15869febbdb380b17e7f7707b5236cc7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15869febbdb380b17e7f7707b5236cc7_JaffaCakes118
Size

6.8MB
MD5

15869febbdb380b17e7f7707b5236cc7
SHA1

e5a80dd5fb2ba2a3c272d0d83eef6cf8933a0afb
SHA256

8bd2e0b94b1be1dec944d5dbb7093739466e0baeec483ab682516bb6457bb3bb
SHA512

4664b880f9b086e9387a9472b277420d2e265a2ed3c81944a339db0fa2a8e188c012e0888dd61badfb8c28bac1bf7f3fffd7a4566cccd6e543b4da8b24d9771e
SSDEEP

196608:8tiAnsG92Cihb4ZePFlKYP8lvnxg20tBj+kv9E6yLUjG:8tZn3ICixScsg2CBj+kvj5jG

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/LinkmanCom.dll	acprotect
static1/unpack002/Plugins/oplugin.dll	acprotect
static1/unpack002/libeay32.dll	acprotect
static1/unpack002/sqlite3.dll	acprotect
static1/unpack002/ssleay32.dll	acprotect

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Linkman.exe	upx
static1/unpack002/LinkmanCom.dll	upx
static1/unpack002/Plugins/oplugin.dll	upx
static1/unpack002/Trialpay.exe	upx
static1/unpack002/libeay32.dll	upx
static1/unpack002/sqlite3.dll	upx
static1/unpack002/ssleay32.dll	upx

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lkmn760.exe
unpack003/components/LinkmanFox.dll
unpack004/components/LinkmanFox.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/newadvsplash.dll
unpack002/$PLUGINSDIR/nsProcess.dll
unpack002/$TEMP/vcredist_x86.exe
unpack002/Linkman.exe
unpack006/out.upx
unpack002/LinkmanCom.dll
unpack007/out.upx
unpack002/Plugins/oplugin.dll
unpack008/out.upx
unpack002/Trialpay.exe
unpack009/out.upx
unpack002/libeay32.dll
unpack002/sqlite3.dll
unpack002/ssleay32.dll
unpack002/uninst-Linkman.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/lkmn760.exe	nsis_installer_1
static1/unpack001/lkmn760.exe	nsis_installer_2
static1/unpack002/uninst-Linkman.exe	nsis_installer_1
static1/unpack002/uninst-Linkman.exe	nsis_installer_2

Files

15869febbdb380b17e7f7707b5236cc7_JaffaCakes118
.rar
lkmn760.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/extensions/LinkmanFox.xpi
.zip
chrome.manifest
chrome/content/browser.xul
.xml
chrome/content/icon.png
.png
chrome/content/linkmanfox.js
.js
components/LinkmanFox.dll
.dll windows:4 windows x86 arch:x86

f94cdc034237287f655eff1f805f7c5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_Alloc

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

user32

FindWindowA
IsWindow
SendMessageA
MessageBoxA

msvcr80

__CxxFrameHandler3
strcpy
strlen
memcpy
??2@YAPAXI@Z
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
??3@YAXPAX@Z
_encode_pointer

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
Sleep

Exports

Exports

NSGetModule

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/LinkmanFox.xpt
defaults/preferences/linkmanfox.js
install.rdf
.xml
linkmanfox.xpi
.zip
chrome.manifest
chrome/content/browser.xul
.xml
chrome/content/icon.png
.png
chrome/content/linkmanfox.js
.js
chrome/linkmanfox.jar
.zip .js polyglot
chrome/content/browser.xul
.xml
chrome/content/icon.png
.png
chrome/content/linkmanfox.js
.js
components/LinkmanFox.dll
.dll windows:4 windows x86 arch:x86

1fdd33eabb8b80915ef2fa00eaa87387

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_Alloc

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
FreeLibrary
CloseHandle
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

IsWindow
SendMessageA
MessageBoxA
EnumWindows
GetWindowThreadProcessId

msvcr80

strstr
_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
strcpy
strlen
memcpy
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common

Exports

Exports

NSGetModule

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/LinkmanFox.xpt
defaults/preferences/linkmanfox.js
install.rdf
.xml
$DESKTOP/Linkman PDF Manual.url
$DOCUMENTS/Linkman/Databases/mySampleLinks.lmd
$DOCUMENTS/Linkman/FastLinks.dat
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

8cf5dbc8faf0856e6ce0e1c3a196d197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
lstrcatA
FreeLibrary
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetModuleHandleA

user32

ShowWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EnableWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

eee37c14e102da3f62385f9796c701ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetProcAddress
GetModuleHandleA
CloseHandle
CreateThread
lstrcpynA
lstrlenA
GetCurrentThreadId
Sleep
lstrcpyA
lstrcmpiA
lstrcatA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
wsprintfA
SetWindowPos
LoadCursorA
BeginPaint
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClientRect
SetWindowLongA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassA
SystemParametersInfoA
SendMessageA
ShowWindow
PostMessageA
SetWindowRgn
EndPaint

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

msvfw32

MCIWndCreateA

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

bc9b111ecee4111e7207f0ee22bdfa16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
GetCurrentThread
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc
GetCurrentProcess
CloseHandle
TerminateProcess
LocalAlloc
lstrlenA

advapi32

OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
$TEMP/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Databases/mySampleLinks.lmd
FastLinks.dat
Languages/Catalan.olf
Languages/Czech.olf
Languages/Danish.olf
Languages/Dutch.olf
Languages/English.olf
Languages/Finnish.olf
Languages/French.olf
Languages/German.olf
Languages/Hungarian.olf
Languages/Italian.olf
Languages/Polish.olf
Languages/Portuguese.olf
Languages/Russian.olf
Languages/Spanish.olf
Linkman.chm
.chm
Linkman.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 616B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 755KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LinkmanCom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 278KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Output/SampleLinkmanOutput1.htm
.html
Output/SampleLinkmanOutput2.htm
.html
Plugins/oplugin.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

close
dlltype
getplugininfo
openforread
openforwrite
read
setinipath
takedialogresults
write

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 235B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates/Html Example 1.let
Templates/Html Example 2.let
Templates/Html Example 3.let
Templates/Html Example 4.let
Templates/Html Example 5.let
Templates/test.let
Templates/tsv.let
Templates/xml.let
Trialpay.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libeay32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_new
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_new
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_new
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_type
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_new
ASN1_TIME_free
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_new
ASN1_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2str
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIO_accept
BIO_callback_ctrl
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dump
BIO_dump_indent
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_ghbn_ctrl
BIO_int_ctrl
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_cipher
BIO_set_ex_data
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_free
BN_BLINDING_invert
BN_BLINDING_new
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_fasttest
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_rand
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_new
BUF_strdup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get_number
CONF_get_section
CONF_get_string
CONF_load
CONF_load_bio
CONF_load_fp
CONF_set_default_method
CRL_DIST_POINTS_free
CRL_DIST_POINTS_new
CRYPTO_add_lock
CRYPTO_dbg_free
CRYPTO_dbg_get_options
CRYPTO_dbg_malloc
CRYPTO_dbg_realloc
CRYPTO_dbg_set_options
CRYPTO_destroy_dynlockid
CRYPTO_dup_ex_data
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_free_locked
CRYPTO_get_add_lock_callback
CRYPTO_get_dynlock_create_callback
CRYPTO_get_dynlock_destroy_callback
CRYPTO_get_dynlock_lock_callback
CRYPTO_get_dynlock_value
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_get_id_callback
CRYPTO_get_lock_name
CRYPTO_get_locked_mem_functions
CRYPTO_get_locking_callback
CRYPTO_get_mem_debug_functions
CRYPTO_get_mem_debug_options
CRYPTO_get_mem_functions
CRYPTO_get_new_dynlockid
CRYPTO_get_new_lockid
CRYPTO_is_mem_check_on
CRYPTO_lock
CRYPTO_malloc
CRYPTO_malloc_locked
CRYPTO_mem_ctrl
CRYPTO_mem_leaks
CRYPTO_mem_leaks_cb
CRYPTO_mem_leaks_fp
CRYPTO_new_ex_data
CRYPTO_num_locks
CRYPTO_pop_info
CRYPTO_push_info_
CRYPTO_realloc
CRYPTO_remalloc
CRYPTO_remove_all_info
CRYPTO_set_add_lock_callback
CRYPTO_set_dynlock_create_callback
CRYPTO_set_dynlock_destroy_callback
CRYPTO_set_dynlock_lock_callback
CRYPTO_set_ex_data
CRYPTO_set_id_callback
CRYPTO_set_locked_mem_functions
CRYPTO_set_locking_callback
CRYPTO_set_mem_debug_functions
CRYPTO_set_mem_debug_options
CRYPTO_set_mem_functions
CRYPTO_thread_id
DH_OpenSSL
DH_check
DH_compute_key
DH_free
DH_generate_key
DH_generate_parameters
DH_get_default_method
DH_get_ex_data
DH_get_ex_new_index
DH_new
DH_new_method
DH_set_default_method
DH_set_ex_data
DH_set_method
DH_size
DHparams_print
DHparams_print_fp
DIRECTORYSTRING_free
DIRECTORYSTRING_new
DISPLAYTEXT_free
DISPLAYTEXT_new
DIST_POINT_NAME_free
DIST_POINT_NAME_new
DIST_POINT_free
DIST_POINT_new
DSA_OpenSSL
DSA_SIG_free
DSA_SIG_new
DSA_do_sign
DSA_do_verify
DSA_dup_DH
DSA_free
DSA_generate_key
DSA_generate_parameters
DSA_get_default_method
DSA_get_ex_data
DSA_get_ex_new_index
DSA_new
DSA_new_method
DSA_print
DSA_print_fp
DSA_set_default_method
DSA_set_ex_data
DSA_set_method
DSA_sign
DSA_sign_setup
DSA_size
DSA_verify
DSAparams_print
DSAparams_print_fp
DSO_METHOD_dl
DSO_METHOD_dlfcn
DSO_METHOD_null
DSO_METHOD_openssl
DSO_METHOD_vms
DSO_METHOD_win32
DSO_bind_func
DSO_bind_var
DSO_ctrl
DSO_flags
DSO_free
DSO_get_default_method
DSO_get_method
DSO_load
DSO_new
DSO_new_method
DSO_set_default_method
DSO_set_method
DSO_up
ERR_add_error_data
ERR_clear_error
ERR_error_string
ERR_error_string_n
ERR_free_strings
ERR_func_error_string
ERR_get_err_state_table
ERR_get_error
ERR_get_error_line
ERR_get_error_line_data
ERR_get_next_error_library
ERR_get_state
ERR_get_string_table
ERR_lib_error_string
ERR_load_ASN1_strings
ERR_load_BIO_strings
ERR_load_BN_strings
ERR_load_BUF_strings
ERR_load_CONF_strings
ERR_load_CRYPTO_strings
ERR_load_DH_strings
ERR_load_DSA_strings
ERR_load_DSO_strings
ERR_load_ERR_strings
ERR_load_EVP_strings
ERR_load_OBJ_strings
ERR_load_PEM_strings
ERR_load_PKCS12_strings
ERR_load_PKCS7_strings
ERR_load_RAND_strings
ERR_load_RSA_strings
ERR_load_X509V3_strings
ERR_load_X509_strings
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_error_line
ERR_peek_error_line_data
ERR_print_errors
ERR_print_errors_fp
ERR_put_error
ERR_reason_error_string
ERR_remove_state

Sections

UPX0
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sqlite3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ssleay32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
ERR_load_SSL_strings
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_get_version_indy
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sessions
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_info_callback_indy
SSL_CTX_set_options_indy
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_cmp
SSL_SESSION_free
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id_ctx_indy
SSL_SESSION_get_id_indy
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_hash
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_accept
SSL_add_client_CA
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_app_data_indy
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_rstate_string
SSL_rstate_string_long
SSL_set_accept_state
SSL_set_app_data_indy
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_info_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_shutdown
SSL_set_ssl_method
SSL_set_tmp_dh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
UCTTimeDecode_indy
X509_STORE_CTX_get_app_data_indy
X509_get_notAfter_indy
X509_get_notBefore_indy
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst-Linkman.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
usb.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 407KB - Virtual size: 407KB

f94cdc034237287f655eff1f805f7c5c

Headers

File Characteristics

Imports

xpcom

nspr4

user32

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 666B

1fdd33eabb8b80915ef2fa00eaa87387

Headers

File Characteristics

Imports

xpcom

nspr4

kernel32

user32

msvcr80

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 778B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 407KB - Virtual size: 407KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 666B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 778B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 289B

.reloc
Size: 1024B - Virtual size: 634B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 902B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 188B