0735b5417ed76eeed70ddc8de96a8a02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0735b5417ed76eeed70ddc8de96a8a02_JaffaCakes118
Size

1.5MB
MD5

0735b5417ed76eeed70ddc8de96a8a02
SHA1

2927edd30846044baa2487f4d83dc537c24270c4
SHA256

0c781d401d0fd4de29a7bbe121b56a1462d142945cb9baa37e6628663722634c
SHA512

7e60040596bb139bbf55a79815477657055c4905ff2cc45b1471f7bee28b08fc4a8776467352a95aab5eed60cc94f7d61dfa99797c0933fc3f85f171f439cf8a
SSDEEP

24576:o0MbwN0/MZoHXAYD1ZQ+eaD5XP7BiTtuLyMfv/h6sVqNmxNfxRWJDC:o7bwsMQX/B5f9SursYo8Nfx8pC

Score

3^/10

Malware Config

Signatures

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_DosRecorder1012_CZ.EXE
unpack002/$PLUGINSDIR/installoptions.dll
unpack002/$PLUGINSDIR/killprocdll.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$PLUGINSDIR/nsweb.dll
unpack002/$PLUGINSDIR/startmenu.dll
unpack002/$PLUGINSDIR/system.dll
unpack002/$PLUGINSDIR/textreplace.dll
unpack002/$PLUGINSDIR/time.dll
unpack002/$PROGRAM_FILES/Baidu/bar/TempData.KGB
unpack002/$PROGRAM_FILES/Baidu/bar/baidubar.dll
unpack002/$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
unpack002/$WINDIR/DosPlay.EXE
unpack002/Convert/convert.exe
unpack002/File,Diz.ThX
unpack002/Lang2052.DAT
unpack002/Player/player2.exe
unpack002/Recorder.exe
unpack002/uninst.exe
unpack005/$PLUGINSDIR/killprocdll.dll
unpack005/$PROGRAM_FILES/Baidu/bar/TempData.KGB

Files

0735b5417ed76eeed70ddc8de96a8a02_JaffaCakes118
.rar
HA_DosRecorder1012_CZ.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.uNSIS
Size: 139B - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HelloFAR
Size: 47KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/installoptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsweb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/startmenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/system.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/textreplace.dll
.dll windows:4 windows x86 arch:x86

68af796cbe4fdd2d5baf33b0af9aa583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
lstrcatA
lstrcpynA
lstrcmpA
lstrlenA
GlobalFree
CloseHandle
ReadFile
GlobalAlloc
GetFileSize
CreateFileA
WriteFile
SetFileAttributesA
GetFileAttributesA
CopyFileA

user32

CharUpperA

Exports

Exports

FILLREADBUFFER
FREEREADBUFFER
FindInFile
ReplaceInFile

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

5c9a5d5468ec62f250171c012eda3c26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
lstrcmpA
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
CloseHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

GETFILETIME
GETFILETIMEUTC
GETLOCALTIME
GETLOCALTIMEUTC
MATHTIME
SETFILETIME
SETFILETIMEUTC
SETLOCALTIME
SETLOCALTIMEUTC
TIMESTRING

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/baidubar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
$PROGRAM_FILES_COMMON/NSISLog/Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/DosPlay.EXE
.exe windows:4 windows x86 arch:x86

646a6734a67bcbc02c7ac96cceb2287e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WriteConsoleOutputA
VirtualQuery
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
SetConsoleScreenBufferSize
SetConsoleMode
SetConsoleCursorPosition
ReadConsoleInputA
PeekConsoleInputA
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetNumberOfConsoleInputEvents
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetFileAttributesA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8.6MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Convert/convert.exe
.exe windows:4 windows x86 arch:x86

d6e8a308aba2b4f539ad94b5ec78789c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
VirtualQuery
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetFileAttributesA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 4.8MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Demos/SupM_ID.dm2
.gz
SupM_ID.dm2
Demos/gibbpost.dm2
.gz
gibbpost.dm2
Demos/readme.txt
File,Diz.ThX
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KAV
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GPLv2.txt
Java/local_example.html
.html
Java/online_example.html
.html
Java/player.jar
.jar
Lang2052.DAT
.exe windows:4 windows x86 arch:x86

d31173ca8ec2d5e26170e3b96a28428f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrcatA
GetLastError
lstrcpynA
lstrcmpiA
WinExec
GetModuleFileNameA
TerminateProcess
lstrlenA
LoadLibraryA
WritePrivateProfileStringA
GetModuleHandleA
GetVersion
WriteFile
MoveFileExA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
DeleteFileA
GetVersionExA
GetCurrentProcess
CloseHandle
GetTempPathA
GetProcAddress
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentStrings
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
LCMapStringW
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter

user32

ExitWindowsEx
wsprintfA
MessageBoxA

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
CreateServiceA
StartServiceA
ControlService
OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
DeleteService
RegDeleteKeyA
RegEnumKeyExA
AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 352KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Player/player2.exe
.exe windows:4 windows x86 arch:x86

646a6734a67bcbc02c7ac96cceb2287e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WriteConsoleOutputA
VirtualQuery
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
SetConsoleScreenBufferSize
SetConsoleMode
SetConsoleCursorPosition
ReadConsoleInputA
PeekConsoleInputA
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetNumberOfConsoleInputEvents
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetFileAttributesA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8.6MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ReadMe.txt
Recorder.exe
.exe windows:4 windows x86 arch:x86

178c5d49382c063b75f3836b21d3d572

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAllocEx
VirtualAlloc
SizeofResource
SetThreadLocale
SetPriorityClass
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadProcessMemory
ReadFile
OpenProcess
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 4.9MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Source/Common/Common.pas
Source/Common/Common2.pas
Source/Common/Decode0.pas
Source/Common/Decode1.pas
Source/Common/Decode2.pas
Source/Common/Encode0.pas
Source/Common/Encode2.pas
Source/Common/ScrUtils.pas
Source/Common/options.inc
Source/Convert/Convert_debug.pp
Source/Convert/comp.pp
Source/Convert/convert.map
Source/Convert/convert.pp
Source/Convert/decomp.map
Source/Convert/decomp.pp
Source/Java/.classpath
.xml
Source/Java/.project
.xml
Source/Java/Control.class
Source/Java/Control.java
.java .js
Source/Java/Cursor.class
Source/Java/Cursor.java
.java .js
Source/Java/ScrBuffer.class
Source/Java/ScrBuffer.java
Source/Java/Show.class
Source/Java/Show.java
Source/Java/Show1123934665556.html
.html
Source/Java/TFrame.class
Source/Java/TFrame.java
Source/Java/bm8x16.class
Source/Java/bm8x16.java
Source/Java/dm2Decoder$TChunkHeader.class
Source/Java/dm2Decoder.class
Source/Java/dm2Decoder.java
.java .js
Source/Java/font8x16.fnt
Source/Java/java.policy.applet
Source/Java/the_font.class
Source/Java/the_font.java
Source/Java/use4.html
.html
Source/LinuxRecorder/readme.txt
Source/LinuxRecorder/recorder.pp
.js
Source/Player/MyCrt.pp
Source/Player/Player_icon.res
Source/Player/WinCrt.pas
Source/Player/player1.pp
Source/Player/player2.bdsproj
Source/Player/player2.dpr
Source/Player/player2_ppas.bat
Source/Player/player2_script.res
Source/Player/ppas.bat
Source/Player/test.pas
Source/Player/test_d.bat
Source/Player/test_fp_dos.bat
Source/Player/test_fp_win32.bat
Source/Recorder/About.dfm
Source/Recorder/About.pas
Source/Recorder/Annotations.dfm
Source/Recorder/Annotations.pas
Source/Recorder/Capturers/ADOM.pas
Source/Recorder/Capturers/Capturers.pas
Source/Recorder/Capturers/NTConsole.pas
.js
Source/Recorder/Capturers/NTVDM.pas
Source/Recorder/Main.dfm
Source/Recorder/Main.pas
Source/Recorder/Recorder.bdsproj
Source/Recorder/Recorder.dpr
Source/Recorder/Recorder.map
Source/Recorder/Recorder.res
Source/Recorder/RegConfig.pas
Source/Recorder/ScreenFormats.pas
Source/Recorder/Settings.dfm
Source/Recorder/Settings.pas
demo.bat
font2x4.bin
uninst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.uNSIS
Size: 139B - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HelloFAR
Size: 47KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/killprocdll.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PROGRAM_FILES/Baidu/bar/TempData.KGB
.dll regsvr32 windows:4 windows x86 arch:x86

6ccb2c8e98669e1c49478ccdae8356ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
WritePrivateProfileStringA
WritePrivateProfileSectionA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetVersionExA
DeviceIoControl
GetTickCount
Sleep
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
CopyFileA
GetPrivateProfileSectionNamesA
GetEnvironmentVariableA
ReadProcessMemory
VirtualProtect
GetVolumeInformationA
GlobalUnlock
GlobalLock
LocalFree
FormatMessageA
HeapFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
ResumeThread
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetTempFileNameA
DeleteFileA
GetTempPathA
LoadLibraryA
lstrcatA
lstrcpyA
lstrcpynA
HeapDestroy
IsDBCSLeadByte
FindResourceA
lstrcmpiA
LoadLibraryExA
FreeLibrary
LoadResource
SizeofResource
GetPrivateProfileSectionA
SetErrorMode
GetModuleFileNameW
SetLastError
DebugBreak
OutputDebugStringA
lstrlenA
InterlockedIncrement
lstrcpyW
MultiByteToWideChar
WriteFile
CloseHandle
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
GetLastError
WideCharToMultiByte
CreateThread
WriteProcessMemory
GetCurrentProcess
lstrlenW
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
DisableThreadLibraryCalls
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection

user32

GetSubMenu
DialogBoxParamA
GetClientRect
DestroyWindow
GetFocus
SetFocus
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
wsprintfA
LoadCursorA
UpdateWindow
GetClassInfoExA
BeginPaint
MessageBoxA
CharUpperA
EnableWindow
SendMessageA
CharNextA
IsWindowVisible
SetRectEmpty
DefWindowProcA
DestroyIcon
GetWindow
GetParent
GetWindowTextA
MoveWindow
ScreenToClient
GetWindowRect
DrawIconEx
CopyRect
SetCursor
LoadIconA
CallWindowProcA
PtInRect
IsRectEmpty
DispatchMessageA
TranslateMessage
GetKeyState
SetWindowPos
GetSysColor
OffsetRect
InflateRect
DrawTextA
FillRect
EndDialog
ShowWindow
SetWindowTextA
IsWindow
GetDlgItem
RegisterClassExA
InvalidateRect
SetWindowLongA
GetWindowLongA
EndPaint
wvsprintfA
SetRect
LoadStringA
CharLowerA
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
CallNextHookEx
GetActiveWindow
PostMessageA
FindWindowExA
ReleaseDC
SetCapture
SystemParametersInfoA
GetDesktopWindow
FindWindowA
AdjustWindowRect
GetCursorPos
MapWindowPoints
CharNextW
LoadImageA
GetMenuStringA
LoadMenuA
GetClassInfoA
ReleaseCapture
SetForegroundWindow
RedrawWindow
SetTimer
GetDC
CreatePopupMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
KillTimer

gdi32

DeleteDC
LineTo
MoveToEx
DeleteObject
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateSolidBrush
SetBkColor
GetObjectA
IntersectClipRect
CreateFontIndirectA
Rectangle
SetPixelV
SetTextColor
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
TextOutA
CreateBitmap

advapi32

EnumDependentServicesA
GetUserNameA
RegSetKeySecurity
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
RegCloseKey
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
ChangeServiceConfigA
CloseServiceHandle
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
CoCreateInstance
RegisterDragDrop
CoUninitialize

oleaut32

VariantChangeType
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantCopy
GetErrorInfo
SetErrorInfo

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA
SHDeleteKeyA
StrStrIA

urlmon

CoInternetGetSession

msvcrt

_stricmp
_purecall
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_fullpath
_endthreadex
_mbsnbcmp
_memicmp
_beginthread
_endthread
_local_unwind2
printf
tolower
strncat
fgets
_vsnprintf
_CxxThrowException
atol
fwrite
wcsstr
strcmp
fseek
ftell
toupper
isxdigit
isalnum
abs
_mbsnbcpy
_beginthreadex
localtime
_mbsicmp
fread
_mbsrchr
_mbstok
malloc
_wcsicmp
fopen
fputs
fclose
_except_handler3
_strnicmp
strncpy
_strlwr
strstr
wcscmp
memset
strrchr
strcat
_stat
_snprintf
time
srand
rand
sprintf
strcpy
strchr
strlen
_mbschr
_ismbcspace
_mbsnbicmp
memcmp
free
memmove
_mbscmp
realloc
??2@YAPAXI@Z
memcpy
atoi
_ismbcdigit
wcslen
??3@YAXPAX@Z
__CxxFrameHandler
_mbsstr
_wcsnicmp
_strcmpi

wininet

HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetSetFilePointer
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpOpenRequestA
InternetConnectA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheGroup
DeleteUrlCacheGroup
FindFirstUrlCacheGroup

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetNetworkParams

ws2_32

gethostname
gethostbyname

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
Install
Uninstall

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/bar/baidubar.dat
$PROGRAM_FILES/Baidu/bar/img/imglist.bmp
$PROGRAM_FILES/Baidu/bar/img/logo.bmp
ºº»¯ËµÃ÷.txt
ºº»¯Ïà¹ØÎÊÌâ·´À¡.url
下载说明.htm
.html .js polyglot
安装说明.txt
非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.uNSIS Size: 139B - Virtual size: 700KB

HelloFAR Size: 47KB - Virtual size: 76KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

urlmon

wininet

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 644B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

.uNSIS
Size: 139B - Virtual size: 700KB

HelloFAR
Size: 47KB - Virtual size: 76KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 644B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 791B

.data
Size: - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 414B