058d879c7121d1c172ea9501805ae595_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

058d879c7121d1c172ea9501805ae595_JaffaCakes118
Size

2.7MB
MD5

058d879c7121d1c172ea9501805ae595
SHA1

7781095167281d108db4acf831f76bb05ccfa982
SHA256

86f4b663b774e059ccfb31bb20a9f04ba65681d8e6cf71977e71a286699ea969
SHA512

c320e691076098b8825cbdf0153ff4b9254deee877378aff06ff65df2aee7cb0f9c68a9ed91607c050102bd550efca0a799da58b86f2e04bac6f0f8a9c28b387
SSDEEP

49152:+lj6oMxkN7p2EnqSnyftKAgeuCxtHXqo3rCWmGoMeqAXJaIcldDFaT5mqwHyfl1a:8PMxkv2EnqSyftKAggRDmU45mjQ1SNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 34 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack002/$SYSDIR/MonUrlExt.dll
unpack002/$SYSDIR/ftdoctor.dll
unpack002/$TEMP/ft3/ftcomdll.dll
unpack002/$TEMP/tututool/HttpDownLoad.exe
unpack002/$WINDIR/$SYSDIR/drivers/ftdrv.sys
unpack002/$WINDIR/VirKeyBd.dll
unpack002/$WINDIR/ftcomdll.dll
unpack002/$WINDIR/ftct.exe
unpack002/$WINDIR/ftlive.dll
unpack002/$WINDIR/ftopt.exe
unpack002/$WINDIR/ftslsp.dll
unpack002/$WINDIR/msgctl.dll
unpack002/JpgVSbmp.dll
unpack002/Message.dll
unpack002/NMSashok.dll
unpack002/backup/$WINDIR/res.dll
unpack004/MonUrlExt.dll
unpack005/ftcomdll.dll
unpack006/ftct.exe
unpack007/ftdrv.sys
unpack008/ftgzip.dll
unpack009/ftlive.dll
unpack002/configcenter.dll
unpack002/ftgzip.dll
unpack002/ftupdate.dll
unpack002/lockscr.exe
unpack002/log.dll
unpack002/plm.dll
unpack002/security.exe
unpack002/surfctl.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/ft3inst-v3.6.0.1011.exe	nsis_installer_1

Files

058d879c7121d1c172ea9501805ae595_JaffaCakes118
.rar
ft3inst-v3.6.0.1011.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Code Sign

2c:11:0d:80:76:ae:89:e9:c5:93:7e:2c:04:02:2d:3b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

09/11/2012, 23:59

Subject

CN=广州梦飞网络科技有限公司,OU=产品部,O=广州梦飞网络科技有限公司,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:39:ac:08:e5:8a:9b:a2:5c:b9:d3:73:4e:d2:19:70:20:2e:b3:57
Signer

Actual PE Digest

40:39:ac:08:e5:8a:9b:a2:5c:b9:d3:73:4e:d2:19:70:20:2e:b3:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetPassword.ini
$PLUGINSDIR/SetShortCut.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/option.ini
$PLUGINSDIR/showtaskicon.bmp
$PLUGINSDIR/welcome.bmp
$PLUGINSDIR/welcome.ini
$SYSDIR/FT_ET99_API.dll
.dll windows:4 windows x86 arch:x86

e2d1b2ffa4a28c81124f88c56ed492a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/05/2007, 00:00

Not After

02/06/2010, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Feitian Technologies Co.\, Ltd.,L=Beijing\,China,ST=Beijing\,China,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

Actual PE Digest

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetVersionExA
TerminateProcess
WideCharToMultiByte
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
IsBadReadPtr
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetFeature
HidD_GetAttributes
HidD_SetFeature

Exports

Exports

MD5_HMAC
et_ChangeUserPIN
et_CloseToken
et_FindToken
et_GenPID
et_GenRandom
et_GenSOPIN
et_GetSN
et_HMAC_MD5
et_OpenToken
et_Read
et_ResetPIN
et_ResetSecurityState
et_SetKey
et_SetupToken
et_TurnOffLED
et_TurnOnLED
et_Verify
et_Write

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b9b2457981d242cab965a350960225d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\项目\Ft3\Release\MonUrlExt.pdb

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
lstrcpyW
WriteFile
SetFilePointer
CreateFileW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
GetLastError
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcmpW
CloseHandle
ExitProcess
GetWindowsDirectoryW
OpenProcess
FreeLibrary
GetCurrentProcessId
TerminateProcess
GetSystemTime
GetLocalTime
LCMapStringW
MultiByteToWideChar
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
FlushInstructionCache
LoadLibraryW
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
VirtualProtect
VirtualQuery
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
GetSystemInfo
SetUnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

GetClassNameW
CreateWindowExW
MessageBoxA
GetActiveWindow
CharNextW
RegisterWindowMessageW
FindWindowW
SendMessageTimeoutW
DestroyWindow

advapi32

RegQueryInfoKeyW
RegQueryValueExW
GetUserNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc
SHGetFileInfoW

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocStringLen
VarBstrCmp
SysAllocString
SysFreeString
SysStringLen
VarBstrCat
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen

shlwapi

SHDeleteValueW
SHSetValueW
PathFindExtensionW
SHGetValueW
PathFindFileNameW

wininet

InternetCrackUrlW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ftdoctor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c3f2e7d44a2e7f924812eacb26d5d59d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
DeviceIoControl
DisableThreadLibraryCalls
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetTempPathA
Sleep
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
CreateProcessW
MoveFileExW
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LockResource
SizeofResource
LoadResource
FindResourceA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
lstrcmpiW
DebugBreak
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
lstrlenW
WideCharToMultiByte
OutputDebugStringW
CreateDirectoryW
CloseHandle
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
ExitProcess

user32

MessageBoxW
wvsprintfW
CharNextW
LoadStringW
DialogBoxParamW
SetWindowLongW
EndDialog
SendMessageW
ShowWindow
EnableWindow
GetDlgItem
SetDlgItemTextW
GetDlgCtrlID
LoadBitmapW
MessageBoxA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
GetWindowLongW
GetActiveWindow

gdi32

DeleteObject
GetStockObject
GetObjectW
SetTextColor
CreateFontIndirectW

advapi32

InitializeSecurityDescriptor
GetUserNameW
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetPathFromIDListW

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shlwapi

SHGetValueW
SHDeleteValueW
SHDeleteKeyW
PathRemoveFileSpecW
SHSetValueW
PathFileExistsW
PathFindFileNameW

wininet

HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetConnectW
InternetCloseHandle
InternetReadFile

setupapi

SetupIterateCabinetW

msvcrt

__dllonexit
fopen
fwrite
fclose
swprintf
_CxxThrowException
memmove
wcschr
free
_wcsicmp
wcscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_beginthreadex
time
memcmp
realloc
_wtoi
iswdigit
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
strcat
strlen
_vsnwprintf
wcslen
wcsstr
wcsncpy
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
memset
??3@YAXPAX@Z
malloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FtDoctor
Setting

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ftsurfmon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

cfd186797487778bb2d716f7e5be7f52

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:11:0d:80:76:ae:89:e9:c5:93:7e:2c:04:02:2d:3b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

09/11/2012, 23:59

Subject

CN=广州梦飞网络科技有限公司,OU=产品部,O=广州梦飞网络科技有限公司,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:9e:ff:0c:2b:49:37:60:45:f2:b6:b9:74:bc:22:ce:37:6b:ba:0e
Signer

Actual PE Digest

1c:9e:ff:0c:2b:49:37:60:45:f2:b6:b9:74:bc:22:ce:37:6b:ba:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetLocalTime
DeleteFileW
MoveFileExW
GetVersionExW
DeviceIoControl
WritePrivateProfileStringW
GetModuleHandleW
lstrcmpiW
TlsSetValue
TlsGetValue
GetCurrentProcessId
GetCurrentThreadId
lstrcmpW
GetWindowsDirectoryW
TlsFree
TlsAlloc
GetSystemDirectoryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetShortPathNameW
FreeLibrary
InterlockedIncrement
LoadResource
FindResourceW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
OpenProcess
CreateProcessW
CompareStringW
LCMapStringW
GetSystemTime
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrlenW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
VirtualProtect
FlushInstructionCache
OpenFileMappingW
GetLastError
GetFileSize
ReadFile
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedDecrement
GetCurrentProcess
GetProcAddress
LoadLibraryExW
LoadLibraryW
SizeofResource

user32

SendMessageTimeoutW
GetWindowRect
SystemParametersInfoW
SetWindowPos
SetWindowLongW
ReleaseDC
GetDC
OffsetRect
CreateWindowExW
EndPaint
DrawTextW
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
GetClientRect
FillRect
LoadCursorW
GetDlgItem
GetDlgItemTextW
GetWindowTextLengthW
IsDlgButtonChecked
GetWindow
DialogBoxParamW
ShowWindow
CharUpperW
EndDialog
CheckDlgButton
CallWindowProcW
MapWindowPoints
FindWindowW
EnableWindow
CharLowerW
wvsprintfW
CharNextW
LoadStringW
MessageBoxW
CheckRadioButton
SetDlgItemTextW
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetCursor
BeginPaint
IsWindow
DestroyWindow
InvalidateRect
SetFocus
GetCapture
ReleaseCapture
UpdateWindow
DefWindowProcW
SetRectEmpty
PtInRect
SetCapture
WaitForInputIdle
MessageBoxA
EnumThreadWindows
GetWindowLongW
PostMessageW
GetActiveWindow
GetClassNameW
GetParent
SendMessageW
SetWindowTextW
GetWindowTextW
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
FindWindowExW
GetWindowThreadProcessId
SetWindowsHookExW

gdi32

GetStockObject
SetTextColor
DeleteObject
DeleteDC
CreateFontIndirectW
GetObjectW
SelectObject
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
GetUserNameW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
VariantClear
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
DispCallFunc
LoadRegTypeLi
SysFreeString

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
_TrackMouseEvent
PropertySheetW

urlmon

CoInternetGetSession

shlwapi

PathFileExistsW
SHDeleteValueW
PathFindFileNameW
PathRemoveExtensionW
SHDeleteKeyW
PathUnquoteSpacesW
PathGetArgsW
SHGetValueW
SHSetValueW
PathMatchSpecW

wininet

InternetCrackUrlW

msvcrt

wcslen
wcsstr
wcsncpy
memcpy
memset
??3@YAXPAX@Z
__CxxFrameHandler
strlen
strcat
sprintf
time
_vsnwprintf
wcscmp
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
wcsrchr
localtime
abs
wcspbrk
??2@YAPAXI@Z
_wtoi
wcschr
strncpy
realloc
free
iswdigit
strpbrk
_strtime
wcscpy
memmove
wcsncmp
malloc
memcmp
_purecall
_strlwr
strncat
_snprintf
swprintf
_adjust_fdiv

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AddBlackSite
Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ft3/ftcomdll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ab455b752a87ba36ee269be736d2daf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
lstrcmpW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
CompareStringW
lstrlenA
MultiByteToWideChar
DebugBreak
HeapDestroy
FlushInstructionCache
WritePrivateProfileStringW
WritePrivateProfileSectionW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
lstrcpynW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetCurrentProcessId
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetShortPathNameW
CreateProcessW
DeleteCriticalSection
GetModuleHandleW
LoadLibraryW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW

user32

DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
EndPaint
CallWindowProcW
FindWindowW
GetWindowThreadProcessId
DialogBoxParamW
FillRect
GetDlgCtrlID
ScreenToClient
SetCursor
BeginPaint
DestroyWindow
GetCapture
ReleaseCapture
UpdateWindow
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
SendMessageTimeoutW
GetActiveWindow
CharNextW
SetWindowLongW
MessageBoxW
MessageBoxA
SendMessageW
CharLowerW
LoadStringW
EndDialog
DefWindowProcW
SetRectEmpty
PtInRect
SetCapture
WaitForInputIdle
wvsprintfW
CreateWindowExW
GetWindow
SystemParametersInfoW
MapWindowPoints
ReleaseDC
IsWindow
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
LoadCursorW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
GetWindowRect
GetDlgItemTextA
SetDlgItemTextW
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
GetCursorPos

gdi32

CreateFontIndirectW
GetStockObject
SelectObject
DeleteDC
DeleteObject
SetTextColor
SetBkMode
GetObjectW

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

SHSetValueW
SHGetValueW
PathFindFileNameW
SHDeleteValueW
SHGetValueA

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

msvcrt

_purecall
memcmp
??3@YAXPAX@Z
__CxxFrameHandler
memcpy
memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
??2@YAPAXI@Z
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_wcsicoll
wcschr
realloc
_except_handler3
wcsstr
wcscmp
strchr
malloc
free
_wtoi
_strlwr
strncat
_snprintf
iswdigit
_wcsicmp
swprintf
strcmp
strncpy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SaveV

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/tututool/HttpDownLoad.exe
.exe windows:4 windows x86 arch:x86

465e22d840e0a30ca0b2614dec4fef2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord641
ord609
ord795
ord765
ord2414
ord6215
ord2086
ord2621
ord1134
ord5265
ord4853
ord4998
ord4710
ord2514
ord860
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord823
ord1146
ord1168
ord567
ord2302
ord2379
ord755
ord470
ord3092
ord5953
ord4224
ord2645
ord858
ord6199
ord1641
ord939
ord2818
ord941
ord537
ord940
ord5710
ord5683
ord6453
ord535
ord5186
ord800
ord665
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord6052
ord5651
ord1576

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_setmbcp
__setusermatherr

kernel32

WaitForSingleObject
CreateProcessA
lstrlenA
OutputDebugStringA
DeleteFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsIconic
ShowWindow
LoadImageA
GetSystemMetrics
EnableWindow
GetClientRect
SetDlgItemTextA
DrawIcon
PostMessageA
LoadIconA
IsWindowVisible
SendMessageA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/tututool/setupinfo.ini
$TEMP/tututool/tutu.bmp
$WINDIR/$SYSDIR/drivers/ftdrv.sys
.sys windows:4 windows x86 arch:x86

fe8f3f9e6d4256ff85712f9f7d38b29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
ExFreePoolWithTag
PsGetCurrentProcessId
wcscat
ExAllocatePoolWithTag
wcslen
wcsrchr
wcsstr
RtlCompareUnicodeString
strncmp
_strlwr
_stricmp
_wcsicmp
ZwQueryInformationProcess
ExGetPreviousMode
DbgPrint
RtlInitUnicodeString
_except_handler3
MmIsAddressValid
IoGetCurrentProcess
strncpy
wcscpy
swprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeleteKey
ZwSetValueKey
ZwDeleteValueKey
ZwSetSystemTime
ZwTerminateProcess
ZwQueryDirectoryFile
ZwCreateFile
ZwWriteFile
KeServiceDescriptorTable
ZwSetInformationFile
MmGetSystemRoutineAddress
IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
ObfDereferenceObject
ObQueryNameString
ZwCreateKey
RtlCopyUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcsncpy

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/VirKeyBd.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d5d93c9693be58a8d7438fd5d12d41ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Active\Virtual Keyboard\Release\VirKeyBd.pdb

Imports

kernel32

RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapReAlloc
GetCommandLineA
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetCurrentProcess
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
SetLastError
LockResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetProcAddress
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

DestroyMenu
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
ShowWindow
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
GetSysColorBrush
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
PtInRect
SetRect
SendMessageA
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
SetForegroundWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetParent
wsprintfA
RegisterClassA
RemovePropA
GetCapture
SetCapture
GetDesktopWindow
EnableWindow
ReleaseCapture
GetSystemMetrics
InflateRect
GetClassInfoA
GetSysColor
SetCursor
LoadCursorA
GetCursorPos
DrawFrameControl
UnregisterClassA
CharNextA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GetWindow
IsWindowVisible
DestroyWindow
IsWindow
InvalidateRect
FillRect

gdi32

GetDeviceCaps
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
CreatePen
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleTranslateColor
LoadRegTypeLi
SysStringLen
VariantClear
VariantChangeType
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftcomdll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ab455b752a87ba36ee269be736d2daf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
lstrcmpW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
CompareStringW
lstrlenA
MultiByteToWideChar
DebugBreak
HeapDestroy
FlushInstructionCache
WritePrivateProfileStringW
WritePrivateProfileSectionW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
lstrcpynW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetCurrentProcessId
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetShortPathNameW
CreateProcessW
DeleteCriticalSection
GetModuleHandleW
LoadLibraryW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW

user32

DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
EndPaint
CallWindowProcW
FindWindowW
GetWindowThreadProcessId
DialogBoxParamW
FillRect
GetDlgCtrlID
ScreenToClient
SetCursor
BeginPaint
DestroyWindow
GetCapture
ReleaseCapture
UpdateWindow
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
SendMessageTimeoutW
GetActiveWindow
CharNextW
SetWindowLongW
MessageBoxW
MessageBoxA
SendMessageW
CharLowerW
LoadStringW
EndDialog
DefWindowProcW
SetRectEmpty
PtInRect
SetCapture
WaitForInputIdle
wvsprintfW
CreateWindowExW
GetWindow
SystemParametersInfoW
MapWindowPoints
ReleaseDC
IsWindow
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
LoadCursorW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
GetWindowRect
GetDlgItemTextA
SetDlgItemTextW
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
GetCursorPos

gdi32

CreateFontIndirectW
GetStockObject
SelectObject
DeleteDC
DeleteObject
SetTextColor
SetBkMode
GetObjectW

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

SHSetValueW
SHGetValueW
PathFindFileNameW
SHDeleteValueW
SHGetValueA

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

msvcrt

_purecall
memcmp
??3@YAXPAX@Z
__CxxFrameHandler
memcpy
memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
??2@YAPAXI@Z
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_wcsicoll
wcschr
realloc
_except_handler3
wcsstr
wcscmp
strchr
malloc
free
_wtoi
_strlwr
strncat
_snprintf
iswdigit
_wcsicmp
swprintf
strcmp
strncpy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SaveV

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftct.exe
.exe windows:4 windows x86 arch:x86

bdf4d766fc387cc71401f8bd7b137a73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
CreateThread
SetFileAttributesW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
GetPrivateProfileStringW
lstrcmpW
Sleep
lstrcmpiW
WaitForMultipleObjects
CreateEventW
FindCloseChangeNotification
WaitForSingleObject
FindFirstChangeNotificationW
lstrcpynA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
ExitProcess
GetModuleFileNameA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
DeleteFileW
GetProcAddress
OpenEventW
GetLocalTime
GetPrivateProfileIntW
TerminateProcess
DebugBreak
lstrlenA
WritePrivateProfileStringW
GetModuleHandleW
HeapFree
HeapAlloc
CreateDirectoryW
MultiByteToWideChar
CopyFileW
VirtualFreeEx
GetExitCodeThread
GetCurrentProcessId
WriteProcessMemory
VirtualAllocEx
GetOEMCP
GetACP
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
TlsGetValue
SetLastError
TlsAlloc
SetEnvironmentVariableA
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
LoadLibraryW
InterlockedDecrement
FreeLibrary
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeviceIoControl
GetVersionExW
lstrcpynW
GetLastError
OutputDebugStringW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
CreateRemoteThread
CloseHandle

user32

SetWindowTextW
KillTimer
wvsprintfW
CharNextW
DispatchMessageW
SetTimer
SendMessageTimeoutW
GetThreadDesktop
RegisterWindowMessageW
TranslateAcceleratorW
CharUpperW
FindWindowW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowPos
OpenInputDesktop
GetUserObjectInformationW
SwitchDesktop
CloseDesktop
GetActiveWindow
MessageBoxA
GetClassInfoExW
wsprintfW
LoadImageW
RegisterClassExW
CallWindowProcW
SetWindowLongW
InvalidateRect
GetWindowRect
RemoveMenu
PtInRect
MapWindowPoints
IsWindow
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
MessageBeep
CreateWindowExW
LoadMenuW
LoadAcceleratorsW
SendMessageW
LoadStringW
SetFocus
GetWindowLongW
PostQuitMessage
LoadStringA
PostMessageW
DefWindowProcW
DestroyWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetClientRect
LoadCursorW

advapi32

RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AddAccessAllowedAce
InitializeAcl
LookupAccountNameW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
SHGetValueW
SHGetValueA
SHSetValueW

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/ftlive.dll
.dll windows:4 windows x86 arch:x86

948526c23759735deec92f057af14bd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
OpenMutexW
OutputDebugStringW
GetLastError
MoveFileExW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
lstrcmpiW
SetThreadPriority
GetCurrentThread
CreateMutexW
Thread32Next
ResumeThread
OpenThread
Thread32First
GetPrivateProfileIntW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
VirtualAllocEx
ExitProcess
GetWindowsDirectoryW
FreeLibrary
GetCurrentProcessId
CreateProcessW
FindClose
FindFirstFileW
ReadFile
FindNextFileW
DeleteFileW
GetSystemDirectoryW
CopyFileW
GetLocalTime
lstrcmpW
SetLastError
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
lstrlenA
CreateEventW
SetFileAttributesW
GetTempPathW
TerminateThread
CreateDirectoryW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
lstrlenW
lstrcpynW
VirtualProtect
FlushInstructionCache
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleFileNameA

user32

SendMessageTimeoutW
PostMessageW
GetWindowThreadProcessId
RegisterHotKey
SetTimer
UnregisterHotKey
KillTimer
DefWindowProcW
PostQuitMessage
RegisterClassExW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MessageBoxA
GetActiveWindow
WaitForInputIdle
GetSystemMetrics
ExitWindowsEx
LoadIconW
FindWindowW

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegCreateKeyExW
InitializeSecurityDescriptor

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHDeleteValueW
PathFindExtensionW
PathFindFileNameW
SHGetValueW
SHSetValueW
PathGetArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRenameExtensionW
PathRemoveFileSpecW
SHDeleteKeyW

wininet

InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

msvcrt

realloc
free
wcscmp
_snwprintf
__CxxFrameHandler
_beginthreadex
_wcslwr
_wcsicmp
_wtoi
_strtime
_vsnwprintf
time
sprintf
wcslen
wcsncpy
wcsstr
??2@YAPAXI@Z
swprintf
??3@YAXPAX@Z
_except_handler3
_wtol
wcsncat
_strnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
malloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftopt.exe
.exe windows:4 windows x86 arch:x86

f9fa649a829b383fe06ff8d892baf869

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
TerminateProcess
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
GetPrivateProfileSectionNamesW
MoveFileExW
GetPrivateProfileStringW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
Sleep
WritePrivateProfileStringW
CreateFileA
LoadLibraryA
VirtualFreeEx
CreateRemoteThread
GetModuleHandleW
WriteProcessMemory
VirtualAllocEx
GetPrivateProfileSectionW
CompareStringW
HeapFree
HeapAlloc
CreateProcessW
CreateDirectoryW
GetTempFileNameW
GetModuleFileNameW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
CopyFileW
SetFileAttributesW
GlobalFree
MulDiv
ResumeThread
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceW
ResetEvent
SetEvent
GetExitCodeThread
GetTempPathW
GetSystemDirectoryW
RaiseException
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
CompareStringA
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
SetLastError
TlsAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
ExitThread
TlsGetValue
TlsSetValue
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
OpenProcess
GetWindowsDirectoryW
GetModuleFileNameA
ExitProcess
DeviceIoControl
GetVersionExW
GetFileSize
ReadFile
DeleteFileW
GetLocalTime
CreateThread
WaitForSingleObject
lstrcpynW
SetEnvironmentVariableA
GetLastError
GetPrivateProfileIntW
OutputDebugStringW
DebugBreak
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

SendMessageTimeoutW
FindWindowW
GetParent
SetDlgItemTextW
SendMessageW
ReleaseDC
GetFocus
GetSysColor
IsWindowEnabled
GetWindowDC
GetDesktopWindow
CloseClipboard
SetClipboardData
EmptyClipboard
GetClassNameW
GetWindowTextLengthW
GetDC
OffsetRect
GetDlgCtrlID
KillTimer
IsRectEmpty
CreateWindowExW
WaitForInputIdle
CharLowerW
SetRectEmpty
SetCapture
PtInRect
ReleaseCapture
GetCapture
UpdateWindow
EndPaint
BeginPaint
GetDlgItem
DrawFocusRect
MessageBoxW
LoadStringW
FillRect
SetCursor
LoadCursorW
GetDlgItemTextW
SetFocus
GetDlgItemTextA
SetWindowLongW
wvsprintfW
OpenClipboard
CheckRadioButton
SetRect
GetUpdateRect
ExitWindowsEx
CharNextW
EndDialog
SetWindowPos
InvalidateRect
LoadIconW
SetWindowTextW
IsWindow
MoveWindow
ShowWindow
EnableWindow
SetTimer
GetWindowTextW
DestroyIcon
LoadImageW
IsDlgButtonChecked
CheckDlgButton
CallWindowProcW
LoadBitmapW
GetCursorPos
ScreenToClient
CopyRect
DrawTextW
DefWindowProcW
CharUpperW
DestroyWindow
DialogBoxParamW
GetWindowThreadProcessId
PostMessageW
GetActiveWindow
MessageBoxA
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints

gdi32

CreateSolidBrush
DeleteObject
CreateFontIndirectW
GetObjectW
SetBkMode
SetTextColor
SelectObject
GetStockObject
DeleteDC
EnumFontsW
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

advapi32

RegEnumValueW
AddAccessAllowedAce
RegQueryValueExW
RegCreateKeyExW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupAccountNameW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
InitializeAcl

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
DispCallFunc
VariantClear
SysAllocString
OleLoadPicture
LoadRegTypeLi
SysFreeString

comctl32

ImageList_Create
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_AddMasked

shlwapi

PathFileExistsW
PathFindFileNameW
SHSetValueW
SHGetValueA
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
SHDeleteValueW
SHSetValueA
SHGetValueW

wininet

HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

netapi32

Netbios

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/ftslsp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c0ff10d546113ffff4958a4158b34257

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
WideCharToMultiByte
CloseHandle
WriteFile
SetFilePointer
CreateFileW
LCMapStringW
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcpynW
CreateFileMappingW
lstrcatW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileSectionW
OutputDebugStringW
GetLastError
FreeLibrary
WaitForSingleObject
IsBadReadPtr
CreateProcessW
lstrcmpW
TlsGetValue
TlsSetValue
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcessId
TlsFree
OpenFileMappingW
lstrcmpiW
TlsAlloc
GetModuleHandleW
ExitProcess
GetModuleFileNameW
InitializeCriticalSection
MultiByteToWideChar
GetPrivateProfileStringW
LeaveCriticalSection
ExpandEnvironmentStringsW
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetWindowsDirectoryW
GetModuleFileNameA
OpenProcess
HeapFree
HeapAlloc
TerminateProcess
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
MapViewOfFile
GetModuleHandleA
UnmapViewOfFile
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LoadLibraryW
LoadLibraryA
DisableThreadLibraryCalls
GetCPInfo
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringA
HeapCreate
GetVersionExA
GetEnvironmentVariableA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapSize
SetLastError
GetCurrentThreadId
GetVersion
GetCommandLineA
RaiseException
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
SetEnvironmentVariableA

user32

SendMessageTimeoutW
MessageBoxA
GetActiveWindow
LoadStringW
wsprintfW
CharNextW
CharLowerW
FindWindowW
CharUpperW

advapi32

RegSetValueExW
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ws2_32

gethostbyname
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
WSASetLastError
WSCEnumProtocols
WSCGetProviderPath

shlwapi

PathUnquoteSpacesW
PathFindFileNameW
SHGetValueW
SHSetValueW
PathGetArgsW

wininet

InternetCrackUrlW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Resume
WSPStartup

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e0110c3cf49bf434e10503922b2ffaa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenW
lstrlenA
CompareStringA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
MultiByteToWideChar
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
OutputDebugStringA
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetModuleHandleA
GetProcAddress
lstrcmpA
lstrcpyA
lstrcpynA
CreateFileA
CloseHandle
HeapDestroy

user32

GetCapture
UpdateWindow
SetRectEmpty
CallWindowProcA
GetParent
LoadStringA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
CreateWindowExA
DefWindowProcA
SetWindowPos
GetWindowRect
SetWindowRgn
wvsprintfA
SetWindowTextA
IsWindowEnabled
DestroyIcon
DestroyWindow
GetSysColor
SetFocus
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetDlgCtrlID
GetCursorPos
ReleaseCapture
PtInRect
ScreenToClient
SetCursor
InvalidateRect
EndPaint
SetCapture
GetDC
InflateRect
DrawIconEx
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
GetWindowTextA
DrawTextA
SetWindowLongA
GetWindowLongA
BeginPaint
KillTimer
SendMessageA
GetClientRect
OffsetRect
CharLowerA
LoadImageA
CharUpperA
GetDesktopWindow
IsWindow
CharNextA

gdi32

CreateRoundRectRgn
CombineRgn
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetBkMode
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
ExtractIconA

ole32

CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
OleLoadPicture
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VariantClear

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathIsURLA

msvcrt

_purecall
memset
_vsnprintf
_mbscmp
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Help.chm
.chm
JpgVSbmp.dll
.dll windows:4 windows x86 arch:x86

f0b9ed64fde0f3e55899eb4261aaed7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetTimeZoneInformation
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetACP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
GetFileTime
GetFileAttributesA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
HeapFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
WideCharToMultiByte
InterlockedIncrement
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
SetLastError
InterlockedDecrement
lstrlenA
lstrcmpA
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
CreateFileA
CloseHandle
GlobalHandle
GetStringTypeW

user32

GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuItemCount
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
WinHelpA
GetDlgItem
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetSystemMetrics
CharUpperA
wsprintfA
UnhookWindowsHookEx
GetActiveWindow
MessageBoxA
ScreenToClient
GetClientRect
ClientToScreen
GetClassInfoA
RegisterClassA
GetWindowRect
IsRectEmpty
GetSysColor
LoadCursorA
SetCursor
GetDC
ReleaseDC
UnregisterClassA
SetMenuItemBitmaps

gdi32

CreatePalette
GetObjectA
BitBlt
RealizePalette
CreateCompatibleDC
StretchBlt
GetPaletteEntries
GetDeviceCaps
GetSystemPaletteEntries
CreateDIBitmap
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateDIBSection
CreateHalftonePalette
CreateCompatibleBitmap
CreateDCA
StretchDIBits
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BmpToJpg
CopyClientRectToBitmap
CopyClientRectToDIB
CopyScreenToBitmap
CopyScreenToDIB
CopyWindowToBitmap
CopyWindowToDIB
DIBToJpg
DitherDisplayDIB
JpgToBmp
PaintBitmap
PaintDIB
PaintJPG
PaintJPG2
PaintJPG3
PaintJPG4

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Message.dll
.dll regsvr32 windows:4 windows x86 arch:x86

841400684750123fe2230490ae5073e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionNamesA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
lstrlenW
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetTickCount
WideCharToMultiByte
lstrcatA
GetModuleFileNameA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetLocalTime
GetPrivateProfileStringA
lstrcmpiA
GetPrivateProfileIntA
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateThread

user32

wsprintfA
GetClassNameA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
PostQuitMessage
GetDesktopWindow
wvsprintfA
CharNextA
LoadStringA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
KillTimer
SetTimer
ShowWindow
PostMessageA
CharLowerA
DispatchMessageA
SystemParametersInfoA
GetWindowRect
OffsetRect
SetWindowRgn
AnimateWindow
TranslateMessage
GetDC
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
IsWindow
GetSysColor
SetFocus
IsChild
GetFocus
CallWindowProcA
EndPaint
ReleaseDC
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
GetMessageA

gdi32

CreateRoundRectRgn
CombineRgn
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
DispCallFunc
OleCreateFontIndirect
SysFreeString

shlwapi

PathIsURLA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

msvcrt

time
_mbscmp
difftime
abs
??3@YAXPAX@Z
__CxxFrameHandler
atoi
memset
_vsnprintf
_ftol
memcpy
??2@YAPAXI@Z
_mbsstr
wcslen
_ismbcdigit
realloc
free
memcmp
_mbschr
atol
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMSashok.dll
.dll windows:4 windows x86 arch:x86

b2dab1fd7df64cc23633a26d5b7ede88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\NMSashok.pdb

Imports

kernel32

lstrcmpA
CloseHandle
OutputDebugStringA
GetModuleFileNameA
HeapSize
ExitProcess
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LoadLibraryA
RtlUnwind
InterlockedExchange
HeapReAlloc
InitializeCriticalSection

user32

OpenDesktopA
EnumDesktopWindows
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
CallNextHookEx
CallWindowProcA
GetWindowTextA

Exports

Exports

DisableHotKey

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/$WINDIR/report.htm
.html .js polyglot
backup/$WINDIR/res.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/FT_ET99_API.cab
.cab
FT_ET99_API.dll
.dll windows:4 windows x86 arch:x86

e2d1b2ffa4a28c81124f88c56ed492a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/05/2007, 00:00

Not After

02/06/2010, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Feitian Technologies Co.\, Ltd.,L=Beijing\,China,ST=Beijing\,China,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

Actual PE Digest

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetVersionExA
TerminateProcess
WideCharToMultiByte
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
IsBadReadPtr
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetFeature
HidD_GetAttributes
HidD_SetFeature

Exports

Exports

MD5_HMAC
et_ChangeUserPIN
et_CloseToken
et_FindToken
et_GenPID
et_GenRandom
et_GenSOPIN
et_GetSN
et_HMAC_MD5
et_OpenToken
et_Read
et_ResetPIN
et_ResetSecurityState
et_SetKey
et_SetupToken
et_TurnOffLED
et_TurnOnLED
et_Verify
et_Write

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/MonUrlExt.cab
.cab
MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b9b2457981d242cab965a350960225d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\项目\Ft3\Release\MonUrlExt.pdb

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
lstrcpyW
WriteFile
SetFilePointer
CreateFileW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
GetLastError
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcmpW
CloseHandle
ExitProcess
GetWindowsDirectoryW
OpenProcess
FreeLibrary
GetCurrentProcessId
TerminateProcess
GetSystemTime
GetLocalTime
LCMapStringW
MultiByteToWideChar
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
FlushInstructionCache
LoadLibraryW
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
VirtualProtect
VirtualQuery
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
GetSystemInfo
SetUnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

GetClassNameW
CreateWindowExW
MessageBoxA
GetActiveWindow
CharNextW
RegisterWindowMessageW
FindWindowW
SendMessageTimeoutW
DestroyWindow

advapi32

RegQueryInfoKeyW
RegQueryValueExW
GetUserNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc
SHGetFileInfoW

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocStringLen
VarBstrCmp
SysAllocString
SysFreeString
SysStringLen
VarBstrCat
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen

shlwapi

SHDeleteValueW
SHSetValueW
PathFindExtensionW
SHGetValueW
PathFindFileNameW

wininet

InternetCrackUrlW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftcomdll.cab
.cab
ftcomdll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ab455b752a87ba36ee269be736d2daf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
lstrcmpW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
CompareStringW
lstrlenA
MultiByteToWideChar
DebugBreak
HeapDestroy
FlushInstructionCache
WritePrivateProfileStringW
WritePrivateProfileSectionW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
lstrcpynW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetCurrentProcessId
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetShortPathNameW
CreateProcessW
DeleteCriticalSection
GetModuleHandleW
LoadLibraryW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW

user32

DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
EndPaint
CallWindowProcW
FindWindowW
GetWindowThreadProcessId
DialogBoxParamW
FillRect
GetDlgCtrlID
ScreenToClient
SetCursor
BeginPaint
DestroyWindow
GetCapture
ReleaseCapture
UpdateWindow
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
SendMessageTimeoutW
GetActiveWindow
CharNextW
SetWindowLongW
MessageBoxW
MessageBoxA
SendMessageW
CharLowerW
LoadStringW
EndDialog
DefWindowProcW
SetRectEmpty
PtInRect
SetCapture
WaitForInputIdle
wvsprintfW
CreateWindowExW
GetWindow
SystemParametersInfoW
MapWindowPoints
ReleaseDC
IsWindow
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
LoadCursorW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
GetWindowRect
GetDlgItemTextA
SetDlgItemTextW
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
GetCursorPos

gdi32

CreateFontIndirectW
GetStockObject
SelectObject
DeleteDC
DeleteObject
SetTextColor
SetBkMode
GetObjectW

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

SHSetValueW
SHGetValueW
PathFindFileNameW
SHDeleteValueW
SHGetValueA

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

msvcrt

_purecall
memcmp
??3@YAXPAX@Z
__CxxFrameHandler
memcpy
memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
??2@YAPAXI@Z
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_wcsicoll
wcschr
realloc
_except_handler3
wcsstr
wcscmp
strchr
malloc
free
_wtoi
_strlwr
strncat
_snprintf
iswdigit
_wcsicmp
swprintf
strcmp
strncpy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SaveV

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftct.cab
.cab
ftct.exe
.exe windows:4 windows x86 arch:x86

bdf4d766fc387cc71401f8bd7b137a73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
CreateThread
SetFileAttributesW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
GetPrivateProfileStringW
lstrcmpW
Sleep
lstrcmpiW
WaitForMultipleObjects
CreateEventW
FindCloseChangeNotification
WaitForSingleObject
FindFirstChangeNotificationW
lstrcpynA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
ExitProcess
GetModuleFileNameA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
DeleteFileW
GetProcAddress
OpenEventW
GetLocalTime
GetPrivateProfileIntW
TerminateProcess
DebugBreak
lstrlenA
WritePrivateProfileStringW
GetModuleHandleW
HeapFree
HeapAlloc
CreateDirectoryW
MultiByteToWideChar
CopyFileW
VirtualFreeEx
GetExitCodeThread
GetCurrentProcessId
WriteProcessMemory
VirtualAllocEx
GetOEMCP
GetACP
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
TlsGetValue
SetLastError
TlsAlloc
SetEnvironmentVariableA
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
LoadLibraryW
InterlockedDecrement
FreeLibrary
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeviceIoControl
GetVersionExW
lstrcpynW
GetLastError
OutputDebugStringW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
CreateRemoteThread
CloseHandle

user32

SetWindowTextW
KillTimer
wvsprintfW
CharNextW
DispatchMessageW
SetTimer
SendMessageTimeoutW
GetThreadDesktop
RegisterWindowMessageW
TranslateAcceleratorW
CharUpperW
FindWindowW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowPos
OpenInputDesktop
GetUserObjectInformationW
SwitchDesktop
CloseDesktop
GetActiveWindow
MessageBoxA
GetClassInfoExW
wsprintfW
LoadImageW
RegisterClassExW
CallWindowProcW
SetWindowLongW
InvalidateRect
GetWindowRect
RemoveMenu
PtInRect
MapWindowPoints
IsWindow
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
MessageBeep
CreateWindowExW
LoadMenuW
LoadAcceleratorsW
SendMessageW
LoadStringW
SetFocus
GetWindowLongW
PostQuitMessage
LoadStringA
PostMessageW
DefWindowProcW
DestroyWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetClientRect
LoadCursorW

advapi32

RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AddAccessAllowedAce
InitializeAcl
LookupAccountNameW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
SHGetValueW
SHGetValueA
SHSetValueW

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
backup/ftdrv.cab
.cab
ftdrv.sys
.sys windows:4 windows x86 arch:x86

fe8f3f9e6d4256ff85712f9f7d38b29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
ExFreePoolWithTag
PsGetCurrentProcessId
wcscat
ExAllocatePoolWithTag
wcslen
wcsrchr
wcsstr
RtlCompareUnicodeString
strncmp
_strlwr
_stricmp
_wcsicmp
ZwQueryInformationProcess
ExGetPreviousMode
DbgPrint
RtlInitUnicodeString
_except_handler3
MmIsAddressValid
IoGetCurrentProcess
strncpy
wcscpy
swprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeleteKey
ZwSetValueKey
ZwDeleteValueKey
ZwSetSystemTime
ZwTerminateProcess
ZwQueryDirectoryFile
ZwCreateFile
ZwWriteFile
KeServiceDescriptorTable
ZwSetInformationFile
MmGetSystemRoutineAddress
IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
ObfDereferenceObject
ObQueryNameString
ZwCreateKey
RtlCopyUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcsncpy

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftgzip.cab
.cab
ftgzip.dll
.dll windows:4 windows x86 arch:x86

86d97ce1716c56a2b13af0c237b5f5da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock

msvcrt

free
malloc
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
calloc
_initterm
_adjust_fdiv

Exports

Exports

Gzip2A
Gzip2AEx
deflate_uncompress

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftlive.cab
.cab
ftlive.dll
.dll windows:4 windows x86 arch:x86

948526c23759735deec92f057af14bd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
OpenMutexW
OutputDebugStringW
GetLastError
MoveFileExW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
lstrcmpiW
SetThreadPriority
GetCurrentThread
CreateMutexW
Thread32Next
ResumeThread
OpenThread
Thread32First
GetPrivateProfileIntW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
VirtualAllocEx
ExitProcess
GetWindowsDirectoryW
FreeLibrary
GetCurrentProcessId
CreateProcessW
FindClose
FindFirstFileW
ReadFile
FindNextFileW
DeleteFileW
GetSystemDirectoryW
CopyFileW
GetLocalTime
lstrcmpW
SetLastError
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
lstrlenA
CreateEventW
SetFileAttributesW
GetTempPathW
TerminateThread
CreateDirectoryW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
lstrlenW
lstrcpynW
VirtualProtect
FlushInstructionCache
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleFileNameA

user32

SendMessageTimeoutW
PostMessageW
GetWindowThreadProcessId
RegisterHotKey
SetTimer
UnregisterHotKey
KillTimer
DefWindowProcW
PostQuitMessage
RegisterClassExW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MessageBoxA
GetActiveWindow
WaitForInputIdle
GetSystemMetrics
ExitWindowsEx
LoadIconW
FindWindowW

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegCreateKeyExW
InitializeSecurityDescriptor

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHDeleteValueW
PathFindExtensionW
PathFindFileNameW
SHGetValueW
SHSetValueW
PathGetArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRenameExtensionW
PathRemoveFileSpecW
SHDeleteKeyW

wininet

InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

msvcrt

realloc
free
wcscmp
_snwprintf
__CxxFrameHandler
_beginthreadex
_wcslwr
_wcsicmp
_wtoi
_strtime
_vsnwprintf
time
sprintf
wcslen
wcsncpy
wcsstr
??2@YAPAXI@Z
swprintf
??3@YAXPAX@Z
_except_handler3
_wtol
wcsncat
_strnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
malloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftopt.cab
.cab
backup/ftslsp.cab
.cab
backup/ftsurfmon.cab
.cab
configcenter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fa183a9cf0ded156b7cd714b0340330c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetLastError
lstrcpynW
WaitForSingleObject
InterlockedIncrement
lstrlenA
MultiByteToWideChar
DebugBreak
MoveFileExW
HeapDestroy
DeviceIoControl
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
WritePrivateProfileStringW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CopyFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateThread
Sleep
WritePrivateProfileSectionW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle
GetVersionExW

user32

DialogBoxParamW
MessageBoxW
CharNextW
SetWindowLongW
LoadStringW
wvsprintfW
SetDlgItemTextW
EndDialog
GetDlgItemTextW
GetDlgCtrlID
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
MessageBoxA
GetWindowLongW
GetWindowRect
GetWindow
GetParent
CharUpperW
GetActiveWindow

gdi32

SetTextColor
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHCreateDirectoryExW

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

SHSetValueW
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
SHDeleteValueW

msvcrt

wcslen
malloc
_initterm
free
_onexit
__dllonexit
memmove
_wcsnicmp
wcsstr
swprintf
_snprintf
strncat
_strlwr
_wtoi
iswdigit
??2@YAPAXI@Z
memcmp
??3@YAXPAX@Z
wcscmp
__CxxFrameHandler
memcpy
memset
_vsnwprintf
time
sprintf
strcat
strlen
_adjust_fdiv

wininet

HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetCrackUrlW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftgzip.dll
.dll windows:4 windows x86 arch:x86

86d97ce1716c56a2b13af0c237b5f5da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock

msvcrt

free
malloc
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
calloc
_initterm
_adjust_fdiv

Exports

Exports

Gzip2A
Gzip2AEx
deflate_uncompress

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftmsgbk.bmp
ftupdate.dll
.dll windows:4 windows x86 arch:x86

88154e8742331f7d19c1458a9a9cde99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\Ft3\Release\SoftUpdate.pdb

Imports

kernel32

WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
MultiByteToWideChar
lstrcatA
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
WritePrivateProfileStringA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
OutputDebugStringA
WriteFile
SetFilePointer
FlushFileBuffers
SetStdHandle
lstrcpynA
GetCurrentProcessId
GetModuleFileNameA
DeviceIoControl
CloseHandle
CreateFileA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateDirectoryA
GetVersionExA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocalTime
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
InitializeSecurityDescriptor

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA
SHSetValueA
PathRemoveFileSpecA
SHGetValueA
PathFileExistsA

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

GetPEFileVersion
RebootUpdate
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
game.ini
hint.ini
img/bk.bmp
img/msgSkin.ini
lockscr.exe
.exe windows:4 windows x86 arch:x86

f73c366d7ecb80927e6d6fa4ecad54d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetModuleFileNameW
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStartupInfoA
GetFileType
TerminateProcess
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
RtlUnwind
GetCurrentProcessId
GetWindowsDirectoryW
GetModuleFileNameA
ExitProcess
FreeLibrary
LoadLibraryW
FlushInstructionCache
DeleteCriticalSection
CloseHandle
HeapDestroy
InitializeCriticalSection
CreateMutexW
lstrcpyW
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
CreateRemoteThread
VirtualFreeEx
OpenProcess
DeviceIoControl
GetVersionExW
LocalAlloc
LocalLock
LocalUnlock
GlobalSize
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
DebugBreak
lstrlenA
MultiByteToWideChar
InterlockedIncrement
WaitForSingleObject
lstrcatW
GetLastError
FormatMessageW
LocalFree
CreateFileW
WideCharToMultiByte
SetFilePointer
WriteFile
OutputDebugStringW
HeapAlloc
HeapFree
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrlenW
InterlockedDecrement
GetStdHandle

user32

FindWindowW
LoadStringW
ReleaseDC
GetDC
MessageBoxW
wvsprintfW
CharNextW
SetCursor
LoadCursorW
IsRectEmpty
GetWindowRect
SendMessageTimeoutW
DestroyWindow
DialogBoxParamW
GetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
MessageBoxA
ExitWindowsEx
GetTopWindow
GetWindowThreadProcessId
BeginPaint
InflateRect
DrawTextW
GetClientRect
KillTimer
MoveWindow
GetWindowLongW
GetParent
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
LoadImageW
SendMessageW
SetForegroundWindow
GetDlgItem
ShowWindow
InvalidateRect
SetTimer
SetWindowLongW
LoadBitmapW
EndDialog
GetSystemMetrics
SetCursorPos
DefWindowProcW
GetActiveWindow
EndPaint

gdi32

ExtTextOutW
SetTextColor
CreateFontW
SetBkMode
SetBkColor
GetNearestPaletteIndex
SetSystemPaletteUse
ResizePalette
SetPaletteEntries
StretchDIBits
CreateDCW
CreateCompatibleBitmap
GetPaletteEntries
CreateCompatibleDC
SelectObject
SetStretchBltMode
StretchBlt
BitBlt
DeleteObject
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetDeviceCaps
GetSystemPaletteEntries
GetObjectW
GetDIBits
CreatePalette
DeleteDC

advapi32

GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

SHGetValueW
PathFileExistsW
SHSetValueW

winmm

PlaySoundW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
log.dll
.dll regsvr32 windows:4 windows x86 arch:x86

69941738daed007a19b365d8aaff4045

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
DisableThreadLibraryCalls
FindClose
FindNextFileW
FindFirstFileW
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
ExitProcess
MultiByteToWideChar
GetModuleFileNameA
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
ProcessIdToSessionId
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
CreateDirectoryW
TerminateProcess
lstrcmpiW
WritePrivateProfileStringW
MoveFileExW
GetTempFileNameW
FlushInstructionCache
GetCurrentProcess
CloseHandle
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetFileSize
ReadFile
DeleteFileW
GetLocalTime
CreateThread
WaitForSingleObject
lstrcpynW
GetLastError
FormatMessageW
LocalFree
OutputDebugStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenMutexW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetWindowsDirectoryW

user32

CharUpperW
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
GetDlgItem
CheckRadioButton
SetDlgItemTextW
GetParent
GetWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetWindowLongW
SetWindowLongW
CallWindowProcW
DestroyWindow
CreateWindowExW
DefWindowProcW
GetClientRect
SendMessageW
CharLowerW
GetWindowThreadProcessId
WaitForInputIdle
MessageBoxA
LoadCursorW
SystemParametersInfoW
OpenInputDesktop
CloseDesktop
GetSystemMetrics
GetForegroundWindow
SetCursor
GetActiveWindow
LoadStringW
CharNextW
wvsprintfW
MessageBoxW
FindWindowW
SendMessageTimeoutW
SetDlgItemInt

gdi32

GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

LookupAccountSidW
GetUserNameW
InitializeSecurityDescriptor
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
SetSecurityDescriptorDacl
GetTokenInformation
CreateProcessAsUserW
SetSecurityInfo
AddAccessAllowedAce
InitializeAcl
LookupAccountNameW
SetNamedSecurityInfoW
RegQueryValueExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance

oleaut32

SysFreeString
RegisterTypeLi
LoadTypeLi
SysAllocString

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage

shlwapi

SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
SHGetValueA
SHSetValueW

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
_strtime
__CxxFrameHandler
memset
_adjust_fdiv
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
memcpy
iswdigit
wcsncpy
_wtoi
abs
swscanf
_wcsicmp
wcscmp
difftime
_ftol
memcmp
free
_strlwr
strncat
_snprintf
_snwprintf
swprintf
_wcslwr
strcmp
strncpy
wcsstr
realloc
memmove
localtime
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
malloc

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
messageconfig.ini
msgSkin.ini
networksoft.ini
pgkl.cab
plm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ab7d6b1274a6f7331cc377016b231a70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
GetVersionExW
DeviceIoControl
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
TerminateProcess
lstrcmpiW
WritePrivateProfileStringW
GetModuleFileNameW
MultiByteToWideChar
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
WritePrivateProfileSectionW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetPrivateProfileSectionNamesW
WaitForSingleObject
lstrcpynW
OutputDebugStringW
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileSectionW
GetPrivateProfileIntW
lstrlenA
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

IsWindowVisible
GetWindowTextW
ShowWindow
EnumWindows
CharUpperW
GetCursorPos
ScreenToClient
EndDialog
KillTimer
SetTimer
SetDlgItemTextW
SetFocus
IsWindowEnabled
CheckRadioButton
EnableWindow
IsDlgButtonChecked
DialogBoxParamW
LoadIconW
DestroyIcon
GetDlgItem
CheckDlgButton
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
GetWindowLongW
SetWindowLongW
CallWindowProcW
DestroyWindow
CreateWindowExW
DefWindowProcW
GetClientRect
SendMessageW
GetWindowThreadProcessId
GetActiveWindow
MessageBoxA
CharNextW
wvsprintfW
MessageBoxW
LoadStringW
FindWindowW
SendMessageTimeoutW
GetDlgItemTextW

gdi32

GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ExtractIconW
SHCreateDirectoryExW
SHGetPathFromIDListW

ole32

CoCreateInstance

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString

comctl32

ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

shlwapi

PathMatchSpecW
SHDeleteValueW
PathFindFileNameW
PathFileExistsW
SHGetValueW
SHSetValueW

msvcrt

memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
_adjust_fdiv
__CxxFrameHandler
memcpy
wcschr
realloc
free
??2@YAPAXI@Z
iswdigit
_wtoi
_strlwr
strncat
_snprintf
swprintf
_wcslwr
wcscmp
wcsstr
memmove
memcmp
__dllonexit
_onexit
_initterm
malloc
??3@YAXPAX@Z

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
NeedBlock
Recover
Setting
UnInit

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
security.exe
.exe windows:4 windows x86 arch:x86

91696d44c81dc0ab8158aacd72d9a603

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GetLastError
lstrcpynA
GetVersionExA
DeviceIoControl
LockResource
SizeofResource
LoadResource
FindResourceA
LocalFree
GetModuleFileNameA
DeleteFileA
GetWindowsDirectoryA
lstrlenA
QueryDosDeviceA
MoveFileExA
SetEndOfFile
LoadLibraryA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringA
CreateDirectoryA
lstrcpyA
GetSystemDirectoryA
lstrcatA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
ReadFile
VirtualAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree

user32

MessageBoxA

advapi32

DeleteService
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHSetValueA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecA
SHDeleteKeyA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssi.dat
surfctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0db87b4c3a14277c9bb8233f3afeb27b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapReAlloc
GetCommandLineA
RaiseException
ExitThread
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
FindResourceExW
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThread
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetVersion
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetTimeZoneInformation
SetTimeZoneInformation
SystemTimeToFileTime
GetSystemDirectoryW
GetExitCodeProcess
MulDiv
GlobalUnlock
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalLock
GetTempPathW
CopyFileW
GetPrivateProfileSectionNamesW
lstrlenA
MultiByteToWideChar
SetSystemTime
SetLastError
GetSystemTime
Sleep
GetTempFileNameW
CreateProcessW
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
lstrcmpW
GetTickCount
TerminateProcess
MoveFileExW
GetModuleFileNameW
GetCurrentProcessId
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GlobalFree
GlobalAlloc
GetCurrentProcess
lstrcmpiW
GetModuleHandleW
GetProcAddress
OpenProcess
WritePrivateProfileSectionW
WritePrivateProfileStringW
DeviceIoControl
GetVersionExW
DeleteFileW
CreateThread
WaitForSingleObject
GetLocalTime
GetLastError
LocalFree
OutputDebugStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenMutexW
lstrlenW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
LCMapStringW
CloseHandle

user32

GetSysColorBrush
UnregisterClassW
DestroyMenu
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
MapDialogRect
GetAsyncKeyState
DrawFocusRect
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
GetFocus
SetFocus
AdjustWindowRectEx
IsWindowVisible
GetTopWindow
GetCapture
WinHelpW
wsprintfW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
CreateWindowExW
CopyRect
ReleaseCapture
SetCapture
GetParent
InvalidateRect
IsRectEmpty
SetRect
GetSysColor
LoadMenuW
GetSubMenu
CheckMenuItem
PtInRect
GetSystemMetrics
DestroyWindow
LoadCursorW
SetCursor
GetCursorPos
ScreenToClient
OffsetRect
ExitWindowsEx
SetWindowPos
SetTimer
KillTimer
EqualRect
InflateRect
FillRect
UpdateLayeredWindow
GetWindowRect
GetClassInfoW
GetClientRect
GetDesktopWindow
GetActiveWindow
MessageBoxA
GetForegroundWindow
GetWindowLongW
SetForegroundWindow
EnumWindows
PostMessageW
GetClassNameW
GetWindowThreadProcessId
GetLastInputInfo
LoadStringW
GetDlgItem
SendMessageW
LoadBitmapW
IsWindow
MessageBoxW
FindWindowW
SendMessageTimeoutW
EnableWindow
GetLastActivePopup

gdi32

GetTextMetricsW
EnumFontFamiliesExW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
SetStretchBltMode
SetBkMode
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectW
ScaleWindowExtEx
SetWindowExtEx
SetMapMode
EnumFontsW
CreateFontIndirectW
GetPixel
SetPixelV
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
CreateFontW
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHCreateDirectoryExW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy

ole32

CoUninitialize
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
PathRemoveFileSpecW
SHDeleteKeyW
PathFindFileNameW
SHGetValueA
SHSetValueW
SHGetValueW
PathFileExistsW

setupapi

SetupIterateCabinetW

gdiplus

GdipCreateFont
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipGetInterpolationMode
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipGetImageHeight
GdipDrawString
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipCloneBrush
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteBrush
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipSetInterpolationMode
GdipAlloc
GdipGetImageWidth
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectI
GdipDeleteFontFamily

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recv
ntohl
htonl
socket
WSAStartup
WSACleanup
select
closesocket
WSCEnumProtocols
send
connect
htons
inet_addr
gethostbyname

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Exports

Exports

Command
DllRegisterServer
DllUnregisterServer
FltLayTimeSetting
Init
IsLimitGame
Recover
RunTimeSecSetting
Setting
UnInit

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Code Sign

2c:11:0d:80:76:ae:89:e9:c5:93:7e:2c:04:02:2d:3bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

40:39:ac:08:e5:8a:9b:a2:5c:b9:d3:73:4e:d2:19:70:20:2e:b3:57Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 400KB

.rsrc Size: 6KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 730B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

2c:11:0d:80:76:ae:89:e9:c5:93:7e:2c:04:02:2d:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

40:39:ac:08:e5:8a:9b:a2:5c:b9:d3:73:4e:d2:19:70:20:2e:b3:57
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 400KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB