16369f75e4854e285d15669ccaf4a5ee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

16369f75e4854e285d15669ccaf4a5ee_JaffaCakes118
Size

1.3MB
MD5

16369f75e4854e285d15669ccaf4a5ee
SHA1

c2bb3d3b4cd32553a88d2a69f132d42bc1adce1d
SHA256

88a42268c138a1ace5c689d245a6e6e9edb7f50231cfc3bd7defad2aee34d6f2
SHA512

59f6f240ca29aa140e8bb0288ab239bbb376d184e12a8952c57fbecc9d693fa35e1ffe510005d6320c2cb893003298f0c4c2a4e1f72d42a2e586c0e899641bf0
SSDEEP

24576:5rD8Y3rSik7g9e49/5jN75+C150I1F4EIpF/ZceS2/G8gCN7NaN9:d8YGUe4d5++NTX2Oyxab

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/record2005/MouseKeyRecord.exe
unpack001/record2005/tool/时间之神/PORTTALK.SYS
unpack001/record2005/tool/时间之神/RingNt1.dll
unpack001/record2005/tool/时间之神/turntime.exe
unpack001/record2005/tool/系统变色器/HookFunction.dll
unpack001/record2005/tool/系统变色器/setsyscolor.exe
unpack001/record2005/tool/鼠标距离计算器/mousetrack.exe

Files

16369f75e4854e285d15669ccaf4a5ee_JaffaCakes118
.rar
record2005/MouseKeyRecord.exe
.exe windows:4 windows x86 arch:x86

c0426d669728355e2a62d0fc8122ce0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
IsBadReadPtr
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
CompareStringW
IsBadWritePtr
LCMapStringW
SetHandleCount
LCMapStringA
HeapCreate
VirtualAlloc
VirtualFree
GetStdHandle
HeapDestroy
GetFileType
SetEnvironmentVariableA
GetEnvironmentStringsW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
CreateEventA
lstrlenA
GetVersion
GetVersionExA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
lstrcmpA
lstrcpynA
GetCurrentThreadId
lstrcmpiA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateMutexA
GetLastError
WinExec
GetSystemTime
Sleep
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetACP
HeapSize
InterlockedExchange
GetProfileStringA
TerminateProcess
ExitThread
RaiseException
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetShortPathNameA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GetThreadLocale
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetFileAttributesA
GetCurrentThread
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GlobalFree
SuspendThread
SetThreadPriority
ResumeThread
InterlockedDecrement
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GetWindowsDirectoryA
MulDiv
LoadLibraryA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
CreateThread
VirtualProtect
GetPrivateProfileIntA
SetLastError
CloseHandle
WaitForSingleObject
SetEvent
GetTempFileNameA

user32

GetNextDlgGroupItem
CharNextA
GetMenuStringA
DeleteMenu
InsertMenuA
WindowFromPoint
GrayStringA
TabbedTextOutA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
EndDialog
CreateDialogIndirectParamA
TranslateMessage
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetTopWindow
IsChild
GetWindowTextLengthA
GetMessageTime
GetForegroundWindow
GetLastActivePopup
BringWindowToTop
GetDlgItem
wsprintfA
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
WinHelpA
LoadIconA
GetClassInfoA
LoadMenuA
PeekMessageA
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
CreateIconIndirect
DrawTextExA
GetCapture
SetFocus
GetMessagePos
FrameRect
MapWindowPoints
CopyRect
PostThreadMessageA
SetRect
SystemParametersInfoA
LoadStringA
LoadImageA
DestroyCursor
CharUpperA
CharLowerA
GetWindowPlacement
DrawMenuBar
IsMenu
EqualRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ValidateRect
DrawIcon
IntersectRect
GetWindowWord
SetWindowWord
DrawStateA
DestroyIcon
GetFocus
MessageBeep
IsWindowEnabled
DrawFrameControl
CharUpperBuffA
GetIconInfo
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
InflateRect
GetClassLongA
DrawIconEx
GetSystemMenu
CreatePopupMenu
AppendMenuA
DestroyMenu
GetMenuItemInfoA
GetDesktopWindow
LockWindowUpdate
ScreenToClient
IsWindowVisible
GetCursorPos
SetCapture
ReleaseCapture
DestroyWindow
DrawEdge
FillRect
DrawTextA
BeginPaint
EndPaint
ClientToScreen
PtInRect
KillTimer
InvalidateRect
SetForegroundWindow
SetTimer
UnregisterClassA
RegisterClassExA
CreateWindowExA
CopyAcceleratorTableA
GetMenu
SetMenu
GetSysColor
OffsetRect
IsRectEmpty
GetWindowInfo
SetParent
RegisterClipboardFormatA
GetDCEx
GetTabbedTextExtentA
CopyIcon
GetSysColorBrush
GetSystemMetrics
GetWindow
IsIconic
IsZoomed
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetWindowRect
GetClientRect
SetWindowRgn
SetWindowPos
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
CallWindowProcA
DefWindowProcA
DispatchMessageA
GetMessageA
IsWindow
GetParent
GetWindowLongA
GetPropA
GetMenuState
SendMessageA
AnimateWindow
EnableWindow
SetWindowTextA
UpdateWindow
GetClassNameA
LoadCursorA
SetCursor
UnregisterHotKey
FindWindowA
SetActiveWindow
GetWindowTextA
GetKeyState
MessageBoxA
SendInput
UnhookWindowsHookEx
CallNextHookEx
GetDC
GetActiveWindow
SetWindowsHookExA
RegisterHotKey
WindowFromDC
RegisterClassA
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
ShowCaret
HideCaret

gdi32

CombineRgn
CreateRectRgn
PtInRegion
GetDeviceCaps
GetPixel
ExtFloodFill
ExcludeClipRect
SetBkColor
MoveToEx
CreatePen
TextOutA
GetTextExtentPoint32A
IntersectClipRect
SelectClipRgn
GetRgnBox
GetTextMetricsA
ExtTextOutA
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
GetCharWidthA
Rectangle
DPtoLP
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
DeleteObject
SetAbortProc
CreateDCA
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextAlign
GetCurrentPositionEx
GetViewportExtEx
GetWindowExtEx
PtVisible
Escape
GetMapMode
SetRectRgn
GetTextColor
GetBkColor
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
GetObjectA
StretchDIBits
RectVisible
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
CreateDIBitmap
Polygon
StretchBlt
RestoreDC
CreateCompatibleBitmap
SelectPalette
CreateCompatibleDC
CreateBitmap
LineTo
RealizePalette
CreateICA
GetDIBits
SaveDC
GetRegionData
ExtCreateRegion
DeleteDC
CreateSolidBrush
SetTextColor
GetTextExtentPointA
SelectObject
SetBkMode
CreateFontIndirectA
OffsetRgn
GetStockObject
BitBlt
CreateRectRgnIndirect

comdlg32

GetSaveFileNameA
PrintDlgA
CommDlgExtendedError
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA
RegSetValueA

shell32

SHGetFileInfoA
ExtractIconA
DragQueryFileA
DragFinish
ExtractIconExA
ShellExecuteA

comctl32

ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
OleUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
record2005/readme.txt
record2005/set.ini
record2005/tool/时间之神/PORTTALK.SYS
.sys windows:5 windows x86 arch:x86

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
MmAllocateNonCachedMemory
Ke386IoSetAccessProcess
IoCreateSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IofCompleteRequest
PsLookupProcessByProcessId

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR

Sections

.text
Size: 736B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
record2005/tool/时间之神/RingNt1.dll
.dll windows:4 windows x86 arch:x86

8bd6b71a217ddb9232805e3fe8d2490f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcatA
CopyFileA
CloseHandle
DeviceIoControl
GetSystemDirectoryA
HeapDestroy
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetLastError
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
RtlUnwind

advapi32

CreateServiceA
StartServiceA
CloseServiceHandle
OpenSCManagerA
OpenServiceA

Exports

Exports

?fnRingNt1@@YAXG@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
record2005/tool/时间之神/turntime.exe
.exe windows:4 windows x86 arch:x86

5238bd332b4403abc694260b0b469b70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ringnt1

?fnRingNt1@@YAXG@Z

kernel32

LCMapStringA
LCMapStringW
Sleep
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetStringTypeA
VirtualFree
HeapCreate
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetACP
HeapSize
TerminateProcess
RaiseException
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
CloseHandle
CreateEventA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
GetTempFileNameA
lstrlenA
GetModuleFileNameA
GetVersionExA
GetLastError
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
lstrcmpA
lstrcpynA
GetCurrentThreadId
lstrcmpiA
WinExec
GetVersion
FormatMessageA
GetFileTime
GetFileSize
InterlockedExchange
GetProfileStringA
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedDecrement
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetWindowsDirectoryA
MulDiv
LoadLibraryA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
GetSystemTime
CreateThread
WaitForSingleObject
SetEvent

user32

GetNextDlgGroupItem
MessageBeep
CharNextA
RegisterClipboardFormatA
PostThreadMessageA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
AdjustWindowRectEx
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetWindowTextLengthA
GetDlgCtrlID
GetMessageTime
GetForegroundWindow
RegisterWindowMessageA
MapDialogRect
SetWindowContextHelpId
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
TranslateMessage
PeekMessageA
GetLastActivePopup
PostQuitMessage
CreateIconIndirect
DrawTextExA
GetCapture
FrameRect
MapWindowPoints
CopyRect
GetSysColorBrush
CopyIcon
SetRect
LoadStringA
LoadImageA
DestroyCursor
CharUpperA
CharLowerA
GetWindowPlacement
DrawMenuBar
IsMenu
EqualRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ValidateRect
IntersectRect
GetWindowWord
SetWindowWord
GrayStringA
DestroyIcon
GetFocus
IsWindowEnabled
DrawFrameControl
GetWindowTextA
CharUpperBuffA
GetIconInfo
GetDC
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
InflateRect
GetClassLongA
DrawIconEx
CreatePopupMenu
DestroyMenu
GetMenuItemInfoA
GetDesktopWindow
LockWindowUpdate
ScreenToClient
IsWindowVisible
GetCursorPos
SetCapture
ReleaseCapture
DestroyWindow
DrawEdge
FillRect
DrawTextA
BeginPaint
EndPaint
ClientToScreen
PtInRect
KillTimer
InvalidateRect
SetForegroundWindow
SetTimer
UpdateWindow
UnregisterClassA
LoadCursorA
RegisterClassExA
WindowFromDC
SetFocus
GetMessagePos
TabbedTextOutA
CreateWindowExA
GetKeyState
CopyAcceleratorTableA
GetMenu
SetMenu
GetSysColor
OffsetRect
IsRectEmpty
GetWindowInfo
GetWindow
IsZoomed
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetWindowRect
SetWindowRgn
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
CallWindowProcA
DefWindowProcA
DispatchMessageA
GetMessageA
IsWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
GetWindowLongA
GetActiveWindow
GetClassNameA
GetPropA
GetMenuState
CallNextHookEx
EnableWindow
SetWindowPos
MessageBoxA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
GetSystemMenu
AppendMenuA
LoadIconA
DrawStateA
SystemParametersInfoA
SetCursor
GetDlgItem
DrawFocusRect
DefDlgProcA
ExcludeUpdateRgn
HideCaret
ShowCaret
IsWindowUnicode

gdi32

OffsetRgn
CreateSolidBrush
CreateRectRgnIndirect
PtInRegion
ExcludeClipRect
GetPixel
ExtFloodFill
LineTo
MoveToEx
CreatePen
TextOutA
GetTextExtentPoint32A
IntersectClipRect
SelectClipRgn
GetRgnBox
GetTextMetricsA
ExtTextOutA
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
CombineRgn
StretchDIBits
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
PtVisible
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetTextColor
RectVisible
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
SaveDC
RestoreDC
Polygon
StretchBlt
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
SelectPalette
RealizePalette
CreateBitmap
SetBkColor
GetObjectA
CreateICA
GetDIBits
DeleteDC
GetRegionData
ExtCreateRegion
GetTextExtentPointA
DeleteObject
CreateRectRgn
CreateFontIndirectA
SelectObject
CreateDIBitmap
GetStockObject
SetBkMode

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

ExtractIconExA

comctl32

ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
record2005/tool/系统变色器/HookFunction.dll
.dll windows:4 windows x86 arch:x86

04a12ae504c06bed3868b967907760a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetLastError
CreateMutexA
GetProcAddress
LoadLibraryA
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
CloseHandle
HeapCreate
HeapFree
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
RtlUnwind
SetStdHandle
FlushFileBuffers

Exports

Exports

HookOff
HookOn
cr

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GongX
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
record2005/tool/系统变色器/setsyscolor.exe
.exe windows:4 windows x86 arch:x86

e0115a9e0ea24ba597a661b6dec97c47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hookfunction

HookOn
cr
HookOff

kernel32

LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetACP
HeapSize
LCMapStringA
SetUnhandledExceptionFilter
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
FormatMessageA
CreateEventA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
GetTempFileNameA
lstrlenA
GetModuleFileNameA
GetVersion
GetVersionExA
GetLastError
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
lstrcmpA
Sleep
GetCurrentThreadId
lstrcmpiA
TerminateProcess
RaiseException
lstrcpynA
GetFileTime
GetFileSize
GetFileAttributesA
InterlockedExchange
GetProfileStringA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedDecrement
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetWindowsDirectoryA
MulDiv
LoadLibraryA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
GetSystemTime
SetEvent
CreateThread
WaitForSingleObject
CloseHandle

user32

GetNextDlgGroupItem
MessageBeep
CharNextA
RegisterClipboardFormatA
PostThreadMessageA
GrayStringA
TabbedTextOutA
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
AdjustWindowRectEx
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetWindowTextLengthA
GetDlgCtrlID
GetMessageTime
GetForegroundWindow
RegisterWindowMessageA
MapDialogRect
SetWindowContextHelpId
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
TranslateMessage
PeekMessageA
GetLastActivePopup
PostQuitMessage
CreateIconIndirect
DrawTextExA
GetCapture
WindowFromDC
FrameRect
MapWindowPoints
CopyRect
GetSysColorBrush
CopyIcon
SetRect
SetCursor
LoadStringA
LoadImageA
DestroyCursor
CharUpperA
CharLowerA
GetWindowPlacement
DrawMenuBar
IsMenu
EqualRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ValidateRect
IntersectRect
GetWindowWord
SetWindowWord
DestroyIcon
GetFocus
IsWindowEnabled
DrawFrameControl
GetWindowTextA
CharUpperBuffA
GetIconInfo
GetDC
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
InflateRect
GetClassLongA
DrawIconEx
CreatePopupMenu
DestroyMenu
GetMenuItemInfoA
GetDesktopWindow
LockWindowUpdate
ScreenToClient
IsWindowVisible
GetCursorPos
SetCapture
ReleaseCapture
DestroyWindow
DrawEdge
FillRect
DrawTextA
BeginPaint
EndPaint
ClientToScreen
PtInRect
KillTimer
InvalidateRect
SetForegroundWindow
SetTimer
UpdateWindow
UnregisterClassA
SetFocus
GetMessagePos
DrawStateA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetKeyState
CopyAcceleratorTableA
GetMenu
SetMenu
GetSysColor
OffsetRect
IsRectEmpty
GetWindowInfo
GetWindow
IsZoomed
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetWindowRect
SetWindowRgn
SetWindowPos
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
CallWindowProcA
DefWindowProcA
DispatchMessageA
GetMessageA
IsWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
GetWindowLongA
GetActiveWindow
GetClassNameA
GetPropA
GetMenuState
CallNextHookEx
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
MessageBoxA
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
SystemParametersInfoA
GetMenuCheckMarkDimensions
DrawFocusRect
DefDlgProcA
ExcludeUpdateRgn
HideCaret
ShowCaret
IsWindowUnicode

gdi32

CreateRectRgn
CreateSolidBrush
PtInRegion
OffsetRgn
GetWindowExtEx
ExtFloodFill
LineTo
MoveToEx
CreatePen
TextOutA
GetTextExtentPoint32A
IntersectClipRect
SelectClipRgn
GetRgnBox
GetTextMetricsA
ExtTextOutA
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
SetMapMode
SetViewportOrgEx
CombineRgn
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
BitBlt
PtVisible
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
StretchDIBits
RectVisible
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
CreateDIBitmap
SaveDC
RestoreDC
Polygon
StretchBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SelectPalette
RealizePalette
CreateBitmap
SetBkColor
GetObjectA
CreateICA
GetDIBits
DeleteDC
GetRegionData
ExtCreateRegion
GetTextExtentPointA
DeleteObject
ExcludeClipRect
GetPixel
SetTextColor
CreateFontIndirectA
SelectObject
SetBkMode
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

ExtractIconExA

comctl32

ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
record2005/tool/鼠标距离计算器/mousetrack.exe
.exe windows:4 windows x86 arch:x86

7a5d9c74125935f434df0abad6eabd6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
VirtualAlloc
IsBadWritePtr
Sleep
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
VirtualFree
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileType
HeapDestroy
GetEnvironmentStringsW
GetStdHandle
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetTimeZoneInformation
UnhandledExceptionFilter
GetACP
HeapSize
HeapReAlloc
TerminateProcess
RaiseException
GetStartupInfoA
ExitProcess
GetCommandLineA
RtlUnwind
FormatMessageA
SetStdHandle
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
GetTempFileNameA
lstrlenA
GetModuleFileNameA
GetVersion
GetVersionExA
GetLastError
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
lstrcmpA
lstrcpynA
GetCurrentThreadId
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedExchange
GetProfileStringA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
InterlockedDecrement
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetWindowsDirectoryA
MulDiv
LoadLibraryA
FreeLibrary
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
GetSystemTime
CreateThread
WaitForSingleObject
SetEvent
CloseHandle
CreateEventA
GlobalAlloc
lstrcmpiA

user32

CharNextA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
IsDialogMessageA
SendDlgItemMessageA
AdjustWindowRectEx
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetWindowTextLengthA
GetDlgCtrlID
GetMessageTime
GetForegroundWindow
RegisterWindowMessageA
MapDialogRect
SetWindowContextHelpId
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
TranslateMessage
PeekMessageA
GetLastActivePopup
PostQuitMessage
CreateIconIndirect
DrawTextExA
GetCapture
SetFocus
GetMessagePos
WindowFromDC
FrameRect
MapWindowPoints
TabbedTextOutA
CopyIcon
SetRect
SetCursor
SystemParametersInfoA
LoadStringA
LoadImageA
CharUpperA
CharLowerA
GetWindowPlacement
DrawMenuBar
IsMenu
EqualRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ValidateRect
IntersectRect
GetWindowWord
SetWindowWord
DrawStateA
DestroyIcon
SetWindowTextA
IsWindowEnabled
DrawFrameControl
GetWindowTextA
CharUpperBuffA
GetIconInfo
GetDC
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
InflateRect
GetClassLongA
DrawIconEx
CreatePopupMenu
DestroyMenu
GetMenuItemInfoA
GetDesktopWindow
LockWindowUpdate
ScreenToClient
IsWindowVisible
SetCapture
ReleaseCapture
DestroyWindow
DrawEdge
FillRect
DrawTextA
BeginPaint
EndPaint
ClientToScreen
PtInRect
InvalidateRect
SetForegroundWindow
UpdateWindow
UnregisterClassA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetKeyState
CopyAcceleratorTableA
GetMenu
SetMenu
GetSysColor
OffsetRect
IsRectEmpty
GetWindowInfo
GrayStringA
CopyRect
GetSysColorBrush
GetFocus
GetWindow
IsZoomed
MoveWindow
ShowWindow
PostMessageA
ReleaseDC
GetWindowDC
GetWindowRect
SetWindowRgn
RemovePropA
SetPropA
SetWindowLongA
RedrawWindow
CallWindowProcA
DefWindowProcA
DispatchMessageA
GetMessageA
IsWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
GetWindowLongA
GetActiveWindow
GetClassNameA
GetPropA
GetMenuState
CallNextHookEx
EnableWindow
MessageBoxA
KillTimer
GetCursorPos
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetWindowPos
GetDlgItem
SendMessageA
GetSystemMenu
AppendMenuA
EnableMenuItem
LoadIconA
DestroyCursor
ModifyMenuA
DrawFocusRect
DefDlgProcA
ExcludeUpdateRgn
HideCaret
ShowCaret
IsWindowUnicode

gdi32

CreateRectRgn
GetStockObject
SetBkMode
PtInRegion
ExcludeClipRect
GetPixel
ExtFloodFill
LineTo
MoveToEx
CreatePen
TextOutA
GetTextExtentPoint32A
IntersectClipRect
SelectClipRgn
GetRgnBox
GetTextMetricsA
ExtTextOutA
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
PlayEnhMetaFile
SetWindowOrgEx
CombineRgn
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
PtVisible
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
StretchDIBits
RectVisible
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
CreateDIBitmap
SaveDC
CreateDIBSection
Polygon
StretchBlt
RestoreDC
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
RealizePalette
SelectPalette
SetBkColor
GetObjectA
CreateBitmap
GetDIBits
DeleteDC
CreateICA
ExtCreateRegion
GetTextExtentPointA
GetRegionData
DeleteObject
OffsetRgn
CreateSolidBrush
CreateFontIndirectA
SelectObject
SetTextColor
SetDIBitsToDevice
BitBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

ExtractIconExA

comctl32

InitCommonControlsEx
ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
record2005/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

c0426d669728355e2a62d0fc8122ce0c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 492KB - Virtual size: 488KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 24KB - Virtual size: 3.1MB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 736B - Virtual size: 714B

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 4B

INIT Size: 448B - Virtual size: 440B

.rsrc Size: 992B - Virtual size: 984B

.reloc Size: 96B - Virtual size: 82B

8bd6b71a217ddb9232805e3fe8d2490f

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

5238bd332b4403abc694260b0b469b70

Headers

File Characteristics

Imports

ringnt1

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 396KB - Virtual size: 393KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 20KB - Virtual size: 103KB

.rsrc Size: 568KB - Virtual size: 567KB

04a12ae504c06bed3868b967907760a5

Headers

File Characteristics

Imports

kernel32

Exports

.text
Size: 492KB - Virtual size: 488KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 24KB - Virtual size: 3.1MB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 736B - Virtual size: 714B

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 448B - Virtual size: 440B

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 96B - Virtual size: 82B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 396KB - Virtual size: 393KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 103KB

.rsrc
Size: 568KB - Virtual size: 567KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 9KB

GongX
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 396KB - Virtual size: 392KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 103KB

.rsrc
Size: 76KB - Virtual size: 73KB

.text
Size: 396KB - Virtual size: 393KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 103KB

.rsrc
Size: 164KB - Virtual size: 162KB