessageA
CreateWindowExA
ShowWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
IsWindowVisible
AttachThreadInput
SetWindowTextA
MapWindowPoints
GetForegroundWindow
IsIconic
SetWindowPos
GetWindow
IsChild
GetWindowTextA
IsZoomed
GetClientRect
GetWindowTextLengthA
GetSystemMetrics
GetActiveWindow
GetDlgItem
GetParent
LoadStringW
EnumThreadWindows
SetForegroundWindow
SendMessageTimeoutA
GetWindowThreadProcessId
KillTimer
SetTimer
GetDC
DrawTextA
ReleaseDC

gdi32

SelectObject
CreateFontA

advapi32

AllocateAndInitializeSid
CheckTokenMembership
RegQueryValueExA
RegLoadKeyA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegSaveKeyA
RegDeleteValueA
RegRestoreKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
FreeSid

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

AddExistAdvertID
AddInsAdvertID
AddStatExtendParams
AddToFirewall
AllHomePageChecksOut
ChangeInstDirtoMax
Check360Install
CheckHomeState
CheckInstallLimit
CheckInstalled
CheckKuaibaInstalled
ConvertSoftInstallTime
CreateShortcut
CreateTimer
DestroyTimer
Exec
ExecWait
ForceDeleteFile
Get360InstallState
Get7zOriginalSize
GetAdvertFileName
GetAdvertID
GetAdvertIDEx
GetAdvertIcon
GetAdvertLocalFile
GetAdvertName
GetAdvertUrl
GetBaiduHomePageURL
GetChoiceResult
GetChromeHomePageURL
GetExeFileNameFromUrl
GetForceAdvertFileName
GetForceAdvertID
GetForceAdvertIDEx
GetForceAdvertLocalFile
GetForceAdvertName
GetForceAdvertUrl
GetHomePageName
GetHomePageName2
GetIEHomePageURL
GetSingleFileSize
GetSougouHomePageURL
GetSpecialBuild
GetSubChannel
HideAllAdvert
HomePageChecksOut
Init
InitAdvert
InitPopUpInfo
InstallAdvert
InstallAllAdvert
IsAdvertExist
IsAdvertInstalled
IsAutoRun
IsCurrHomePageURL
IsHomePageForced
IsLastDownloadSuccessed
LoadEncrypedXML
LoadEncrypedXMLFromUrl
LoadEncrypedXMLFromUrlEx
LoadXMLBufferFromUrl
LoadXMLFromUrl
LoadXml
OpenUrl
PinToTaskbar
PopUp
PopupAD
SendExitInstallStat
SendResearchResult
SetAllHomePage
SetChoice
SetHomePage
SetHomePageUrl
SetUnGameList
ShowAdvert
TaskKillByHwnd
TaskKillByWindow
UnPinFromTaskBar
UpdateAllAdvertChoice

Sections

.text
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

38e7b5c3ee58b43a91f9679e94aabd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
GetPropA
CharPrevA
MapWindowPoints
DrawFocusRect
GetWindowLongA
GetClientRect
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
LoadCursorA
RemovePropA
DrawTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_9_/GMSkin_Image_2012_v1.zip
.zip
skin.xml
skin/Thumbs.db
skin/icon1.png
.png
skin/��װ.png
.png
skin/��װ01.png
.png
skin/��װ02.png
.png
skin/��װ03.png
.png
skin/��װ04.png
.png
skin/��װ05.png
.png
skin/��װ��.png
.png
skin/��װ��ɰ�ť.png
.png
skin/��װЭ��.png
.png
skin/��ť.png
.png
skin/��Ŀ¼.png
.png
skin/�ײ��.png
.png
skin/��ѡ.png
.png
skin/��ѡ2.png
.png
skin/��.png
.png
skin/�ر�.png
.png
skin/��ر�.png
.png
skin/��ӭ.png
.png
skin/��.png
.png
skin/��.png
.png
skin/��ʼ��װ.png
.png
skin/��ж��.png
.png
skin/Ĭ�ϱ��.png
.png
skin/ȡ��.png
.png
skin/��.png
.png
skin/ͼƬ��.png
.png
skin/�˳�.png
.png
skin/��.png
.png
skin/Э�鱳��.png
.png
skin/ж�ر��.png
.png
skin/ж��.png
.png
skin/ж��ɰ�ť.png
.png
skin/ѡ��.png
.png
skin/��Ϸ��.png
.png
skin/��С��.png
.png
skin/��С��2.png
.png
skin/��.png
.png
$TEMP/$_9_/MyNsisSkin.dll
.dll windows:4 windows x86 arch:x86

8b2c18b411d31cbef33f61e5be07509a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.2\install\build\MSVC.2005\Tool\GMSkin\release_static2\MyNsisSkin.pdb

Imports

msimg32

TransparentBlt
AlphaBlend

kernel32

DosDateTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
SetEndOfFile
GetLastError
GetFileTime
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
SystemTimeToFileTime
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
WideCharToMultiByte
lstrcpyW
GetCurrentThreadId
MulDiv
lstrcatW
CreateFileW
GetFileSize
CreateFileA
ReadFile
CloseHandle
MultiByteToWideChar
lstrcmpiW
DisableThreadLibraryCalls
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess

user32

ScreenToClient
ClientToScreen
UpdateWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
CharNextW
InvalidateRect
EnumChildWindows
SetCapture
ReleaseCapture
ShowWindow
SetWindowRgn
OffsetRect
wsprintfW
GetSystemMetrics
SetWindowPos
GetSystemMenu
GetMenuItemInfoW
PostMessageW
PtInRect
SetTimer
GetClassNameW
GetParent
MapWindowPoints
SetPropW
CallWindowProcW
GetPropW
DefWindowProcW
GetClientRect
GetWindowRect
IsWindow
GetWindowLongW
LoadCursorW
SetCursor
TrackMouseEvent
BeginPaint
EndPaint
IsWindowEnabled
GetWindowTextW
SendMessageW
DrawTextW
SetWindowLongW
GetCursorPos
KillTimer

gdi32

CreatePen
SetStretchBltMode
StretchBlt
CreateFontIndirectW
CreateDIBSection
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
RoundRect
GetStockObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetBkMode
SetTextColor
BitBlt
DeleteObject

oleaut32

SysFreeString

Exports

Exports

AddShowImage
AddShowImageFromFile
AddShowText
ClearAllShow
DelShowImage
DelShowText
InitSkin
SetBkImage
SetBtnImage
SetCloseBtnImage
SetEditBkColor
SetProgressBKImage
SetProgressImage
SetProgressTextWindow
SetTextClr
SetWindowID
SlideOff
SlideOn

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_9_/game.jpg
.jpg
1983.gba
Copying
ExeConfig.ini
GBA.BIOS
NEWS
README-win.txt
VisualBoyAdvance.exe
.exe windows:4 windows x86 arch:x86

4403c97882d548c9df81192d6a88bd88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
setsockopt
htonl
bind
ntohs
listen
inet_ntoa
accept
inet_addr
htons
recv
WSAAsyncSelect
socket
WSAStartup
closesocket
ioctlsocket
send

winmm

timeGetTime

avifil32

AVIStreamWrite
AVISaveOptions
AVIMakeCompressedStream
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileOpenA
AVIFileRelease
AVIFileExit
AVIFileInit
AVIStreamRelease

opengl32

glEnd
glVertex3i
glTexCoord2f
wglCreateContext
glPushAttrib
glDisable
glPixelStorei
glTexParameteri
glTexImage2D
glBindTexture
glGenTextures
glEnable
glViewport
glMatrixMode
glLoadIdentity
glOrtho
glDeleteTextures
wglDeleteContext
wglMakeCurrent
glTexSubImage2D
glBegin

msvcrt

_mbsnbcpy
_CxxThrowException
_controlfp
__p__fmode
??1type_info@@UAE@XZ
__set_app_type
__setusermatherr
__p__commode
_adjust_fdiv
_acmdln
_initterm
__getmainargs
?terminate@@YAXXZ
_XcptFilter
_exit
getenv
_onexit
__dllonexit
div
isprint
__CxxLongjmpUnwind
ceil
rewind
_fdopen
gmtime
floor
longjmp
_finite
_CIacos
_except_handler3
strncmp
fputs
isspace
strtok
getc
fflush
tolower
_fullpath
_snprintf
atoi
fputc
_purecall
wcscpy
wcschr
wcscat
wcscmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
fgetc
_setjmp3
time
localtime
strchr
_read
_write
vsprintf
_errno
strrchr
_stricmp
ftell
realloc
malloc
exit
_iob
fprintf
calloc
printf
free
fwrite
_setmbcp
strtod
sprintf
fopen
fseek
fread
fclose
strncpy
sscanf
_CIpow
_CIsqrt
_ftol

mfc42

ord1920
ord3790
ord2820
ord609
ord6675
ord1175
ord1229
ord4160
ord1644
ord1134
ord2455
ord6117
ord1146
ord2621
ord2438
ord561
ord1233
ord3654
ord2584
ord815
ord3738
ord4622
ord4220
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord2302
ord2370
ord4234
ord6199
ord6241
ord3092
ord4710
ord4853
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord6055
ord1776
ord5290
ord3402
ord4424
ord3721
ord795
ord692
ord567
ord858
ord2645
ord2841
ord2107
ord3663
ord2448
ord3903
ord3701
ord1168
ord772
ord6142
ord5860
ord500
ord939
ord941
ord4129
ord2763
ord537
ord654
ord1619
ord3981
ord5858
ord6140
ord341
ord2044
ord5450
ord5440
ord6383
ord5834
ord6394
ord2301
ord1768
ord2818
ord6334
ord3610
ord656
ord3874
ord535
ord2358
ord2860
ord6128
ord5148
ord2289
ord2915
ord924
ord5572
ord2582
ord4402
ord3370
ord3640
ord693
ord2642
ord3996
ord6907
ord2575
ord4396
ord3574
ord4960
ord4963
ord859
ord6888
ord922
ord5710
ord4204
ord2614
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6197
ord2513
ord293
ord6131
ord6216
ord1783
ord940
ord3742
ord640
ord2405
ord2859
ord1640
ord323
ord2527
ord482
ord755
ord470
ord3716
ord790
ord6111
ord4275
ord5981
ord2864
ord6453
ord2379
ord3873
ord3876
ord6215
ord2086
ord3361
ord6195
ord3870
ord2362
ord1151
ord1193
ord1576
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord5289
ord5714
ord4108
ord3748
ord1725
ord5260
ord4432
ord784
ord517
ord4262
ord4723
ord3571
ord3626
ord2414
ord2747
ord5785
ord1641
ord5037
ord3754
ord1232
ord3797
ord818
ord3573
ord3619
ord2754
ord3693
ord4133
ord4297
ord5788
ord2827
ord1200
ord2558
ord2152
ord5875
ord5683
ord2546
ord2863
ord3815
ord1176
ord291
ord6876
ord4224
ord2512
ord2554
ord6172
ord5789
ord3752
ord4299
ord926
ord2784
ord4274
ord6375
ord4486
ord4079
ord5307
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725

kernel32

SetThreadPriority
GetStartupInfoA
GlobalSize
IsProcessorFeaturePresent
SizeofResource
GetModuleHandleA
WideCharToMultiByte
FindResourceExA
LoadResource
LockResource
GetSystemDefaultLangID
LocalFree
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
WaitForSingleObject
CreateEventA
CloseHandle
GetPrivateProfileIntA
GetTickCount
LoadLibraryA
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
IsBadStringPtrA
IsBadReadPtr
WritePrivateProfileStructA
lstrlenA
lstrcpyA
GetPrivateProfileStructA
GetLastError
FormatMessageA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetVersionExA
LocalAlloc

user32

LoadCursorA
DefWindowProcA
GetSysColorBrush
FillRect
DrawFrameControl
DrawFocusRect
InflateRect
DrawEdge
ReleaseCapture
GetSysColor
SetCapture
PostMessageA
SetClipboardData
SetCursor
EmptyClipboard
OpenClipboard
AdjustWindowRectEx
DrawMenuBar
GetFocus
GetMenuItemID
GetSubMenu
CloseClipboard
TrackPopupMenu
AppendMenuW
AppendMenuA
CreatePopupMenu
TranslateAcceleratorA
RemoveMenu
IsIconic
DestroyMenu
SetMenu
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
GetKeyState
MessageBeep
wsprintfA
SetPropA
SetWindowRgn
EnableWindow
RemovePropA
CallWindowProcA
EndPaint
BeginPaint
BeginDeferWindowPos
PtInRect
GetCapture
LoadAcceleratorsA
LoadIconA
PeekMessageA
UpdateWindow
LoadMenuA
LoadMenuIndirectA
DrawTextA
DrawTextW
GetIconInfo
EndDeferWindowPos
IsWindow
UnionRect
GetActiveWindow
GetLastActivePopup
MessageBoxA
SetForegroundWindow
GetWindowLongA
SetTimer
KillTimer
GetNextDlgTabItem
GetWindowRect
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
ShowScrollBar
EnableScrollBar
GetSystemMetrics
SetWindowLongA
GetParent
GetDlgItem
GetWindowTextA
SetWindowTextA
GetClientRect
GetMenuItemCount
GetMenuItemInfoA
ModifyMenuA
GetMenuItemInfoW
ModifyMenuW
CopyAcceleratorTableA
CreateAcceleratorTableA
DestroyAcceleratorTable
GetMenu
SendMessageA
GetDesktopWindow
MapWindowPoints
DeferWindowPos
GetPropA
ClientToScreen
RedrawWindow
MoveWindow

gdi32

CreateBitmap
StretchBlt
SetStretchBltMode
ExtSelectClipRgn
RectVisible
RealizePalette
CreateDIBitmap
GetClipBox
CreateRectRgnIndirect
StartPage
CreateDIBSection
SetBkColor
PtInRegion
SelectClipRgn
ExtCreateRegion
SelectObject
DeleteDC
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetTextExtentPoint32A
GetDIBits
SetTextColor
SetBkMode
TextOutA
CreateFontA
CreatePen
GetObjectA
CreateFontIndirectA
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBitsToDevice
BitBlt
StartDocA
GetDeviceCaps
StretchDIBits
EndPage
EndDoc
GetStockObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
DragFinish
DragQueryFileA
SHBrowseForFolderA

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PBDK@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4tagCxTextInfo@@QAEAAU0@ABU0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetBits@CxImage@@QBEPAEXZ
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Decode@CxImage@@QAE_NPAEKK@Z
?Decode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Decode@CxImage@@QAE_NPAVCxFile@@K@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Destroy@CxImage@@QAE_NXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Flip@CxImage@@QAE_NXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QBEKXZ
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?GrayScale@CxImage@@QAE_NXZ
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?Load@CxImage@@QAE_NPBDK@Z
?LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Mirror@CxImage@@QAE_NXZ
?Negative@CxImage@@QAE_NXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBQUADtoRGB@CxImage@@QAEKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAEXK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
game.ico
mygames.run.dat
uninst.exe.nsis
vba.ini
³¬ÈËÌØ¹¤¶Ó.exe
.exe windows:4 windows x86 arch:x86

677985dd414b6f56ecd6b5b040c4588e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\APPS\GMStartGame\bin\win32\release\startgame.pdb

Imports

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetSetOptionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
GetCurrentThreadId
ResumeThread
ResetEvent
CreateEventW
SetEvent
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFullPathNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
MoveFileExW
SetCurrentDirectoryW
GetVersionExW
GetSystemInfo
InterlockedDecrement
GetCurrentProcess
TerminateProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteProcessMemory
VirtualQueryEx
ReadProcessMemory
SetLastError
lstrcmpW
VirtualAllocEx
GetEnvironmentVariableW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
MulDiv
InterlockedIncrement
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
GetModuleHandleA
RaiseException
HeapReAlloc
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
GetModuleFileNameW
Sleep
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetModuleFileNameA
GetTempFileNameW
GetTempPathW
GetLocalTime
GetCommandLineW
GetLastError
OpenMutexW
GetExitCodeProcess
ReleaseMutex
CreateMutexW
OpenProcess
GetPrivateProfileIntW
WriteFile
GetPrivateProfileStringW
WritePrivateProfileStringW
DeleteFileW
GetFileSize
SetEndOfFile
lstrlenW
lstrlenA
SetFilePointer
CreateFileW
ReadFile
CreateProcessW
GetTickCount
CloseHandle
WaitForSingleObject
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
LoadLibraryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualProtectEx

user32

GetMonitorInfoW
ShowCaret
SetCapture
BeginPaint
CreateCaret
GetKeyState
GetUpdateRect
GetFocus
ReleaseCapture
EndPaint
SetCaretPos
DestroyWindow
RegisterClassExW
GetMessageW
LoadImageW
IsWindow
CreateWindowExW
RegisterClassW
SendMessageW
SetFocus
EnableWindow
GetClassInfoExW
DestroyIcon
CharNextA
GetDC
ReleaseDC
MoveWindow
RedrawWindow
PtInRect
IntersectRect
IsRectEmpty
SetCursor
CharNextW
LoadCursorW
MonitorFromWindow
ScreenToClient
HideCaret
SetWindowRgn
UpdateLayeredWindow
TranslateAcceleratorW
LoadStringW
GetActiveWindow
GetParent
AttachThreadInput
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
IsIconic
IsChild
IsZoomed
SetForegroundWindow
SetWindowTextW
ShowWindow
GetForegroundWindow
PostQuitMessage
SetWindowsHookExW
InvalidateRect
LoadBitmapW
OffsetRect
FillRect
CharPrevW
CopyImage
ChildWindowFromPointEx
ClientToScreen
GetSysColor
GetCursorPos
IsWindowEnabled
FindWindowW
MessageBoxW
GetSystemMetrics
GetWindowThreadProcessId
IsWindowVisible
CallNextHookEx
EnumThreadWindows
GetClientRect
SystemParametersInfoW
GetDesktopWindow
wsprintfA
wsprintfW
PeekMessageW
PostMessageW
KillTimer
TranslateMessage
SetWindowPos
DispatchMessageW
SetTimer
SetWindowLongW
GetClassNameW
CallWindowProcW
DefWindowProcW
GetWindow
SetPropW
GetWindowLongW
GetPropW
GetAsyncKeyState
InvalidateRgn
CreateAcceleratorTableW
DestroyAcceleratorTable
DrawTextW
DrawIconEx
DrawFocusRect

gdi32

CreatePen
CreateRectRgnIndirect
ExtSelectClipRgn
GetClipBox
CreateFontIndirectW
MoveToEx
CombineRgn
GetStockObject
GetTextExtentPoint32W
SetBitmapBits
GetBitmapBits
TextOutW
SetBkMode
RoundRect
SetBkColor
StretchBlt
SetStretchBltMode
GetCharABCWidthsW
CreateSolidBrush
CreateCompatibleBitmap
Rectangle
ExtTextOutW
BitBlt
GetTextMetricsW
LineTo
CreateRoundRectRgn
CreateRectRgn
EnumFontsW
CreateCompatibleDC
CreateEllipticRgn
DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
SelectClipRgn
SetTextColor
GetObjectW

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
OleDuplicateData
ReleaseStgMedium

oleaut32

SysFreeString
SysAllocString
VariantClear
OleLoadPicture

shlwapi

StrStrIA
StrStrIW

Sections

.text
Size: 848KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 8KB - Virtual size: 7KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

0b0f6f2578ce650dcdda31f442fb709d

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

version

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 868KB - Virtual size: 865KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 35KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 610B

38e7b5c3ee58b43a91f9679e94aabd09

Headers

File Characteristics

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 868KB - Virtual size: 865KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 610B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 616B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 12KB - Virtual size: 9KB