002dc324480f36090c970df4c49febfa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

002dc324480f36090c970df4c49febfa_JaffaCakes118
Size

1.9MB
MD5

002dc324480f36090c970df4c49febfa
SHA1

7078d5722d71cafbd28ac04180d5f40e91bf7d28
SHA256

a67841ce6c21b1e48913310654d1501e691052a92369dfcefa1f24690e834ed4
SHA512

f93466390e3567d6325cf6dc08d77f259ce06434b755cb0f54bd874736ca41c0377f5f717a410810fac10b22a6ab2ba6b6f13c5aeec873283b54b4ab130f1f01
SSDEEP

49152:+IFOzvc+UBRS2ctBhYy/LCAJTZTJMQ9E9thxYQr7bTUA7:+IFkSRKBhYy/mAJh3EthxdrfwA7

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/PP2008/CoreDll.dll	aspack_v212_v242
static1/unpack001/PP2008/UsrLogin.dll	aspack_v212_v242

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PP2008/CMUpnp.dll
unpack001/PP2008/CoreDll.dll
unpack001/PP2008/FtpGoper.exe
unpack001/PP2008/Local.dll
unpack001/PP2008/PP2008.exe
unpack001/PP2008/SkinRes.dll
unpack001/PP2008/Updater.exe
unpack001/PP2008/UsrLogin.dll
unpack001/PP2008/funcmod/Bt.mod
unpack001/PP2008/funcmod/Cs.mod
unpack001/PP2008/funcmod/PPPT.mod
unpack001/PP2008/funcmod/xed2k.mod
unpack001/PP2008/plugins/DownAgent.dll
unpack001/PP2008/plugins/DownSpy.dll
unpack001/PP2008/pndx5032.dll
unpack001/PP2008/ppn.dll

Files

002dc324480f36090c970df4c49febfa_JaffaCakes118
.rar
PP2008/CMUpnp.dll
.dll windows:4 windows x86 arch:x86

5b5723e4d1117418b0a640a42ed57e9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\CMUpnp.pdb

Imports

kernel32

CreateEventA
GetExitCodeThread
WaitForSingleObject
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
ResumeThread
CloseHandle
CreateWaitableTimerA
SetEvent
FlushFileBuffers
SetStdHandle
ReadFile
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetSystemInfo
ExitProcess
HeapFree
HeapAlloc
RtlUnwind
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
LCMapStringA
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
LoadLibraryA
VirtualProtect

ws2_32

WSAEnumNetworkEvents
socket
WSACreateEvent
setsockopt
htonl
htons
recvfrom
recv
WSAWaitForMultipleEvents
send
accept
listen
bind
connect
WSAEventSelect
WSACloseEvent
closesocket
inet_addr
sendto

Exports

Exports

AddPortMapping
CMUpnpLib_Init
CMUpnpLib_UnInit
DeletePortMapping
GetExternalIPAddress

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/Configs/MainMenuIcons/MainMenu.xml
.xml
PP2008/Configs/MainMenuIcons/help.ico
PP2008/Configs/MainMenuIcons/service.ico
PP2008/Configs/scrftype.dat
PP2008/Configs/sfilter.dat
PP2008/Configs/sharenot.dat
PP2008/Configs/unsafefile.dat
PP2008/CoreDll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCoreDll

Sections

.text
Size: 136KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PP2008/FtpGoper.exe
.exe windows:4 windows x86 arch:x86

086a8aba4f8a2f1c4a866c87eed0d852

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
GetProcAddress
LoadLibraryA
LockResource
GetLocalTime
lstrcmpA
GetCurrentProcessId
lstrcpynW
CreateFileA
ReadFile
WriteFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
GetStartupInfoA
GetFileAttributesA
CreateDirectoryA
HeapReAlloc
CreateThread
ExitThread
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
SetFilePointer
Sleep
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcessHeap
HeapAlloc
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
ResumeThread
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetCurrentProcess
GetLastError
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
GlobalFree
CloseHandle
lstrcatA
WideCharToMultiByte
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentStringsW
RaiseException

user32

CallNextHookEx
SetWindowsHookExA
GetKeyState
CharLowerA
UnhookWindowsHookEx
RegisterWindowMessageA
FrameRect
WindowFromPoint
GetFocus
MessageBeep
GetWindowThreadProcessId
IsWindowEnabled
GetDlgCtrlID
GetSysColorBrush
EndDialog
GetWindowLongA
GetDesktopWindow
GetDC
InflateRect
GetCapture
SetCursor
ReleaseDC
GetWindowDC
GetSystemMetrics
GetMessagePos
ReleaseCapture
OffsetRect
DrawEdge
DrawFrameControl
ModifyMenuA
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
UnregisterClassA
wsprintfA
TrackPopupMenuEx
GetClassNameA
GetSubMenu
FindWindowExA
LoadStringW
RedrawWindow
EnableWindow
GetDlgItem
SetDlgItemTextA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
MessageBoxA
SetCapture
SetMenuDefaultItem
FillRect
GetSysColor
DrawTextA
EndPaint
BeginPaint
SetFocus
GetActiveWindow
DialogBoxParamA
SetRectEmpty
CheckMenuItem
GetCursorPos
ScreenToClient
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wvsprintfA
SetWindowLongA
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
DestroyWindow
RegisterClassExA
LoadImageA
LoadCursorA
GetClassInfoExA
CreateWindowExA
LoadAcceleratorsA
LoadMenuA
PtInRect
CreatePopupMenu
AppendMenuA
TrackPopupMenu
IsWindowVisible
SetRect
IsMenu
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
LoadBitmapA
DestroyMenu
CallWindowProcA
IsWindow
UpdateWindow
SetMenu
GetMenu
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
PostMessageA
InvalidateRect
TranslateAcceleratorA
DestroyIcon
SendMessageA
DefWindowProcA
CharNextA
LoadStringA
PostQuitMessage

gdi32

CreateDIBSection
BitBlt
SetBkColor
SetBrushOrgEx
CreateFontIndirectA
Polygon
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
MoveToEx
LineTo
CreatePen
SetTextColor
SetBkMode
SelectObject
GetObjectA
GetStockObject
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA

shell32

SHGetFileInfoA

ole32

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysStringLen
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
VariantInit
VarBstrCmp
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

UrlGetPartA

comctl32

ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ord6
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
ord8
ImageList_LoadImageA
ImageList_Draw
InitCommonControlsEx

ws2_32

listen
getsockname
bind
accept
WSAStartup
WSACleanup
select
__WSAFDIsSet
socket
htons
connect
send
recv
ntohs
closesocket
inet_addr
inet_ntoa
gethostname
gethostbyname

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PP2008/Local.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadFriend
LoadHisUsers
LoadLastHisUsers
LoadShareEntryPass
LoadShareFile
SaveEntryPassWord
SaveFriend
SaveHisUser
SaveLastUser
SaveShareFile

Sections

CODE
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PP2008/PP2008.exe
.exe windows:4 windows x86 arch:x86

e099de47ff9570468c8bc057d1c59ae2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GlobalAlloc
SetLastError
GlobalFree
GlobalHandle
InterlockedIncrement
InterlockedDecrement
CreateProcessW
GetCommandLineW
CreateMutexW
LoadLibraryExW
CreateDirectoryW
ResumeThread
GetFileSizeEx
TlsFree
TlsAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
VirtualQuery
GetStartupInfoW
GetModuleHandleA
CreateThread
ExitThread
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GlobalMemoryStatus
TerminateProcess
SetUnhandledExceptionFilter
VirtualProtect
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GlobalSize
GlobalLock
GlobalUnlock
lstrlenA
lstrcpynA
DeleteFileW
WriteFile
CreateFileW
GetFileSize
ReadFile
CloseHandle
MulDiv
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
SetEndOfFile
lstrcmpW
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetProcAddress
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetLastError
LocalFree
GetModuleFileNameA
GetCurrentThreadId
GetModuleFileNameW
lstrcmpiW
lstrcpynW
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetLogicalDrives
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
EnterCriticalSection
LeaveCriticalSection
lstrcpyW
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
RaiseException
TlsSetValue

user32

ShowWindow
GetClipboardData
CloseClipboard
OpenClipboard
SetClipboardViewer
SetTimer
ClientToScreen
RemoveMenu
PeekMessageW
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
GetMenuItemInfoW
MessageBeep
LoadStringA
PostQuitMessage
SetCapture
GetCapture
DrawEdge
GetSystemMetrics
GetMessagePos
ReleaseCapture
MapDialogRect
KillTimer
PostMessageW
FindWindowW
wvsprintfW
IsWindowVisible
CopyRect
TranslateAcceleratorW
IsIconic
SetForegroundWindow
SetMenuItemInfoW
SetMenuDefaultItem
IsZoomed
CreateDialogIndirectParamW
IntersectRect
UpdateWindow
SetFocus
SetCursor
GetDlgCtrlID
GetSysColorBrush
FillRect
GetSysColor
LoadImageW
GetDesktopWindow
GetDC
DialogBoxParamW
RegisterClassExW
SetRectEmpty
TrackPopupMenu
DestroyMenu
GetKeyState
LoadCursorW
IsRectEmpty
TrackMouseEvent
SetParent
IsWindowEnabled
InflateRect
DrawFocusRect
AdjustWindowRectEx
GetMenu
GetWindowTextA
SendDlgItemMessageA
MessageBoxA
wsprintfA
EmptyClipboard
SetClipboardData
LoadMenuW
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
CopyIcon
InvalidateRgn
DestroyAcceleratorTable
IsChild
RedrawWindow
GetClassNameW
CharNextW
CreateAcceleratorTableW
SendDlgItemMessageW
SetWindowContextHelpId
wsprintfW
GetClassInfoExW
InvalidateRect
DestroyWindow
CreateWindowExW
GetWindowTextLengthW
CallWindowProcW
GetActiveWindow
CreateDialogParamW
GetDlgItemTextA
SetDlgItemTextA
EnableWindow
WindowFromDC
GetMenuInfo
SetMenuInfo
IsWindow
MessageBoxW
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
SetWindowTextW
GetFocus
DrawIconEx
GetWindowTextW
LockWindowUpdate
GetWindowDC
ReleaseDC
RegisterWindowMessageW
OffsetRect
SetWindowRgn
DestroyIcon
LoadIconW
DefWindowProcW
UnregisterClassW
GetCursorPos
PtInRect
LoadStringW
SetRect
DrawTextW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
GetDlgItem
GetParent
EndPaint
BeginPaint
ScreenToClient
MoveWindow
GetWindowLongW
SetWindowLongW
EndDialog
LoadBitmapW
IsMenu

gdi32

SetViewportOrgEx
GetTextExtentPoint32W
CreateRoundRectRgn
GetDeviceCaps
MoveToEx
LineTo
CreateBitmap
CreatePatternBrush
PatBlt
CreatePen
Polygon
CreateCompatibleBitmap
CreateSolidBrush
ExcludeClipRect
CreateRectRgn
CreateEllipticRgn
CombineRgn
SetBkMode
GetStockObject
SetTextColor
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ord165
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetFileInfoW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
StgOpenStorage

oleaut32

VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
VariantClear
VariantInit
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

shlwapi

SHAutoComplete
StrFormatKBSizeW
StrFormatByteSizeW
StrDupW
PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathRemoveFileSpecW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
InitCommonControlsEx
_TrackMouseEvent
ImageList_Create

msimg32

GradientFill
TransparentBlt

ws2_32

connect
send
recv
ntohs
closesocket
inet_ntoa
gethostname
gethostbyname
WSAStartup
WSACleanup
WSAAsyncGetHostByName
socket
ioctlsocket
htons
sendto
inet_addr

winmm

PlaySoundW

Exports

Exports

QueryServiceProvider

Sections

.text
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PP2008/SkinRes.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\SkinRes.pdb

Sections

.rdata
Size: 4KB - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/Thumbs.db
PP2008/Updater.exe
.exe windows:4 windows x86 arch:x86

e7a6a53cb3999c17c908b7b47ad17326

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
CopyFileW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
GetModuleFileNameW
Sleep
GetCommandLineW
ReadFile
GetFileSize
CreateFileW
GetCurrentThreadId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetLastError
CreateMutexW
lstrlenW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
WaitForSingleObject
WriteFile
GetFileAttributesW
WideCharToMultiByte
SetFilePointer
GetFileType
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
lstrcatW
FlushFileBuffers
SetStdHandle
GetSystemInfo
VirtualProtect
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetModuleFileNameA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
RtlUnwind
GetStartupInfoW
GetModuleHandleA
MoveFileW
HeapReAlloc
ExitProcess
CreateThread
ExitThread
GetVersionExA

user32

IsDialogMessageW
GetDlgItem
SetTimer
ShowWindow
GetWindowLongW
SendMessageW
DestroyWindow
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
FindWindowW
UnregisterClassW
CharNextW
wsprintfW
DefWindowProcW
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
LoadImageW
SetWindowLongW
IsWindow
PostMessageW
SetDlgItemTextW
PostQuitMessage

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
ord165

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathRemoveBackslashW
PathIsDirectoryW

comctl32

InitCommonControlsEx

ws2_32

WSACleanup
htons
socket
connect
send
closesocket
recv
WSAStartup
gethostbyname

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PP2008/UsrLogin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Embed
InitFuncMod
LoginServer
PPIMCallBack
UnInitFuncMod

Sections

.text
Size: 153KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PP2008/config/core.ed2k.svr
PP2008/config/ed2k.kad.nodes
PP2008/config/lang/en_us.lang
PP2008/config/lang/zh_cn.lang
PP2008/config/upnp.xml
.xml
PP2008/funcmod/Bt.mod
.dll windows:4 windows x86 arch:x86

b77190f3868a34f4b69d58dec254daf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\FuncMod\Bt.pdb

Imports

kernel32

DeleteFileW
GetFileAttributesW
ReadFile
SetFilePointer
SetEndOfFile
GetFileSize
GetModuleHandleW
WideCharToMultiByte
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
lstrcpyW
LocalFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetExitCodeThread
GetDiskFreeSpaceExW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
CreateFileW
LCMapStringW
LCMapStringA
LoadLibraryA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetSystemInfo
VirtualProtect
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsFree
SetLastError
TerminateProcess
GetModuleHandleA
GetProcAddress
IsBadWritePtr
VirtualAlloc
GetLastError
WriteFile
CloseHandle
MulDiv
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CopyFileW
WaitForMultipleObjects
VirtualFree
HeapCreate
VirtualQuery
MultiByteToWideChar
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCommandLineA
CreateThread
ExitThread
CreateDirectoryW
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetProcessHeap
HeapFree
lstrcatW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
FreeEnvironmentStringsW

user32

GetDlgItem
PostThreadMessageW
SetTimer
LoadBitmapW
GetClientRect
MoveWindow
CreateDialogParamW
CreateWindowExW
DestroyWindow
SendMessageW
GetActiveWindow
IsWindow
DialogBoxParamW
ShowWindow
GetWindowLongW
SetWindowPos
SetWindowLongW
EndDialog
LoadIconW
DestroyIcon
UnregisterClassW
CopyRect
BeginPaint
DrawTextW
FillRect
wsprintfW
EndPaint
CallWindowProcW
IsRectEmpty
InvalidateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowTextW
SetDlgItemTextW
GetWindowTextLengthW
PostMessageW
KillTimer
GetWindow
SystemParametersInfoW
MapWindowPoints
GetWindowRect
GetParent
RegisterClassExW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
MessageBoxW

gdi32

CreateCompatibleBitmap
SetViewportOrgEx
GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
SetBkMode
DeleteDC
GetStockObject
SetTextColor
DeleteObject
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptDestroyHash
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ord165
SHChangeNotify
SHGetFileInfoW

shlwapi

PathFileExistsW
StrFormatKBSizeW
StrFormatByteSizeW
PathRemoveFileSpecW
PathAddBackslashW
PathAddExtensionW
PathIsDirectoryW
StrDupW
PathFindExtensionW

comctl32

ImageList_AddMasked
ImageList_Remove
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_Destroy
ImageList_Create

ws2_32

htonl
listen
WSAAsyncGetHostByName
WSACancelAsyncRequest
sendto
send
recvfrom
connect
WSAIoctl
WSAGetLastError
inet_addr
accept
recv
getpeername
WSAAsyncSelect
closesocket
socket
htons
bind

Exports

Exports

InitFuncMod
UnInitFuncMod

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/funcmod/Cs.mod
.dll windows:4 windows x86 arch:x86

56d83c6dff9008ad0c546960ad5a9de2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\FuncMod\Cs.pdb

Imports

kernel32

GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
HeapFree
GetProcessHeap
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WaitForMultipleObjects
CreateFileA
WriteFile
SetFilePointer
GetLocalTime
GetTickCount
GetFileSize
DeleteFileA
SetEndOfFile
GetProcAddress
FreeLibrary
LoadLibraryA
lstrcmpA
lstrcmpiA
CreateDirectoryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
ReadFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
TerminateProcess
TlsFree
SetLastError
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
GetModuleFileNameA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
LocalFree
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetCurrentProcess
GetLastError
CloseHandle
WideCharToMultiByte
TlsAlloc
RaiseException
TlsSetValue
GetCurrentThreadId
GetModuleHandleA
TlsGetValue
lstrlenA
lstrcpyA
lstrcatA
DeleteCriticalSection
InitializeCriticalSection
FlushFileBuffers

user32

GetWindowLongA
DefWindowProcA
wsprintfA
SetCursor
LoadCursorA
SetDlgItemTextW
SetFocus
KillTimer
SetTimer
UnregisterClassA
GetDlgCtrlID
ReleaseDC
GetSysColorBrush
GetSysColor
LoadImageA
GetDesktopWindow
CreateWindowExA
RegisterClassExA
DestroyWindow
IsWindow
DestroyIcon
SetWindowPos
GetParent
GetWindowRect
SetWindowLongA
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindow
SendMessageA
LoadIconA
EndDialog
CreateDialogParamA
PostThreadMessageA
DialogBoxParamA
MessageBoxA
GetDC
GetKeyState
CallWindowProcA
GetCursorPos
ScreenToClient
EnableWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
GetMessageA
TranslateMessage
DispatchMessageA
FillRect
DrawTextA
LoadBitmapA
IsWindowVisible
ShowWindow
MoveWindow
SetForegroundWindow
GetActiveWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
SelectObject
DeleteDC
SetTextColor
SetBkMode
Polygon
GetStockObject
DeleteObject

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA

ole32

StringFromGUID2

oleaut32

VarDateFromStr
VarI4FromStr
VarDecCmp
VarDecFromStr
VarR8FromStr

shlwapi

SHDeleteKeyA
StrFormatByteSize64A
PathFileExistsA
PathAddBackslashA
StrDupA
UrlGetPartA

comctl32

ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon

ws2_32

WSAAsyncGetHostByName
WSACancelAsyncRequest
closesocket
socket
ntohs
WSAAsyncSelect
send
recv
connect
htons
WSAGetLastError

wininet

InternetGetCookieA

Exports

Exports

InitFuncMod
UnInitFuncMod

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/funcmod/PPPT.mod
.dll windows:4 windows x86 arch:x86

37ead6a52678be4f1acd78f5e5729583

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Programing\Vc\My Program\PpNew\ExcuteFiles\PPPT.pdb

Imports

kernel32

Sleep
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
WriteFile
SetEndOfFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentThreadId
WaitForMultipleObjects
TerminateThread
GetLocalTime
SetEvent
GetProcAddress
FreeLibrary
LoadLibraryW
lstrcmpW
lstrcmpiW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
UnhandledExceptionFilter
TlsFree
SetLastError
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetModuleHandleA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
VirtualQuery
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
WaitForSingleObject
ResetEvent
GetFileTime
CreateEventW
FindClose
FindFirstFileW
FindNextFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
lstrlenW
MulDiv
MoveFileW
lstrcpyW
lstrcatW
GetFileSize
ReadFile
SetFilePointer
CreateFileW
CloseHandle
GetExitCodeThread
RaiseException
TlsAlloc
TlsGetValue
WideCharToMultiByte
TlsSetValue
GetModuleHandleW
GetLastError
LeaveCriticalSection
EnterCriticalSection
LocalFree
DeleteCriticalSection
InitializeCriticalSection

user32

CopyRect
SetWindowPos
IsRectEmpty
TrackMouseEvent
PtInRect
GetClientRect
MapWindowPoints
GetWindowLongW
IsWindow
GetWindowRect
GetParent
EndPaint
GetCursorPos
GetKeyState
BeginPaint
ScreenToClient
GetFocus
DrawIconEx
GetWindowTextW
UnregisterClassW
GetWindow
SendMessageW
SetTimer
KillTimer
DefWindowProcW
SetWindowLongW
CreateWindowExW
RegisterClassExW
DestroyWindow
TranslateMessage
DispatchMessageW
SystemParametersInfoW
GetMessageW
wsprintfW
PostThreadMessageW
EndDialog
MoveWindow
ShowWindow
IsWindowVisible
GetDlgItem
LoadBitmapW
DrawTextW
FillRect
LockWindowUpdate
GetWindowDC
OffsetRect
SetWindowRgn
IsZoomed
InvalidateRect
RedrawWindow
LoadCursorW
SetCursor
GetDlgCtrlID
ReleaseDC
GetSysColorBrush
GetSysColor
LoadImageW
GetDesktopWindow
GetDC
CallWindowProcW
SetWindowTextW
LoadIconW
DestroyIcon
GetActiveWindow
CreateDialogParamW
DialogBoxParamW
GetWindowTextLengthW
MessageBoxW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItemTextW

gdi32

SelectObject
CreateCompatibleBitmap
SetTextColor
SetBkMode
DeleteObject
GetStockObject
CreateCompatibleDC
Polygon
CreatePen
CombineRgn
CreateEllipticRgn
CreateRectRgn
CreateFontIndirectW
BitBlt
GetObjectW
ExcludeClipRect
SetViewportOrgEx
DeleteDC
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptCreateHash
RegOpenKeyExW

shell32

ord165
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHChangeNotify
SHGetFileInfoW

ole32

StgOpenStorage
StgCreateDocfile
OleUninitialize
OleInitialize
CoCreateGuid

oleaut32

VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr

shlwapi

PathAddExtensionW
StrFormatByteSizeW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathAddBackslashW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFileExistsW
StrDupW

comctl32

ImageList_AddMasked
ImageList_DrawEx
ImageList_Destroy
ImageList_Create

msimg32

TransparentBlt

ws2_32

gethostname
gethostbyname
htonl
setsockopt
getpeername
WSAAsyncGetHostByName
WSACancelAsyncRequest
socket
sendto
send
recv
accept
listen
htons
inet_addr
bind
connect
WSAGetLastError
closesocket
WSAAsyncSelect
recvfrom

Exports

Exports

InitFuncMod
UnInitFuncMod

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/funcmod/xed2k.mod
.dll windows:4 windows x86 arch:x86

d359f1dabf29334ddaab667b621ade30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\公司文档\pp2007\ppim_12.3.1\ppemule\Release\ppemule.pdb

Imports

kernel32

HeapFree
GetCommandLineA
HeapAlloc
HeapReAlloc
TerminateProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetSystemTimeAsFileTime
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
RtlUnwind
GetFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentDirectoryW
InterlockedIncrement
GlobalFlags
lstrcmpiW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
WaitForSingleObject
SetLastError
MulDiv
lstrcpyW
LocalFree
InterlockedDecrement
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetVersionExA
FreeResource
FormatMessageW
GlobalAlloc
GlobalFree
WritePrivateProfileStringW
GetCurrentProcess
GetLastError
CloseHandle
GlobalLock
GlobalUnlock
FindFirstFileW
FindClose
GetFileAttributesW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
DeleteFileW
CreateDirectoryW
lstrlenW
GetPrivateProfileIntA
GetPrivateProfileStringA
RaiseException
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetProcAddress
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetHandleCount
GetModuleFileNameW

user32

CharUpperW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MessageBoxW
TrackPopupMenu
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
DrawTextW
MapWindowPoints
ShowWindow
GetClassNameW
GetSystemMetrics
GetSysColor
GetSubMenu
PostMessageW
SetCursor
DestroyMenu
GetWindowLongW
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
GetDC
ReleaseDC
LoadBitmapW
SetForegroundWindow
GetParent
GetKeyState
SetMenuDefaultItem
GetWindowRect
UnregisterClassW
GetMessagePos
AppendMenuW
CreatePopupMenu
GetSysColorBrush
LoadCursorW
InvalidateRect
PtInRect
CopyRect
PostQuitMessage
IsWindowVisible
DestroyIcon
GetClientRect
LoadIconW
SendMessageW
EnableWindow
IsWindow
wsprintfW

gdi32

SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
RestoreDC
SaveDC
GetClipBox
GetDeviceCaps
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
GetStockObject
DeleteObject
GetObjectW

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetFileInfoW

comctl32

ord17
ImageList_Destroy

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayCreateVector
VariantClear
VariantChangeType
VariantInit

ws2_32

inet_ntoa

Exports

Exports

InitFuncMod
UnInitFuncMod

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/localver.dll
PP2008/plugins/DownAgent.dll
.dll .vbs regsvr32 windows:4 windows x86 arch:x86 polyglot

58e911c65dd131e0f7e37617558e99d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\Plugins\DownAgent.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
RaiseException
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetModuleHandleA
ExitProcess
DebugBreak
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

CharNextA
SendMessageA
MessageBoxA
wsprintfA
FindWindowA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen

shlwapi

PathFileExistsA
SHDeleteKeyA
PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/plugins/DownSpy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ad0994fa276bfdf7f128a1b5b74ac7b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Programing\VC\My Program\PpNew\ExcuteFiles\Plugins\DownSpy.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
lstrcpynA
lstrcpyA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
LockResource
EnterCriticalSection
lstrcmpA
LoadLibraryA
GetStringTypeW
GetStringTypeA
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FindResourceExA
InterlockedExchange
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress

user32

wsprintfA
SendMessageA
LoadStringA
FindWindowA
CharNextA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
DispGetParam
SysStringLen
LoadRegTypeLi
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFileExistsA
PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/pndx5016.dll
PP2008/pndx5032.dll
.dll windows:4 windows x86 arch:x86

3dff24d172f5031d837d000fcf3a81f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc

pncrt

free
_adjust_fdiv
malloc
_initterm

Exports

Exports

GetDevNodeStatus32Call
thk_ThunkData32

Sections

.text
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/ppn.dll
.dll windows:4 windows x86 arch:x86

7469d826b6dbac81bad1fff0a2e29548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\公司文档\pp2007\ppim_12.3.1\ppn\Release\ppn.pdb

Imports

kernel32

ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
HeapFree
ExitThread
CreateThread
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
IsBadWritePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
RaiseException
GetModuleHandleA
GlobalFlags
InterlockedIncrement
SetErrorMode
lstrcatW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedDecrement
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GlobalAddAtomW
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
lstrlenW
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetModuleFileNameW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
FreeLibrary
WritePrivateProfileStringW
TerminateThread
Sleep
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
ShowWindow
SetWindowLongW
GetDlgItem
LoadCursorW
GetSystemMetrics
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextW
SetWindowTextW
GetClassNameW
wsprintfW
UnregisterClassW
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
DestroyMenu
SetWindowPos
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageW
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
GetSysColorBrush

gdi32

DeleteDC
GetStockObject
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

inet_addr
accept
socket
select
WSAGetLastError
closesocket
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
inet_ntoa
ntohs
getpeername
htonl
bind
WSAStartup
gethostbyname
htons
WSACleanup

iphlpapi

GetAdaptersInfo

Exports

Exports

NAddFriend
NCheckRegName
NDelFriend
NGetAllOnlineUser
NGetDefXblNatPort
NGetFriendList
NGetIDUser
NGetNameUser
NGetOFFMsg
NGetPPlHandle
NGetPort
NGetShare
NGetUserLargeInfo
NInit
NLogin
NNotifyFriDownline
NNotifyFriOnline
NNotifyHost
NPingServer
NReBeAddFriToServer
NReGetDefXblNatPort
NReGetShare
NReNotifyFriendOnline
NRegUser
NSaveFriendHash
NSendChatMessage
NSendClientOnToServer
NSendQuestXblShare
NSendReChatMsg
NSendXblShareInfo
NSetIDOK
NSetState
NSetUserLargeInfo
NUserOut
NXblNotyUserOff
NXblNotyUserState
NXblViewShareToServer
UnInit

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/rmoc3260.dll
.dll regsvr32 windows:4 windows x86 arch:x86

856609e709a6cabc2acd456e10aed0e4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-08-2006 20:44

Not After

15-09-2007 17:25

Subject

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b
Signer

Actual PE Digest

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
_adjust_fdiv
_ismbcspace
_open
_chsize
_fstat
_onexit
_read
_unlink
_putenv
_write
_sopen
_tell
_lseek
__dllonexit
malloc
_errno
_telli64
_lseeki64
memmove
_vsnprintf
strchr
isdigit
_stricmp
strncmp
printf
getenv
realloc
strstr
_snprintf
atol
atoi
sprintf
strncat
_purecall
??2@YAPAXI@Z
wcslen
wcsncpy
strncpy
strrchr
??3@YAXPAX@Z
free
_strnicmp
_strcmpi
_close
_creat

ole32

CoTaskMemAlloc
CreateBindCtx
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
CoGetMalloc

kernel32

CreateThread
InitializeCriticalSection
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CloseHandle
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
lstrcmpA
MultiByteToWideChar
DeleteFileA
WinExec
GetProcAddress
LoadLibraryA
FreeLibrary
SetErrorMode
DeleteCriticalSection
GetLocaleInfoA
GetVersion
GetLastError

user32

CreateDialogParamA
wsprintfA
CharNextA
CharPrevA
IsDialogMessageA
ReleaseDC
GetDC
PtInRect
SendMessageA
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
GetParent
DefWindowProcA
UnregisterClassA
WinHelpA
GetWindowLongA
ShowWindow
EqualRect
OffsetRect
SetWindowRgn
SetWindowLongA
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
GetActiveWindow
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
GetSysColor
FillRect
IntersectRect
CopyRect
GetClientRect
EnumChildWindows
UpdateWindow
LoadCursorA
RegisterClassA
CreateWindowExA
GetKeyState
InvalidateRect
GetClipboardFormatNameA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegCloseKey

gdi32

LPtoDP
CreateSolidBrush
CreateRectRgnIndirect
DeleteDC
SetMapMode
SetWindowOrgEx
DeleteObject
SetViewportOrgEx
GetDeviceCaps
CreateDCA

oleaut32

VariantClear
VariantInit
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame
SetErrorInfo
SysAllocStringLen
RegisterTypeLi
VariantChangeType

urlmon

URLDownloadToCacheFileA
HlinkSimpleNavigateToString
CreateURLMoniker
RegisterBindStatusCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PP2008/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

5b5723e4d1117418b0a640a42ed57e9b

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 332KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 28KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

086a8aba4f8a2f1c4a866c87eed0d852

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 36KB - Virtual size: 34KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 606KB - Virtual size: 606KB

DATA Size: 27KB - Virtual size: 26KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 295B

.reloc Size: 43KB - Virtual size: 42KB

.rsrc Size: 27KB - Virtual size: 27KB

e099de47ff9570468c8bc057d1c59ae2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

winmm

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 332KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 28KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 36KB - Virtual size: 34KB

CODE
Size: 606KB - Virtual size: 606KB

DATA
Size: 27KB - Virtual size: 26KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 295B

.reloc
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 356KB - Virtual size: 354KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 92KB - Virtual size: 88KB

.rdata
Size: 4KB - Virtual size: 110B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 153KB - Virtual size: 384KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 324KB - Virtual size: 1.7MB

.reloc
Size: 16KB - Virtual size: 60KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB