dinodas | EarthKrahang_20240404[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

EarthKrahang_20240404.zip
Size

36.7MB
MD5

21b766fbfd52a415b90cc99d3550fc65
SHA1

85ed0693e2be170048f39aea469abf34285648c2
SHA256

eac6760e770aeb2cdb0ba7920789d50601e3f8e9a7a3422819a51546fe433d94
SHA512

dc24345be5ee752968994a139f4a634b88b5b2bf9f09ef150d222dd298569f3d129eee8bf3faaf3d6c53309c32e3f934fe8526bb5e1de64a9cbc81dd7993f5eb
SSDEEP

786432:Z+c5LnNJB1EzJNLHDW8D6yHG+q9fS9Q47egSeSSdqLb3oU9R5buN:EkLnNezXa8D9HGp9q9Q4XVMt9fo

Score

10^/10

upx dinodas

Malware Config

Extracted

Family

dinodas

115.126.98.204:443

Signatures

Detect DinodasRAT linux variant 3 IoCs

resource	yara_rule
static1/unpack001/Win32.EarthKrahang_20240404/15412d1a6b7f79fad45bcd32cf82f9d651d9ccca082f98a0cca3ad5335284e45	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/98b5b4f96d4e1a9a6e170a4b2740ce1a1dfc411ada238e42a5954e66559a5541	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/a2c3073fa5587f8a70d7def7fd8355e1f6d20eb906c3cd4df8c744826cb81d91	family_dinodas

Detects DinodasRAT x64 varinat 21 IoCs

resource	yara_rule
static1/unpack001/Win32.EarthKrahang_20240404/01b09cb97a58ea0f9bf2b98b38b83f0cfc9f97f39f7bfd73a990c9b00bcdb66c	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/05b63707ca3cad54085e521aee84c7472ff7b3fe05e22fd65c8e2ee6f36c6243	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/10b2a7c9329b232e4eef81bac6ba26323e3683ac1f8a99d3a9f8965da5036b6f	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/1e278cfe8098f3badedd5e497f36753d46d96d81edd1c5bee4fc7bc6380c26b3	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/241737842eb17676b3603e2f076336b7bc6304accef3057401264affb963bef8	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/35f16e469047cf4ef78f87a616d26ec09e3d6a3d7a51415ea34805549a41dcfa	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/5a32bf21904387d469d4f8cdaff46048e99666fc9b4d74872af9379df7979bfe	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/5a6a0e01949799dc72c030b4ad8149446624dcd9645ba3eefda981c3fda26472	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/898a7527c065454ba9fad0e36469e12b214f5a3bd40a5ec7fcaf9b75afc34dce	family_dinodas
static1/unpack002/GoogleUps/1.dll	family_dinodas
static1/unpack002/GoogleUps/2.dll	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/b4c470be7e434dac0b61919a6b0c5b10cf7a01a22c5403c4540afdb5f2c79fab	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/d31d135bc450eafa698e6b7fb5d11b4926948163af09122ca1c568284d8b33b3	family_dinodas
static1/unpack006/GoogleVaS/1.dll	family_dinodas
static1/unpack006/GoogleVaS/2.dll	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/ee41eb21f439b1168ae815ca067ee91d84d6947397d71e214edc6868dbf4f272	family_dinodas
static1/unpack001/Win32.EarthKrahang_20240404/f66a6b49a23cf3cc842a84d955c0292e7d1c0718ec4e78d4513e18b6c53a94ac	family_dinodas
static1/unpack008/advapi64.dll	family_dinodas
static1/unpack008/twain_64.dll	family_dinodas

Dinodas family
dinodas

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Win32.EarthKrahang_20240404/b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865	upx
static1/unpack001/Win32.EarthKrahang_20240404/bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a	upx
static1/unpack001/Win32.EarthKrahang_20240404/f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1	upx
static1/unpack001/Win32.EarthKrahang_20240404/f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e	upx

Unsigned PE 64 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win32.EarthKrahang_20240404/01b09cb97a58ea0f9bf2b98b38b83f0cfc9f97f39f7bfd73a990c9b00bcdb66c
unpack001/Win32.EarthKrahang_20240404/0ff80e4db32d1d45a0c2afdfd7a1be961c0fbd9d43613a22a989f9024cc1b1e9
unpack001/Win32.EarthKrahang_20240404/10b2a7c9329b232e4eef81bac6ba26323e3683ac1f8a99d3a9f8965da5036b6f
unpack001/Win32.EarthKrahang_20240404/18f4f14857e9b7e3aa1f6f21f21396abd5f421342b7f4d00402a4aff5a538fa1
unpack001/Win32.EarthKrahang_20240404/1d3d460b22f70cc26252673e12dfd85da988f69046d6b94602576270df590b2c
unpack001/Win32.EarthKrahang_20240404/241737842eb17676b3603e2f076336b7bc6304accef3057401264affb963bef8
unpack001/Win32.EarthKrahang_20240404/2e3645c8441f2be4182869db5ae320da00c513e0cb643142c70a833f529f28aa
unpack001/Win32.EarthKrahang_20240404/2e850cb2a1d06d2665601cefd88802ff99905de8bc4ea348ea051d4886e780ee
unpack001/Win32.EarthKrahang_20240404/35f16e469047cf4ef78f87a616d26ec09e3d6a3d7a51415ea34805549a41dcfa
unpack001/Win32.EarthKrahang_20240404/3f0aa01ed70bc2ab29557521a65476ec2ff2c867315067cc8a5937d63bcbe815
unpack001/Win32.EarthKrahang_20240404/4529f3751102e7c0a6ec05c6a987d0cc5edc08f75f287dd6ac189abbd1282014
unpack001/Win32.EarthKrahang_20240404/484578b6e7e427a151c309bdc00c90b1c0faf25a8581cace55e2c25ec34056e0
unpack001/Win32.EarthKrahang_20240404/4cb020a66fdbc99b0bce2ae24d5684685e2b1e9219fbdfda56b3aace4e8d5f66
unpack001/Win32.EarthKrahang_20240404/50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab
unpack001/Win32.EarthKrahang_20240404/57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829
unpack001/Win32.EarthKrahang_20240404/5a6a0e01949799dc72c030b4ad8149446624dcd9645ba3eefda981c3fda26472
unpack001/Win32.EarthKrahang_20240404/5b17bc2a89727700f94570b0dddc12b315db34dbbd79186177167abbb173cee5
unpack001/Win32.EarthKrahang_20240404/5e1839fed3562d559166f7f9d3e388cdd21da83b67ccb70fa4121825b91469d6
unpack001/Win32.EarthKrahang_20240404/67ad30c3359b377d1964a5add97d2dc96b855940685131b302d5ba2c907ef355
unpack001/Win32.EarthKrahang_20240404/6a4e32229e5ca41e8eca99cefe5beef3e3621c2199f8844b4d218c14b5481534
unpack001/Win32.EarthKrahang_20240404/6c006620062b40b22d00e7e73a93e6a7fa66ce720093b44b4a0f3ef809fa2716
unpack001/Win32.EarthKrahang_20240404/6fd7697efc137faf2d3ad5d63ffe4743db70f905a71dbed76207beeeb04732f2
unpack001/Win32.EarthKrahang_20240404/7102d6b76a4170203daa939072bba548960db436f85113cd1fca0bb554d95b3c
unpack001/Win32.EarthKrahang_20240404/7af402f4bd2b1a2d2d8b74fb7599860f3a90b7b6f66a519f2b4d31aeea2500aa
unpack001/Win32.EarthKrahang_20240404/7e5b05d29c3aa2aa178c3cc0338ba52b39dc89dafadeec7301f187db0b060372
unpack001/Win32.EarthKrahang_20240404/804387e43fdd1bd45b35e65d52d86882d64956b0a286e8721da402062f95a9e3
unpack001/Win32.EarthKrahang_20240404/82f7bcda95fcc0e690159a2fbd7b3e38ef3ff9105496498f86d1fa9ff4312846
unpack001/Win32.EarthKrahang_20240404/898a7527c065454ba9fad0e36469e12b214f5a3bd40a5ec7fcaf9b75afc34dce
unpack001/Win32.EarthKrahang_20240404/a4f59d4d42e42b882068cacf8b70f314add963e2cbbf7a52e70df130bfe23dff
unpack002/GoogleUps/1.dll
unpack002/GoogleUps/2.dll
unpack002/GoogleUps/GoogleUpdate.exe
unpack001/Win32.EarthKrahang_20240404/b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682
unpack001/Win32.EarthKrahang_20240404/b8f2da1eefa09077d86a443ad688080b98672f171918c06e2b3652df783be03a
unpack001/Win32.EarthKrahang_20240404/bb4e7b0c969895fc9836640b80e2bdc6572d214ba2ee55b77588f8a4eedea5a4
unpack001/Win32.EarthKrahang_20240404/bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a
unpack003/out.upx
unpack001/Win32.EarthKrahang_20240404/c14f6ac5bcd8645eb80a612a6bf6d58c31b0e28e50be871f278c341ed1fa8c7c
unpack001/Win32.EarthKrahang_20240404/c377b79732e93f981998817e6f0e8664578b474445ba11b402c70b4b0357caab
unpack001/Win32.EarthKrahang_20240404/c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e
unpack001/Win32.EarthKrahang_20240404/ccd4a648cc2c4a5bbcd148f9c182f4c9595440a41dd3ea289a11609063c86a6d
unpack001/Win32.EarthKrahang_20240404/d096c3a67634599bc47151f0e01a7423a3eb873377371b2b928c0d4f57635a1f
unpack001/Win32.EarthKrahang_20240404/d176951b9ff3239b659ad57b729edb0845785e418852ecfeef1669f4c6fed61b
unpack001/Win32.EarthKrahang_20240404/d17fe5bc3042baf219e81cbbf991749dfcd8b6d73cf6506a8228e19910da3578
unpack001/Win32.EarthKrahang_20240404/d2cc1135c314f526f88fbe19f25d94899d52de7e3422f334437f32388d040d71
unpack001/Win32.EarthKrahang_20240404/d31d135bc450eafa698e6b7fb5d11b4926948163af09122ca1c568284d8b33b3
unpack004/คำบอกกล่าวคำฟ้องจดหมายรายงานเด็กจดหมายรายงานเด็ก.doc.exe
unpack001/Win32.EarthKrahang_20240404/dd469fbf68f6bf71e495b3e497e31d17aa1d0af918a943f8637dd3304f840740
unpack001/Win32.EarthKrahang_20240404/e0f109836a025d4531ea895cebecc9bdefb84a0cc747861986c4bc231e1d4213
unpack005/_MACOSX/_DOCX/hh.hsnx
unpack006/GoogleVaS/1.dll
unpack006/GoogleVaS/2.dll
unpack006/GoogleVaS/RuntimeInit.exe
unpack001/Win32.EarthKrahang_20240404/ee41eb21f439b1168ae815ca067ee91d84d6947397d71e214edc6868dbf4f272
unpack001/Win32.EarthKrahang_20240404/ef4a2cfe4d9d3495d4957a65299f608f7b823fab0699fded728fd3900c0b2bb4
unpack001/Win32.EarthKrahang_20240404/f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e
unpack007/out.upx
unpack001/Win32.EarthKrahang_20240404/f5b6c0d73c513c3c8efbcc967d7f6865559e90d59fb78b2b15394f22fd7315cb
unpack001/Win32.EarthKrahang_20240404/f66a6b49a23cf3cc842a84d955c0292e7d1c0718ec4e78d4513e18b6c53a94ac
unpack001/Win32.EarthKrahang_20240404/fe4fad660bb44e108ab07d812f8b1bbf16852c1b881a5e721a9f811cae317f39
unpack008/GoogleUpdate.exe
unpack008/advapi64.dll
unpack008/svrhost.exe
unpack008/twain_64.dll

Files

EarthKrahang_20240404.zip
.zip

Password: infected
Win32.EarthKrahang_20240404/01b09cb97a58ea0f9bf2b98b38b83f0cfc9f97f39f7bfd73a990c9b00bcdb66c
.dll windows:5 windows x64 arch:x64

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
SetEvent
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
WaitForSingleObject
CreateThread
CloseHandle
FindResourceExW
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapReAlloc
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetStockObject

ws2_32

WSAGetLastError
htons
ntohs
getservbyport
recv
socket
getservbyname
inet_addr
closesocket
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAStartup
inet_ntoa
connect
getsockname
bind
WSASendTo
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
setsockopt
WSASetLastError

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/05b63707ca3cad54085e521aee84c7472ff7b3fe05e22fd65c8e2ee6f36c6243
.dll windows:5 windows x64 arch:x64

ff5272bd157bde6e8e1f728cc74f6a9c

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76
Signer

Actual PE Digest

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetEvent
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
WaitForSingleObject
CreateThread
FindResourceExW
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapSize
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
GetKeyState
GetAsyncKeyState
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

gdi32

RealizePalette
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectPalette
GetStockObject

ws2_32

ntohs
getservbyport
recv
socket
getservbyname
WSASetLastError
htons
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAGetLastError
inet_addr
WSAStartup
inet_ntoa
connect
getsockname
WSASendTo
getnameinfo
getaddrinfo
setsockopt
WSARecvFrom
bind
freeaddrinfo
closesocket

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/0f0663fc26b18212485149e3e22c3dd4b8900ea8dca7c084dbe09fef02cfdade
.elf linux x64
Win32.EarthKrahang_20240404/0ff80e4db32d1d45a0c2afdfd7a1be961c0fbd9d43613a22a989f9024cc1b1e9
.dll windows:5 windows x86 arch:x86

6a407cef00572710348b8f1c81e1baa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
WriteConsoleW
GetProcAddress
Sleep
ExitProcess
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapFree
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/10b2a7c9329b232e4eef81bac6ba26323e3683ac1f8a99d3a9f8965da5036b6f
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/15412d1a6b7f79fad45bcd32cf82f9d651d9ccca082f98a0cca3ad5335284e45
.elf linux x64
Win32.EarthKrahang_20240404/18f4f14857e9b7e3aa1f6f21f21396abd5f421342b7f4d00402a4aff5a538fa1
.exe windows:5 windows x86 arch:x86

72dcfd45fc07c9b057d58292f7f37995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
OpenProcess
GetLogicalDriveStringsW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
CreateThread
GetTickCount
CloseHandle
CreatePipe
GetACP
ReadFile
Sleep
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
FindResourceExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapCreate
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToLocalFileTime
FindFirstFileExW
ExitProcess
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetEnvironmentVariableA

user32

wsprintfW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
LookupAccountSidW

ws2_32

ntohl
htonl
inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
recv
WSAStartup
gethostname
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/1d3d460b22f70cc26252673e12dfd85da988f69046d6b94602576270df590b2c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/1e278cfe8098f3badedd5e497f36753d46d96d81edd1c5bee4fc7bc6380c26b3
.dll windows:5 windows x64 arch:x64

0050e2be629782ee695e498cc353d014

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a
Signer

Actual PE Digest

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
CreateFileA
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetFileAttributesA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

SetNamedSecurityInfoA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/241737842eb17676b3603e2f076336b7bc6304accef3057401264affb963bef8
.dll windows:5 windows x64 arch:x64

73e99252f600993c4314cad380b93478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vs2010\远控\newmm\client\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
CreateFileW
SetEndOfFile
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
GetTickCount
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
RtlUnwindEx
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
SetEnvironmentVariableA
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
QueryPerformanceCounter
CreateThread
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
LoadLibraryW
FindResourceExW
MoveFileA
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
ResumeThread
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee

user32

keybd_event
OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
GetKeyState
GetAsyncKeyState
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

ws2_32

closesocket
shutdown
socket
sendto
setsockopt
htons
inet_addr
WSAIoctl
htonl
ntohl
send
recvfrom
gethostbyname
recv
WSAStartup
inet_ntoa
connect

gdi32

GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetStockObject
CreateDIBSection

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/2e012ba20ecb553745f7719bd477778ba75e324bfec44d03a27a010dac7a2780
Win32.EarthKrahang_20240404/2e3645c8441f2be4182869db5ae320da00c513e0cb643142c70a833f529f28aa
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

79ed833f90b585ce7dfa89a34d1b1961

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\newmm\client\CallDll\Release\svrhost.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
Sleep
CreateProcessA
GetModuleFileNameA
GetModuleHandleW
GetSystemInfo
GetSystemDirectoryW
CreateProcessW
VirtualAllocEx
LoadResource
CreateRemoteThread
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
CreateFileW
CloseHandle
WriteProcessMemory
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW

advapi32

RegDeleteKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/2e850cb2a1d06d2665601cefd88802ff99905de8bc4ea348ea051d4886e780ee
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\方案四\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/35f16e469047cf4ef78f87a616d26ec09e3d6a3d7a51415ea34805549a41dcfa
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/3f0aa01ed70bc2ab29557521a65476ec2ff2c867315067cc8a5937d63bcbe815
.exe windows:5 windows x86 arch:x86

dd131c8f893de23bacd65ea0c28b3904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

FindNextFileW
GetLogicalDriveStringsW
OpenProcess
lstrlenW
Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetVersionExW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
FindClose
GetPrivateProfileStringW
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
SetFileAttributesW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateProcessA
GetExitCodeProcess
CopyFileW
FindFirstFileW
GetTickCount
CreatePipe
GetACP
ReadFile
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
CreateThread
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
DeleteFileW
Sleep
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
CreateDirectoryW
FindResourceExW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
GetFileAttributesA
IsValidCodePage
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineW
FindFirstFileExW
FileTimeToLocalFileTime
ExitProcess
DecodePointer
EncodePointer
MoveFileW
GetSystemTimeAsFileTime
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW

user32

GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
wsprintfW
OpenClipboard

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
EnumServicesStatusExW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LookupAccountSidW
RegSetValueExW

ws2_32

inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
gethostname
WSAStartup
recv
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
htonl
ntohl
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/4529f3751102e7c0a6ec05c6a987d0cc5edc08f75f287dd6ac189abbd1282014
.dll windows:5 windows x86 arch:x86

44af9e9895a06884e7aa562f1682f89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexW
GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/484578b6e7e427a151c309bdc00c90b1c0faf25a8581cace55e2c25ec34056e0
.dll windows:5 windows x86 arch:x86

4f4a0d710820cd26ca971a182d009e03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetModuleHandleW
VirtualProtect
GetLastError
HeapFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapAlloc
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
InterlockedIncrement
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetProcAddress
RaiseException
Sleep
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
HeapReAlloc
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW
CloseHandle
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
ReadFile

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/4b653253049a65142f827706203de55f03abccbcddac3ed2171d79bf8186eda9
.lnk
Win32.EarthKrahang_20240404/4cb020a66fdbc99b0bce2ae24d5684685e2b1e9219fbdfda56b3aace4e8d5f66
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\code\Desktop\tools\reshell\Client\Client\obj\Release\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/50cdd2397836d33a8dc285ed421d9b7cc69e38ba0421638235206fd466299dab
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/521b3add2ab6cee5a5cfd53b78e08ef2214946393d2a156c674606528b05763a
.exe windows:5 windows x64 arch:x64

1697b3be084ae28a187684e3cb068045

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:57:99:1f:f8:44:73:13:12:cb:fc:27:71:12:10:82:ac:f5:4c:44
Signer

Actual PE Digest

3c:57:99:1f:f8:44:73:13:12:cb:fc:27:71:12:10:82:ac:f5:4c:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\完成\CallDll\x64\Release\lass.pdb

Imports

kernel32

LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
GetACP
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
CreateMutexA
WriteProcessMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLastError
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
Sleep
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FindResourceExW
CloseHandle
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
VirtualAllocEx
GetFileAttributesA
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829
.dll windows:5 windows x64 arch:x64

4c34f628c708b4f1d498e2c50ee07d05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\newmm_v1\client\CallDll\x64\Release\1.pdb

Imports

kernel32

LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetProcAddress
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
GetTickCount
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
FindResourceExW
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetPrivateProfileStringA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

GetSystemMetrics

advapi32

GetNamedSecurityInfoA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

ws2_32

ntohl
closesocket
connect
select
setsockopt
__WSAFDIsSet
gethostname
htonl
WSAStartup
gethostbyname
recv
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
inet_ntoa

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

psapi

GetProcessImageFileNameA

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/5a32bf21904387d469d4f8cdaff46048e99666fc9b4d74872af9379df7979bfe
.dll windows:5 windows x64 arch:x64

0050e2be629782ee695e498cc353d014

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:b7:f1:9e:ce:0d:9f:84:31:6f:2b:6c:4c:5f:7b:55:6c:28:4d:51
Signer

Actual PE Digest

c1:b7:f1:9e:ce:0d:9f:84:31:6f:2b:6c:4c:5f:7b:55:6c:28:4d:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
CreateFileA
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetFileAttributesA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

SetNamedSecurityInfoA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/5a6a0e01949799dc72c030b4ad8149446624dcd9645ba3eefda981c3fda26472
.dll windows:5 windows x64 arch:x64

8651a4ae63973c7610679098817472d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\newmm_v1\client\CallDll\x64\Release\2.pdb

Imports

kernel32

QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
CreateFileW
SetEndOfFile
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
RtlUnwindEx
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
SetEnvironmentVariableA
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetTickCount
CreateThread
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
LoadLibraryW
FindResourceExW
MoveFileA
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
ResumeThread
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo

user32

keybd_event
OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipAlloc

ws2_32

closesocket
shutdown
gethostbyname
socket
sendto
htons
inet_addr
recvfrom
WSAIoctl
ioctlsocket
WSAStartup
htonl
ntohl
inet_ntoa
send
recv
connect
setsockopt

gdi32

GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetStockObject
CreateDIBSection

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/5b17bc2a89727700f94570b0dddc12b315db34dbbd79186177167abbb173cee5
.dll windows:6 windows x86 arch:x86

579d348c37320b780ff725c1c602169f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\test\Desktop\dot_内存加载\Blick\Blick\Release\Blick.pdb

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
WriteConsoleW
CreateFileW
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
DecodePointer

user32

wsprintfA

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/5e1839fed3562d559166f7f9d3e388cdd21da83b67ccb70fa4121825b91469d6
.dll windows:6 windows x64 arch:x64

b2e40ed300e098375c35c4d32587f17f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\test\Desktop\dot_内存加载\Blick_x64\x64\Release\Blick.pdb

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
VirtualAlloc
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
WriteConsoleW
CreateFileW
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
RtlUnwind

user32

wsprintfA

Exports

Exports

McVsoCfgGetObject
RasEapFreeMemory
RasEapGetIdentity
RasEapInvokeConfigUI
RasEapInvokeInteractiveUI

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
.elf linux x64
Win32.EarthKrahang_20240404/63b7d8c4c740c54ab91db94dd89b2c8313ecb7ba13524c646fdb10facf5c470d
.lnk
Win32.EarthKrahang_20240404/67ad30c3359b377d1964a5add97d2dc96b855940685131b302d5ba2c907ef355
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\code\Desktop\tools\reshell\Client\Client\obj\Release\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/6a4e32229e5ca41e8eca99cefe5beef3e3621c2199f8844b4d218c14b5481534
.dll windows:6 windows x86 arch:x86

f78ea6f40cd2c51721ae135bf7d2f0eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\source\Blick\Release\Blick.pdb

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
WriteConsoleW
CreateFileW
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
DecodePointer

user32

wsprintfA

Exports

Exports

king1
king2
king3
king4

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/6c006620062b40b22d00e7e73a93e6a7fa66ce720093b44b4a0f3ef809fa2716
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/6d03c6b7621990f84580eaa094393fbf896803c86779644506b115692b70bd64
.lnk
Win32.EarthKrahang_20240404/6fd7697efc137faf2d3ad5d63ffe4743db70f905a71dbed76207beeeb04732f2
.exe windows:5 windows x86 arch:x86

72dcfd45fc07c9b057d58292f7f37995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\1\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
OpenProcess
GetLogicalDriveStringsW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
CreateThread
GetTickCount
CloseHandle
CreatePipe
GetACP
ReadFile
Sleep
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
FindResourceExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapCreate
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToLocalFileTime
FindFirstFileExW
ExitProcess
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetEnvironmentVariableA

user32

wsprintfW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
LookupAccountSidW

ws2_32

ntohl
htonl
inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
recv
WSAStartup
gethostname
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/7102d6b76a4170203daa939072bba548960db436f85113cd1fca0bb554d95b3c
.dll windows:6 windows x86 arch:x86

579d348c37320b780ff725c1c602169f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\test\Desktop\dot_内存加载\Blick\Blick\Release\Blick.pdb

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
WriteConsoleW
CreateFileW
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
DecodePointer

user32

wsprintfA

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/7af402f4bd2b1a2d2d8b74fb7599860f3a90b7b6f66a519f2b4d31aeea2500aa
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\code\Desktop\noPac-main\noPac\obj\Release\noPac.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/7e5b05d29c3aa2aa178c3cc0338ba52b39dc89dafadeec7301f187db0b060372
.dll windows:6 windows x86 arch:x86

579d348c37320b780ff725c1c602169f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\test\Desktop\dot_内存加载\Blick\Blick\Release\Blick.pdb

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
SetFilePointer
CloseHandle
ExitProcess
TerminateProcess
ResumeThread
CreateProcessA
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
WriteConsoleW
CreateFileW
OutputDebugStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
DecodePointer

user32

wsprintfA

Exports

Exports

RasEapFreeMemory
RasEapGetIdentity
RasEapInvokeConfigUI
RasEapInvokeInteractiveUI

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/804387e43fdd1bd45b35e65d52d86882d64956b0a286e8721da402062f95a9e3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/8218c23361e9f1b25ee1a93796ef471ca8ca5ac672b7db69ad05f42eb90b0b8d
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

79ed833f90b585ce7dfa89a34d1b1961

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:33:61:80:c4:f6:42:3f:49:dd:13:53:79:92:6c:e9:9a:04:49:f9
Signer

Actual PE Digest

9f:33:61:80:c4:f6:42:3f:49:dd:13:53:79:92:6c:e9:9a:04:49:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\完成\CallDll\Release\svrhost.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
Sleep
CreateProcessA
GetModuleFileNameA
GetModuleHandleW
GetSystemInfo
GetSystemDirectoryW
CreateProcessW
VirtualAllocEx
LoadResource
CreateRemoteThread
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
CreateFileW
CloseHandle
WriteProcessMemory
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW

advapi32

RegDeleteKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/82f7bcda95fcc0e690159a2fbd7b3e38ef3ff9105496498f86d1fa9ff4312846
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\c2-demo\reshell\Client\Client\obj\Release\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/898a7527c065454ba9fad0e36469e12b214f5a3bd40a5ec7fcaf9b75afc34dce
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\control\ms\twain_64\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/98b5b4f96d4e1a9a6e170a4b2740ce1a1dfc411ada238e42a5954e66559a5541
.elf linux x64
Win32.EarthKrahang_20240404/992d3df19c453a84b5b46c5742fb22686c65eb48cfc71b0bbc7e94c0ef13e66e
.vbs
Win32.EarthKrahang_20240404/9ada058a558b7cadb238fc2c259f204369cd604e927f9712fd51262ca6987cb1
.exe windows:5 windows x64 arch:x64

fa041661526f5e4a92b502e172a4567b

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ad:bc:b1:a3:c1:fe:7b:39:24:1d:29
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

07/01/2020, 09:14

Not After

07/01/2022, 09:14

Subject

SERIALNUMBER=91310115084050098T,CN=上海指聚网络科技有限公司,O=上海指聚网络科技有限公司,STREET=奉贤区岚丰路1150号2幢3161室,L=上海,ST=上海,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13085348414e47484149,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ad:bc:b1:a3:c1:fe:7b:39:24:1d:29
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

07/01/2020, 09:14

Not After

07/01/2022, 09:14

Subject

SERIALNUMBER=91310115084050098T,CN=上海指聚网络科技有限公司,O=上海指聚网络科技有限公司,STREET=奉贤区岚丰路1150号2幢3161室,L=上海,ST=上海,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13085348414e47484149,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:73:e7:da:53:4d:a4:87:be:f7:42:15:b4:56:e3:6a:d6:30:e9:3e:b7:08:da:69:f4:4b:a8:50:a1:4c:23:df
Signer

Actual PE Digest

c8:73:e7:da:53:4d:a4:87:be:f7:42:15:b4:56:e3:6a:d6:30:e9:3e:b7:08:da:69:f4:4b:a8:50:a1:4c:23:df

Digest Algorithm

sha256

PE Digest Matches

true

c9:0c:87:b0:48:f2:e6:4b:ef:a8:79:1e:dd:f5:ff:66:9b:a2:76:da
Signer

Actual PE Digest

c9:0c:87:b0:48:f2:e6:4b:ef:a8:79:1e:dd:f5:ff:66:9b:a2:76:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\完成\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
CreateToolhelp32Snapshot
WriteProcessMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Process32NextW
Process32FirstW
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
Sleep
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
VirtualAllocEx
GetFileAttributesA
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/9d4e18ae979bdf6b57e685896b350b23c428d911eee14af133c3ee7d208f8a82
.exe windows:5 windows x64 arch:x64

fa041661526f5e4a92b502e172a4567b

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:20:24:89:25:89:cb:87:a6:4b:89:b2:fb:a6:27:82:95:2d:c9:38
Signer

Actual PE Digest

0f:20:24:89:25:89:cb:87:a6:4b:89:b2:fb:a6:27:82:95:2d:c9:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\完成\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
CreateToolhelp32Snapshot
WriteProcessMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Process32NextW
Process32FirstW
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
Sleep
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
VirtualAllocEx
GetFileAttributesA
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/a2c3073fa5587f8a70d7def7fd8355e1f6d20eb906c3cd4df8c744826cb81d91
.elf linux x64
Win32.EarthKrahang_20240404/a4f59d4d42e42b882068cacf8b70f314add963e2cbbf7a52e70df130bfe23dff
.exe windows:6 windows x64 arch:x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 417KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/a99bf162a8588b2f318c9460aef78851bd64e4826c2cb124984d2ab357a6beea
.elf linux x86
Win32.EarthKrahang_20240404/acfcf97ee4ff5cc7f5ecdc6f92ea132e29c48400ab6244de64f9b9de4368deb2
.zip
GoogleUps/1.dll
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleUps/2.dll
.dll windows:5 windows x64 arch:x64

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
SetEvent
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
WaitForSingleObject
CreateThread
CloseHandle
FindResourceExW
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapReAlloc
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetStockObject

ws2_32

WSAGetLastError
htons
ntohs
getservbyport
recv
socket
getservbyname
inet_addr
closesocket
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAStartup
inet_ntoa
connect
getsockname
bind
WSASendTo
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
setsockopt
WSASetLastError

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleUps/GoogleUpdate.exe
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\方案四\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleUps/GoogleUpdate.lnk
.lnk
GoogleUps/id.data
Win32.EarthKrahang_20240404/b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682
.exe windows:4 windows x86 arch:x86

4fbf3f084fbbb2470b80b2013134df35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wldap32

ord304
ord54
ord309
ord301
ord310
ord17
ord45
ord36
ord37
ord77
ord22
ord197
ord121
ord32
ord26
ord30
ord135
ord136
ord34
ord35
ord200
ord41
ord33
ord27
ord177
ord191
ord195
ord204
ord50
ord211
ord60
ord217
ord13
ord38
ord223
ord79

crypt32

CertFreeCertificateContext

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSidToStringSidA
ConvertStringSidToSidA
GetLengthSid
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
IsValidSid
LookupAccountSidA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
IsValidSecurityDescriptor

kernel32

CloseHandle
CompareStringW
CreateDirectoryA
CreateEventW
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoW
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FlushConsoleInputBuffer
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesExA
GetFileType
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetSystemTime
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFileTimeToFileTime
LocalFree
MultiByteToWideChar
RaiseException
ReadConsoleInputA
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SignalObjectAndWait
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteFile
lstrcpynW
lstrlenW

wsock32

ntohs

user32

CharNextW
CharUpperBuffW
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringW
MessageBoxA
MessageBoxW
wsprintfA

ole32

CLSIDFromString
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 858KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 393KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/b153e10c95bb8bfa6dbf5835067c5b45840f057a38ef9b8871b6dc40edcf601f
.elf linux x64
Win32.EarthKrahang_20240404/b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865
.elf linux x86
Win32.EarthKrahang_20240404/b4c470be7e434dac0b61919a6b0c5b10cf7a01a22c5403c4540afdb5f2c79fab
.dll windows:5 windows x64 arch:x64

ff5272bd157bde6e8e1f728cc74f6a9c

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76
Signer

Actual PE Digest

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetEvent
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
WaitForSingleObject
CreateThread
FindResourceExW
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapSize
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
GetKeyState
GetAsyncKeyState
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

gdi32

RealizePalette
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectPalette
GetStockObject

ws2_32

ntohs
getservbyport
recv
socket
getservbyname
WSASetLastError
htons
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAGetLastError
inet_addr
WSAStartup
inet_ntoa
connect
getsockname
WSASendTo
getnameinfo
getaddrinfo
setsockopt
WSARecvFrom
bind
freeaddrinfo
closesocket

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/b8f2da1eefa09077d86a443ad688080b98672f171918c06e2b3652df783be03a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/bb4e7b0c969895fc9836640b80e2bdc6572d214ba2ee55b77588f8a4eedea5a4
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\方案四\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 15.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 454KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff
.elf linux x64
Win32.EarthKrahang_20240404/c14f6ac5bcd8645eb80a612a6bf6d58c31b0e28e50be871f278c341ed1fa8c7c
.exe windows:5 windows x86 arch:x86

c9e1151a3bc687c5cdf8f1196a82f49a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\aaa\Client\Release\Client.pdb

Imports

kernel32

GetWindowsDirectoryA
GetLastError
GetModuleFileNameA
CreateMutexA
GetCurrentProcessId
GetCurrentProcess
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
LocalFree
GetTempPathA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
GetLogicalDriveStringsA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
GetTickCount
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
WriteFile
PeekNamedPipe
DeleteFileA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
GetModuleFileNameW
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
VirtualQuery
VirtualAlloc
VirtualProtect
Sleep
SetUnhandledExceptionFilter
WritePrivateProfileStringA
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
FileTimeToLocalFileTime
FindFirstFileExA
MoveFileA
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

GetDC
ReleaseDC
GetSystemMetrics

advapi32

GetTokenInformation
OpenServiceA
CloseServiceHandle
EnumServicesStatusExA
StartServiceA
QueryServiceStatus
OpenSCManagerA
ControlService
OpenProcessToken
DuplicateToken
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupAccountSidA

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipGetImageEncoders
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdiplusStartup
GdipFree
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromFile

ws2_32

select
setsockopt
__WSAFDIsSet
gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
connect
ntohl
htonl
closesocket

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

psapi

GetProcessImageFileNameA

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
CreateDCA
GetDeviceCaps
CreateDIBSection
DeleteDC
BitBlt
GetObjectA

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/c2bb47ac533d1413c829a1453b2b854b95aabebf1b26b446bd1ad0838f1e09de
.elf linux x64
Win32.EarthKrahang_20240404/c377b79732e93f981998817e6f0e8664578b474445ba11b402c70b4b0357caab
.dll windows:5 windows x64 arch:x64

cb71a490ecb73033ec688f4f4d3c5653

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\mm\mm\newmm_v1\client\x64\CallDll\x64\Release\mfcr10d.pdb

Imports

kernel32

QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
CreateFileW
SetEndOfFile
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
RtlUnwindEx
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
SetEnvironmentVariableA
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetTickCount
CreateThread
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
LoadLibraryW
FindResourceExW
MoveFileA
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
ResumeThread
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo

user32

keybd_event
OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipAlloc

ws2_32

closesocket
shutdown
socket
sendto
htons
inet_addr
recvfrom
WSAIoctl
WSAStartup
gethostbyname
inet_ntoa
htonl
ntohl
ioctlsocket
send
recv
connect
setsockopt

gdi32

GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetStockObject
CreateDIBSection

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e
.exe windows:4 windows x86 arch:x86

2fa43c5392ec7923ababced078c2f98d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
gethostbyaddr
gethostbyname
recvfrom
sendto
ntohl
select
__WSAFDIsSet
socket
htonl
htons
bind
WSAGetLastError
ntohs
inet_addr
WSACleanup

kernel32

GetLastError
Sleep

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
strpbrk
_adjust_fdiv
fflush
fputc
fputs
_iob
strchr
fprintf
memset
printf
fopen
atoi
exit
puts
strcmp
strerror
_errno
_strdup
_assert
putc
vfprintf
calloc
malloc
_pctype
_isctype
__mb_cur_max
sprintf
strncmp
strcpy
strncpy
memcpy
strlen
ctime
time
strtok

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Win32.EarthKrahang_20240404/ccd4a648cc2c4a5bbcd148f9c182f4c9595440a41dd3ea289a11609063c86a6d
.exe windows:5 windows x86 arch:x86

d32519c93924bb24d9874d86c5993ee3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
FlushFileBuffers
GetFileAttributesW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
SetFileTime
GetFileType
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
CompareStringW
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
MultiByteToWideChar
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
OemToCharBuffA
LoadIconW
LoadBitmapW
PostMessageW
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
GetSysColor

gdi32

GetObjectW
DeleteObject
GetDeviceCaps
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHChangeNotify
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/d096c3a67634599bc47151f0e01a7423a3eb873377371b2b928c0d4f57635a1f
.exe windows:6 windows x64 arch:x64

52f5ba0ac0400643e82f1245ff2a57ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
GetCurrentProcess
WaitForDebugEvent
TerminateProcess
InitializeProcThreadAttributeList
CreateFileW
ContinueDebugEvent
UpdateProcThreadAttribute
LoadLibraryA
HeapReAlloc
HeapAlloc
GetProcAddress
GetProcessHeap
CreateProcessW
lstrcpyW
EncodePointer
RtlPcToFileHeader
RaiseException
LocalFree
CloseHandle
GetLastError
CreateEventW
LocalAlloc
WaitForSingleObject
DeleteProcThreadAttributeList
SetLastError
WriteConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetFileType
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
RtlUnwindEx

user32

wsprintfW

advapi32

CreateWellKnownSid

ole32

CoInitializeEx

oleaut32

SysFreeString
SysAllocString

ntdll

NtQueryInformationProcess
NtClose
NtDuplicateObject
RtlCaptureContext
RtlLookupFunctionEntry
__C_specific_handler
RtlVirtualUnwind
memset
memcpy
_local_unwind
memmove

rpcrt4

RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcRaiseException
RpcBindingFree
NdrAsyncClientCall
RpcStringBindingComposeW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/d176951b9ff3239b659ad57b729edb0845785e418852ecfeef1669f4c6fed61b
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\newmm_v1\client\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/d17fe5bc3042baf219e81cbbf991749dfcd8b6d73cf6506a8228e19910da3578
.exe windows:5 windows x86 arch:x86

72dcfd45fc07c9b057d58292f7f37995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
OpenProcess
GetLogicalDriveStringsW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
CreateThread
GetTickCount
CloseHandle
CreatePipe
GetACP
ReadFile
Sleep
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
FindResourceExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapCreate
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToLocalFileTime
FindFirstFileExW
ExitProcess
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetEnvironmentVariableA

user32

wsprintfW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
LookupAccountSidW

ws2_32

ntohl
htonl
inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
recv
WSAStartup
gethostname
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/d2cc1135c314f526f88fbe19f25d94899d52de7e3422f334437f32388d040d71
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\admin\Desktop\7z.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/d31d135bc450eafa698e6b7fb5d11b4926948163af09122ca1c568284d8b33b3
.dll windows:5 windows x64 arch:x64

0050e2be629782ee695e498cc353d014

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
CreateFileA
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetFileAttributesA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

SetNamedSecurityInfoA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/da1c9cb862b0be89819a94335eea8bf5ab56e08a1f4ca0ef92fe8d46fd2b1577
.rar
คำบอกกล่าวคำฟ้อง.doc
.doc windows office2003
คำบอกกล่าวคำฟ้องจดหมายรายงานเด็กจดหมายรายงานเด็ก.doc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/dd469fbf68f6bf71e495b3e497e31d17aa1d0af918a943f8637dd3304f840740
.exe windows:4 windows x64 arch:x64

dcad2a11e2f90b82d9d8c5bd5929bdb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
FormatMessageA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_read
_setjmp
_strdup
_time64
_ultoa
_unlock
_write
abort
calloc
exit
fprintf
fputc
fputs
free
fwrite
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
srand
strcmp
strerror
strlen
strncmp
strtol
vfprintf
wcslen

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/e0f109836a025d4531ea895cebecc9bdefb84a0cc747861986c4bc231e1d4213
.exe windows:5 windows x86 arch:x86

72dcfd45fc07c9b057d58292f7f37995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
OpenProcess
GetLogicalDriveStringsW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
CreateThread
GetTickCount
CloseHandle
CreatePipe
GetACP
ReadFile
Sleep
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
FindResourceExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapCreate
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToLocalFileTime
FindFirstFileExW
ExitProcess
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetEnvironmentVariableA

user32

wsprintfW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
LookupAccountSidW

ws2_32

ntohl
htonl
inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
recv
WSAStartup
gethostname
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/e42466863837a655b814d2fb6aa2381369b8c5a9fe100e512085617f775dac36
.rar
_MACOSX/_DOCX/aa.bat
_MACOSX/_DOCX/hh.hsnx
.exe windows:5 windows x86 arch:x86

72dcfd45fc07c9b057d58292f7f37995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\1\ShenTou\newmm\mm\Client\Release\Client.pdb

Imports

kernel32

Process32FirstW
QueryDosDeviceW
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
CreateMutexA
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
GetPrivateProfileStringW
lstrlenW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
RemoveDirectoryW
GetFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
OpenProcess
GetLogicalDriveStringsW
DeleteFileW
FindNextFileW
FindClose
CopyFileW
FindFirstFileW
CreateThread
GetTickCount
CloseHandle
CreatePipe
GetACP
ReadFile
Sleep
GetSystemDirectoryW
WriteFile
CreateProcessW
PeekNamedPipe
SetUnhandledExceptionFilter
WritePrivateProfileStringW
LockResource
FindResourceExW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WideCharToMultiByte
GetStringTypeW
SetStdHandle
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapCreate
GetTimeZoneInformation
LCMapStringW
GetFullPathNameA
GetDriveTypeW
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileW
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToLocalFileTime
FindFirstFileExW
ExitProcess
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetEnvironmentVariableA

user32

wsprintfW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
LookupAccountSidW

ws2_32

ntohl
htonl
inet_ntoa
gethostbyname
connect
select
setsockopt
__WSAFDIsSet
recv
WSAStartup
gethostname
send
ioctlsocket
WSAIoctl
recvfrom
inet_addr
htons
sendto
socket
shutdown
closesocket

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

psapi

GetProcessImageFileNameW

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_MACOSX/_DOCX/password.txt
password.txt.lnk
.lnk
salary.rar
.rar
Win32.EarthKrahang_20240404/ea140cc8da39014c1454c3f6a036d5f43aa26c215cb9981ab2b7076f2388b73e
.zip
GoogleVaS/1.dll
.dll windows:5 windows x64 arch:x64

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
GetLastError
CreateFileA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
GetSystemInfo
SetFileAttributesA
GetPrivateProfileStringA
GetFileTime
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
lstrcpyA
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
lstrcatA
OpenProcess
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CloseHandle
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExW
LoadResource
FindResourceW
RemoveDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
FileTimeToLocalFileTime
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleVaS/2.dll
.dll windows:5 windows x64 arch:x64

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
SetEvent
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
WaitForSingleObject
CreateThread
CloseHandle
FindResourceExW
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapReAlloc
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetStockObject

ws2_32

WSAGetLastError
htons
ntohs
getservbyport
recv
socket
getservbyname
inet_addr
closesocket
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAStartup
inet_ntoa
connect
getsockname
bind
WSASendTo
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
setsockopt
WSASetLastError

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleVaS/RuntimeInit.exe
.exe windows:5 windows x64 arch:x64

4ae770c3d3f6130d918943dc30985e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\方案四\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
VirtualAllocEx
LoadLibraryW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Sleep
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
WriteProcessMemory
EncodePointer
DecodePointer
ExitProcess
GetFileAttributesA
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleVaS/RuntimeInit.lnk
.lnk
GoogleVaS/id.data
Win32.EarthKrahang_20240404/ebdf3d3e0867b29e66d8b7570be4e6619c64fae7e1fbd052be387f736c980c8e
.elf linux x64
Win32.EarthKrahang_20240404/ee41eb21f439b1168ae815ca067ee91d84d6947397d71e214edc6868dbf4f272
.dll windows:5 windows x64 arch:x64

938145366590c326ad28ef476d306ad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vs2010\远控\newmm\client\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

OpenProcess
lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
Process32First
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
FindResourceExW
SystemTimeToFileTime
CreateFileA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

GetSystemMetrics

advapi32

SetEntriesInAclA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

ws2_32

ntohl
closesocket
ioctlsocket
connect
select
__WSAFDIsSet
gethostname
htonl
WSAStartup
gethostbyname
recv
send
WSAIoctl
recvfrom
inet_addr
htons
setsockopt
sendto
socket
shutdown
inet_ntoa

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

psapi

GetProcessImageFileNameA

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/ef4a2cfe4d9d3495d4957a65299f608f7b823fab0699fded728fd3900c0b2bb4
.exe windows:4 windows x64 arch:x64

d6bd24460437f69b34bd43a69c1f6f94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
FormatMessageA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
HeapWalk
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
Thread32First
Thread32Next
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_read
_setjmp
_strcmpi
_strdup
_time64
_ultoa
_unlock
_wcsnicmp
_write
abort
calloc
clock
exit
fprintf
fputc
fputs
free
fwrite
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
srand
strcmp
strerror
strlen
strncmp
strstr
vfprintf
wcslen

user32

EnumThreadWindows

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1
.elf linux x64
Win32.EarthKrahang_20240404/f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 17.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512KB - Virtual size: 942KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/f5b6c0d73c513c3c8efbcc967d7f6865559e90d59fb78b2b15394f22fd7315cb
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/f66a6b49a23cf3cc842a84d955c0292e7d1c0718ec4e78d4513e18b6c53a94ac
.dll windows:5 windows x64 arch:x64

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
SetEvent
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
WaitForSingleObject
CreateThread
CloseHandle
FindResourceExW
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapReAlloc
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetStockObject

ws2_32

WSAGetLastError
htons
ntohs
getservbyport
recv
socket
getservbyname
inet_addr
closesocket
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAStartup
inet_ntoa
connect
getsockname
bind
WSASendTo
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
setsockopt
WSASetLastError

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/f6993e767306d4cbf676bf3c4a56fc2ad1d5cb6c4f67563f6de2f28b79f2b934
.lnk
Win32.EarthKrahang_20240404/fe4fad660bb44e108ab07d812f8b1bbf16852c1b881a5e721a9f811cae317f39
.exe windows:5 windows x64 arch:x64

fa041661526f5e4a92b502e172a4567b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\newmm\client\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
CreateToolhelp32Snapshot
WriteProcessMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Process32NextW
Process32FirstW
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
Sleep
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
VirtualAllocEx
GetFileAttributesA
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.EarthKrahang_20240404/ffef75582ad185c58135cf02e347c0ad6d46751fcfbb803dc3e70b73729e6136
.rar .vbs polyglot
GoogleUpdate.exe
.exe windows:5 windows x64 arch:x64

fa041661526f5e4a92b502e172a4567b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\newmm\client\CallDll\x64\Release\GoogleUpdate.pdb

Imports

kernel32

LoadLibraryW
OutputDebugStringW
OutputDebugStringA
GetCurrentProcess
GetVersionExW
FindFirstFileW
OpenProcess
WideCharToMultiByte
GetFileAttributesW
TerminateProcess
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
GetModuleHandleW
VirtualFreeEx
GetProcAddress
CreateToolhelp32Snapshot
WriteProcessMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Process32NextW
Process32FirstW
CreateMutexA
GetLastError
GetModuleFileNameW
DeleteFileW
Sleep
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
FindResourceExW
GetFileTime
CreateFileW
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
VirtualAllocEx
GetFileAttributesA
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringW
GetStringTypeW

user32

PostThreadMessageW
wsprintfW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
OpenServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advapi64.dll
.dll windows:5 windows x64 arch:x64

73e99252f600993c4314cad380b93478

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vs2010\远控\newmm\client\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
CreateFileW
SetEndOfFile
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
GetTickCount
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
RtlUnwindEx
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
SetEnvironmentVariableA
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
QueryPerformanceCounter
CreateThread
CloseHandle
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
LoadLibraryW
FindResourceExW
MoveFileA
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ExitThread
ResumeThread
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee

user32

keybd_event
OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
GetKeyState
GetAsyncKeyState
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

ws2_32

closesocket
shutdown
socket
sendto
setsockopt
htons
inet_addr
WSAIoctl
htonl
ntohl
send
recvfrom
gethostbyname
recv
WSAStartup
inet_ntoa
connect

gdi32

GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetStockObject
CreateDIBSection

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
id.data
microsoft.vbs
.vbs
svrhost.exe
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

79ed833f90b585ce7dfa89a34d1b1961

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\newmm\client\CallDll\Release\svrhost.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
Sleep
CreateProcessA
GetModuleFileNameA
GetModuleHandleW
GetSystemInfo
GetSystemDirectoryW
CreateProcessW
VirtualAllocEx
LoadResource
CreateRemoteThread
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
CreateFileW
CloseHandle
WriteProcessMemory
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW

advapi32

RegDeleteKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twain_64.dll
.dll windows:5 windows x64 arch:x64

938145366590c326ad28ef476d306ad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vs2010\远控\newmm\client\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

OpenProcess
lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
GetFileAttributesA
Process32First
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
FindResourceExW
SystemTimeToFileTime
CreateFileA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

GetSystemMetrics

advapi32

SetEntriesInAclA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

ws2_32

ntohl
closesocket
ioctlsocket
connect
select
__WSAFDIsSet
gethostname
htonl
WSAStartup
gethostbyname
recv
send
WSAIoctl
recvfrom
inet_addr
htons
setsockopt
sendto
socket
shutdown
inet_ntoa

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

psapi

GetProcessImageFileNameA

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

gdiplus

gdi32

ws2_32

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 9KB - Virtual size: 20KB

.pdata Size: 15KB - Virtual size: 14KB

text Size: 4KB - Virtual size: 3KB

data Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 3KB - Virtual size: 2KB

ff5272bd157bde6e8e1f728cc74f6a9c

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3cCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

gdiplus

gdi32

ws2_32

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 9KB - Virtual size: 20KB

.pdata Size: 15KB - Virtual size: 14KB

text Size: 4KB - Virtual size: 3KB

data Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 3KB - Virtual size: 2KB

6a407cef00572710348b8f1c81e1baa3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

dd827f37d7a4bd48ae5842c7bc39998e

Headers

DLL Characteristics

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 20KB

.pdata
Size: 15KB - Virtual size: 14KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 3KB - Virtual size: 2KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

f5:41:49:3d:cc:2d:c7:ea:90:4f:17:b4:46:72:f1:ad:d4:77:7a:76
Signer

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 9KB - Virtual size: 20KB

.pdata
Size: 15KB - Virtual size: 14KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a
Signer