1aefb49e60719eaa2745051e23b99060_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1aefb49e60719eaa2745051e23b99060_JaffaCakes118
Size

3.7MB
MD5

1aefb49e60719eaa2745051e23b99060
SHA1

f106880eb0635854b53e3984547d44826a120a7b
SHA256

db05e296b55c6f278d94ce63fa6e88dd2fa01b14aafb96b17131f4e1805dde25
SHA512

43ccebac80293c1864831f0d8d83faf6390d19ff181ac2f1946b636949b1a7fec865372227baff69018cc18feca297a533b1956db0e03ac26be910b4ab70e8e7
SSDEEP

98304:MjsohTm1H40yCJlBO9shXiNuvPheVTI4sA0eAFYAveq:joM1Y0ywLOShXCQsL9tOYAWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/$SYSDIR/cook.dll
unpack001/$SYSDIR/drvc.dll
unpack001/$SYSDIR/fscheck.dll
unpack001/$SYSDIR/pncrt.dll
unpack001/$SYSDIR/pndx5032.dll
unpack001/$SYSDIR/rmsp.ax
unpack001/CrashReport.exe
unpack001/Funshion.exe
unpack001/FunshionPlugin.dll
unpack001/GetMACAddress.dll
unpack001/LangResEnAmerican.dll
unpack001/RouterSetting.dll
unpack001/XPSP2Patch/EvID4226Patch.exe
unpack001/XPSP2Patch/SysOptimize.exe
unpack001/XPSP2Patch/funshion010.exe
unpack001/dbghelp.dll
unpack001/wmasf.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

1aefb49e60719eaa2745051e23b99060_JaffaCakes118
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:f8:8e:1a:c8:d0:a0:bc:ea:68:09:9a:04:06:b6:db
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/06/2007, 00:00

Not After

31/07/2008, 23:59

Subject

CN=Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

87:14:d4:87:9f:fe:0d:2a:7b:ab:fb:a7:82:ec:8e:83:3c:95:64:3f
Signer

Actual PE Digest

87:14:d4:87:9f:fe:0d:2a:7b:ab:fb:a7:82:ec:8e:83:3c:95:64:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NetType.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PROFILE/funshion/AD/ad1.html
$PROFILE/funshion/AD/ad10.html
$PROFILE/funshion/AD/ad2.html
$PROFILE/funshion/AD/ad3.html
$PROFILE/funshion/AD/ad4.html
$PROFILE/funshion/AD/ad5.html
$PROFILE/funshion/AD/ad6.html
$PROFILE/funshion/AD/ad7.html
$PROFILE/funshion/AD/ad8.html
$PROFILE/funshion/AD/ad9.html
$PROFILE/funshion/AD/bt_reco.html
.html .js polyglot
$SYSDIR/cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/fscheck.dll
.dll .js windows:4 windows x86 arch:x86 polyglot

d6b9a94a0c75777625df869de7af2621

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord4486
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord6375
ord2985
ord4274
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler

kernel32

LocalFree
LocalAlloc

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/funshion.ini
$SYSDIR/pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pndx5016.dll
$SYSDIR/pndx5032.dll
.dll windows:4 windows x86 arch:x86

3dff24d172f5031d837d000fcf3a81f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc

pncrt

free
_adjust_fdiv
malloc
_initterm

Exports

Exports

GetDevNodeStatus32Call
thk_ThunkData32

Sections

.text
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/rmoc3260.dll
.dll regsvr32 windows:4 windows x86 arch:x86

856609e709a6cabc2acd456e10aed0e4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/08/2006, 20:44

Not After

15/09/2007, 17:25

Subject

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b
Signer

Actual PE Digest

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
_adjust_fdiv
_ismbcspace
_open
_chsize
_fstat
_onexit
_read
_unlink
_putenv
_write
_sopen
_tell
_lseek
__dllonexit
malloc
_errno
_telli64
_lseeki64
memmove
_vsnprintf
strchr
isdigit
_stricmp
strncmp
printf
getenv
realloc
strstr
_snprintf
atol
atoi
sprintf
strncat
_purecall
??2@YAPAXI@Z
wcslen
wcsncpy
strncpy
strrchr
??3@YAXPAX@Z
free
_strnicmp
_strcmpi
_close
_creat

ole32

CoTaskMemAlloc
CreateBindCtx
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
CoGetMalloc

kernel32

CreateThread
InitializeCriticalSection
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CloseHandle
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
lstrcmpA
MultiByteToWideChar
DeleteFileA
WinExec
GetProcAddress
LoadLibraryA
FreeLibrary
SetErrorMode
DeleteCriticalSection
GetLocaleInfoA
GetVersion
GetLastError

user32

CreateDialogParamA
wsprintfA
CharNextA
CharPrevA
IsDialogMessageA
ReleaseDC
GetDC
PtInRect
SendMessageA
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
GetParent
DefWindowProcA
UnregisterClassA
WinHelpA
GetWindowLongA
ShowWindow
EqualRect
OffsetRect
SetWindowRgn
SetWindowLongA
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
GetActiveWindow
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
GetSysColor
FillRect
IntersectRect
CopyRect
GetClientRect
EnumChildWindows
UpdateWindow
LoadCursorA
RegisterClassA
CreateWindowExA
GetKeyState
InvalidateRect
GetClipboardFormatNameA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegCloseKey

gdi32

LPtoDP
CreateSolidBrush
CreateRectRgnIndirect
DeleteDC
SetMapMode
SetWindowOrgEx
DeleteObject
SetViewportOrgEx
GetDeviceCaps
CreateDCA

oleaut32

VariantClear
VariantInit
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame
SetErrorInfo
SysAllocStringLen
RegisterTypeLi
VariantChangeType

urlmon

URLDownloadToCacheFileA
HlinkSimpleNavigateToString
CreateURLMoniker
RegisterBindStatusCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/rmsp.ax
.dll regsvr32 windows:4 windows x86 arch:x86

f25cc945c2d756198bd6c7a975e31619

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\progs\guliverkli\src\filters\parser\realmediasplitter\release\RealMediaSplitter.pdb

Imports

kernel32

UnlockFile
SetEndOfFile
GetThreadLocale
GetFullPathNameA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
HeapAlloc
LockFile
RtlUnwind
HeapReAlloc
GetCommandLineA
GetProcessHeap
SetStdHandle
GetFileType
HeapSize
ExitProcess
GetACP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileTime
GetFileSize
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SetLastError
DeleteFileA
Sleep
RaiseException
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcessId
CreateThread
GetTickCount
SetThreadPriority
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
CompareStringW
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
HeapFree

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
UnregisterClassA
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
PostMessageA
GetSystemMetrics
GetWindowThreadProcessId
SendMessageA
GetParent
PostQuitMessage
DestroyMenu
SetWindowTextA
RegisterClassA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
CharUpperA
TabbedTextOutA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
SetViewportExtEx
PtVisible
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

PathIsUNCA
PathFindFileNameA
PathRemoveFileSpecA
PathAddBackslashA
PathStripToRootA

ole32

CLSIDFromString
CoTaskMemFree
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/funshion.ini
CrashReport.exe
.exe windows:4 windows x86 arch:x86

8cd541f927b9282ebc41af4bfe39db37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
GetModuleFileNameW
GetSystemTime
FindResourceW
LoadResource
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
WideCharToMultiByte
CreateFileA
ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
lstrcmpiW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
DeleteFileW
RaiseException
DeleteCriticalSection
CloseHandle
WriteFile
CreateFileW
SetLastError
FreeLibrary
GetLastError
LoadLibraryExW
SizeofResource
lstrlenW
GetModuleHandleW
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsGetValue
GetModuleFileNameA
GetStdHandle
EnterCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
TlsFree
TlsSetValue
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
HeapDestroy
HeapCreate
HeapSize
GetModuleHandleA
ExitProcess
TlsAlloc

user32

DefWindowProcW
IsDialogMessageW
ShowWindow
SetWindowPos
PostQuitMessage
LoadBitmapW
GetClientRect
GetWindowTextLengthW
GetWindowRect
GetWindowTextW
CharNextW
MapWindowPoints
PeekMessageW
GetParent
GetWindowLongW
SendMessageW
LoadImageW
DestroyWindow
GetSystemMetrics
UnregisterClassA
CreateDialogParamW
GetMessageW
GetWindow
GetDlgItem
TranslateMessage
SystemParametersInfoW
SetWindowLongW
DispatchMessageW

gdi32

DeleteObject
GetStockObject
CreateFontW

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

wininet

InternetOpenW
InternetCloseHandle
FtpPutFileW
FtpSetCurrentDirectoryW
InternetConnectW

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Funshion.exe
.exe windows:4 windows x86 arch:x86

2366912148320539a4f698bc55553f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build1.2.2\symbols\Funshion.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsA
PathFileExistsW

ws2_32

WSAStartup
ntohl
htonl
WSAGetLastError
select
WSACleanup
htons
bind
inet_addr
socket
setsockopt
connect
send
recv
closesocket
gethostname
WSASetLastError
gethostbyname
inet_ntoa
recvfrom
ntohs
__WSAFDIsSet
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSASend
WSAIoctl
ioctlsocket
WSARecvFrom
WSARecv
listen
WSASendTo
getsockopt
gethostbyaddr
getservbyport
getservbyname
accept
shutdown
sendto

wininet

InternetQueryOptionW
InternetSetOptionW
InternetConnectA
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestA
InternetOpenA
HttpEndRequestW
InternetSetCookieW
InternetGetConnectedState
InternetOpenW
InternetConnectW
InternetQueryDataAvailable
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
HttpSendRequestExW

kernel32

InitializeCriticalSection
GlobalAlloc
MulDiv
GetLastError
GlobalHandle
GlobalFree
GetVersionExW
lstrlenA
CreateDirectoryW
CreatePipe
lstrcpynA
CreateProcessW
IsDBCSLeadByteEx
GetSystemDirectoryW
SetCurrentDirectoryW
GetComputerNameW
GlobalMemoryStatus
lstrcatW
FindFirstFileW
FindNextFileW
GetModuleHandleW
CreateFileW
GetFileSizeEx
FindClose
CopyFileW
ExitProcess
GetDiskFreeSpaceExW
GetFileAttributesExW
GetDriveTypeW
TerminateThread
GetModuleFileNameA
RemoveDirectoryW
DeleteFileW
MoveFileW
SetFileAttributesW
MoveFileExW
LoadLibraryExW
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32FirstW
CopyFileA
Process32NextW
MoveFileA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadLocale
GetThreadLocale
ReadFile
ReleaseSemaphore
GetLocalTime
SetFilePointer
CreateSemaphoreW
ReleaseMutex
CreateMutexW
InterlockedCompareExchange
GetSystemTime
GetPrivateProfileStringA
GetPrivateProfileIntA
SetUnhandledExceptionFilter
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
SuspendThread
ResumeThread
lstrcmpW
GetThreadPriority
QueueUserWorkItem
PostQueuedCompletionStatus
lstrcpynW
CreateIoCompletionPort
GetQueuedCompletionStatus
SetFilePointerEx
SetEndOfFile
SleepEx
GetModuleHandleA
WriteFileEx
InterlockedExchangeAdd
OutputDebugStringA
GetSystemTimeAsFileTime
CreateEventW
SetEvent
CompareStringA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetEnvironmentVariableA
FindResourceA
lstrcmpiA
FindResourceExA
GetVersion
ExpandEnvironmentStringsW
GetSystemDirectoryA
LoadLibraryA
OutputDebugStringW
WaitForMultipleObjects
ResetEvent
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
IsValidCodePage
GetOEMCP
GetStdHandle
FatalAppExitA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
VirtualQuery
VirtualProtect
GetFileAttributesW
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileAttributesA
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
GetVersionExA
InterlockedExchange
InterlockedIncrement
GlobalLock
GlobalUnlock
GetSystemInfo
InterlockedDecrement
GetCurrentProcessId
DeleteCriticalSection
GetTickCount
CreateDirectoryA
WriteFile
CreateFileA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
SetThreadPriority
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
MultiByteToWideChar
Sleep
FreeLibrary
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
CompareStringW
FlushInstructionCache
GetCurrentProcess
lstrcpyW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
FlushFileBuffers
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoW
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
CreateMutexA
LocalFree
FormatMessageA
CreateSemaphoreA
GetCurrentThread

user32

CloseClipboard
MessageBoxW
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
DdeGetData
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeNameService
DispatchMessageW
TranslateMessage
GetMessageW
GetAsyncKeyState
ExitWindowsEx
BringWindowToTop
ScrollWindow
GetScrollRange
CharUpperA
PostMessageA
CharUpperW
CharLowerA
SetClipboardData
EmptyClipboard
GetMenuItemID
OpenClipboard
MessageBoxA
SetParent
ShowCursor
LoadImageW
SendMessageA
RegisterShellHookWindow
CheckMenuItem
CheckMenuRadioItem
GetDlgCtrlID
ValidateRect
GetMenuState
CreatePopupMenu
SendDlgItemMessageW
AppendMenuW
DrawIconEx
FlashWindow
EndMenu
GetCapture
AdjustWindowRectEx
GetMenu
IsZoomed
MapDialogRect
RemoveMenu
SetRect
GetWindowPlacement
SetWindowContextHelpId
SetMenu
SetWindowRgn
SetCursor
LoadIconW
IsCharAlphaW
GetMenuItemRect
IsCharAlphaNumericW
DrawIcon
CreateDialogParamW
TranslateAcceleratorW
PostQuitMessage
LoadStringW
wsprintfW
LoadStringA
GetComboBoxInfo
DeregisterShellHookWindow
GetMenuStringW
InvalidateRgn
PtInRect
SetMenuItemInfoW
DrawEdge
GetKeyState
IsChild
CreateAcceleratorTableW
SetScrollInfo
GetFocus
InvalidateRect
GetScrollInfo
LoadBitmapW
SetScrollPos
UpdateWindow
FrameRect
GetScrollPos
GetSysColorBrush
DestroyWindow
CharLowerW
UnhookWindowsHookEx
DestroyAcceleratorTable
GetMessagePos
InflateRect
WindowFromPoint
GetDesktopWindow
ClientToScreen
IsWindowEnabled
UnregisterClassA
SendMessageW
IsIconic
ShowWindow
IsWindowVisible
SetForegroundWindow
TrackPopupMenu
GetCursorPos
ModifyMenuW
GetSubMenu
OffsetRect
EndDialog
DrawTextW
CreateWindowExW
GetClientRect
CharNextW
PostMessageW
RedrawWindow
BeginPaint
TrackPopupMenuEx
EndPaint
RegisterWindowMessageW
CallWindowProcW
GetWindowThreadProcessId
GetActiveWindow
SetCapture
FillRect
ReleaseCapture
SetWindowsHookExW
GetMenuItemCount
IsMenu
DrawStateW
SetFocus
EnableMenuItem
DefWindowProcW
DestroyIcon
GetWindowDC
DestroyMenu
GetSystemMetrics
CallNextHookEx
IsDialogMessageW
GetMenuItemInfoW
LoadMenuW
PeekMessageW
CreateDialogIndirectParamW
SetRectEmpty
ScreenToClient
GetDCEx
EnableWindow
KillTimer
SetTimer
GetClassInfoExW
ReleaseDC
DialogBoxParamW
GetDC
GetDlgItem
MapWindowPoints
GetWindowRect
DrawFrameControl
SystemParametersInfoW
GetWindow
IsWindow
GetParent
SetWindowTextW
SetWindowLongW
LoadCursorW
SetWindowPos
GetWindowTextW
GetWindowLongW
GetWindowTextLengthW
GetClassNameW
MoveWindow
FindWindowW
GetSysColor
CopyRect
RegisterClassExW
DrawFocusRect

gdi32

CreateRectRgn
SetBrushOrgEx
GetTextMetricsW
PatBlt
RoundRect
ExcludeClipRect
SetBkMode
CreateSolidBrush
GetDeviceCaps
CreateRoundRectRgn
SetBkColor
ExtTextOutW
CreateBitmap
CreateCompatibleBitmap
DPtoLP
Polygon
CreatePatternBrush
CreateCompatibleDC
BitBlt
LineTo
MoveToEx
Ellipse
Rectangle
GetTextColor
GetPixel
CreateDIBSection
CreateFontW
GetStockObject
DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
CombineRgn
SelectObject
CreatePen
GetTextExtentPoint32W
TextOutW
SetTextColor
OffsetRgn

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

shell32

SHFileOperationW
SHChangeNotify
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
Shell_NotifyIconW

ole32

OleLockRunning
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
CLSIDFromProgID
StringFromGUID2
CoUninitialize
OleInitialize
StgOpenStorageEx
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
VariantChangeType
SetErrorInfo
SysStringByteLen
VarUI4FromStr
VarDateFromStr
DispCallFunc
LoadTypeLi
SysAllocString
SysFreeString
VariantClear
VariantInit
SysAllocStringLen
OleCreateFontIndirect
CreateErrorInfo
SysStringLen
LoadRegTypeLi

comctl32

ImageList_GetImageInfo
ImageList_DrawEx
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
ImageList_GetIcon
ImageList_GetIconSize
InitCommonControlsEx
ImageList_LoadImageW
_TrackMouseEvent
CreateStatusWindowW
ImageList_Create
ImageList_AddMasked

msimg32

GradientFill
TransparentBlt

iphlpapi

GetBestRoute
GetIfTable
GetIpAddrTable
GetBestInterface

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

dbghelp

MiniDumpWriteDump

Exports

Exports

??$void_cast_register@$$CBVtaskpersist_065_1@@$$CBVfilespersist@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVtaskpersist_065_1@@PBVfilespersist@@@Z
??$void_cast_register@$$CBVtaskpersist_120@@$$CBVfilespersist@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVtaskpersist_120@@PBVfilespersist@@@Z
??$void_cast_register@$$CBVtaskpersist_120_1@@$$CBVfilespersist@@@serialization@boost@@YAABVvoid_caster@void_cast_detail@01@PBVtaskpersist_120_1@@PBVfilespersist@@@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@VCFpTaskFactory@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vfilepersist@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vfilespersist@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_061@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_065_1@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_120@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtaskpersist_120_1@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@V?$list@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@VCFpTaskFactory@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vfilepersist@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vfilespersist@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_061@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_065_1@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_120@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vxml_woarchive@archive@boost@@Vtaskpersist_120_1@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FunshionPlugin.dll
.dll windows:4 windows x86 arch:x86

f1595673c9e0653393f03995b0632ab0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build1.2.2\symbols\FunshionPlugin.pdb

Imports

dsound

ord1

dbghelp

MiniDumpWriteDump

ddraw

DirectDrawCreateEx

kernel32

GetVolumeInformationA
DebugBreak
GetFullPathNameA
CreateFileA
GetTempFileNameA
GetTempPathA
IsDBCSLeadByteEx
LocalFree
LocalAlloc
GetModuleHandleW
DeviceIoControl
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
VirtualAlloc
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
lstrcmpW
CreateSemaphoreA
GetCurrentThread
SetThreadPriority
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
VirtualProtect
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
InterlockedIncrement
GetVersionExA
GetDriveTypeA
FindFirstFileA
FindClose
GetLocaleInfoA
GetPrivateProfileIntA
CreateEventA
GetUserDefaultLCID
GetTickCount
TerminateThread
InterlockedDecrement
SetUnhandledExceptionFilter
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
GetStringTypeExA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
Sleep
WideCharToMultiByte
InterlockedExchange
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
MulDiv
CreateThread
GetLastError
WaitForMultipleObjects
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindNextFileA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
HeapCreate
HeapDestroy
GetStdHandle
HeapSize
GetFileType
SetStdHandle
ExitThread
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetSystemTimeAsFileTime
VirtualQuery
RaiseException
HeapAlloc
HeapFree
RtlUnwind
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
DeleteFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
ResumeThread
SuspendThread
GetCurrentDirectoryA
EnumResourceLanguagesA
ConvertDefaultLocale

user32

GetMenuItemID
GetMenuStringA
GetMenuState
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenu
SetForegroundWindow
GetKeyState
InsertMenuA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetMenuItemCount
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
WinHelpA
LoadIconA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
ValidateRect
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
GetWindowThreadProcessId
DeleteMenu
SetCursor
UnregisterClassA
GetSysColorBrush
DestroyMenu
GetSubMenu
PostMessageA
IsWindowVisible
MapWindowPoints
GetClientRect
GetWindow
SetRect
CopyRect
IsRectEmpty
MonitorFromWindow
GetWindowRect
SetRectEmpty
EqualRect
CharUpperA
SendMessageA
OffsetRect
UnionRect
FillRect
PostThreadMessageA
IsWindow
LoadCursorA
InflateRect
CharLowerBuffA
MessageBoxA
GetDC
ReleaseDC
IntersectRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
CreateAcceleratorTableA
DestroyAcceleratorTable
EnableWindow
PostQuitMessage

gdi32

CreateBitmap
SaveDC
RestoreDC
ExtTextOutA
GetClipBox
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
AddFontResourceA
GetDeviceCaps
TranslateCharsetInfo
TextOutW
GetTextExtentPoint32W
SelectObject
GetTextMetricsA
DeleteDC
CreateCompatibleDC
SetBkMode
SetMapMode
CreateFontIndirectA
GetStockObject
SetBkColor
SetTextColor
TextOutA
CreateRectRgn
GetRegionData
DeleteObject
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx

advapi32

RegCloseKey
GetUserNameA
RegDeleteValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteW

ole32

CoLoadLibrary
CoFreeLibrary
GetRunningObjectTable
CreateItemMoniker
CoFreeUnusedLibraries
CreateBindCtx
MkParseDisplayName
CLSIDFromString
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData

shlwapi

PathFileExistsA
PathFindExtensionA
PathAddBackslashA
PathRemoveFileSpecA
PathCanonicalizeA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindFileNameA

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetReadFile
InternetSetFilePointer
InternetSetStatusCallback
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetQueryDataAvailable
InternetOpenUrlA
InternetWriteFile
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

Exports

Exports

FilterDllMsg
FunPlayerPluginExports
ProcessDllIdle

Sections

.text
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GetMACAddress.dll
.dll windows:4 windows x86 arch:x86

1f750a74fa3d3f190c6e6bdbf4c014ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord4486
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord6375
ord2976
ord4274
ord1578
ord600
ord826
ord269
ord1116

msvcrt

_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
memchr
_initterm
free
malloc
__dllonexit
__CxxFrameHandler
sprintf
toupper

kernel32

LocalFree
LocalAlloc

iphlpapi

GetIfTable

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

Exports

Exports

GetMACAddress

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LangResEnAmerican.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build1.2.2\symbols\LangResEnAmerican.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/ad_bg.jpg
.jpg
Res/bak.jpg
.jpg
Res/bg.jpg
.jpg
Res/error.html
Res/images/fun.gif
.gif
Res/images/linedown.gif
.gif
RouterSetting.dll
.dll windows:4 windows x86 arch:x86

4555624b00811e3469c4c9e029619607

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build1.2.2\symbols\RouterSetting.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetTickCount
GetModuleFileNameA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
Sleep
SetEndOfFile
CreateFileW
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
CloseHandle
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

shlwapi

PathFileExistsA

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetQueryOptionW

user32

UnregisterClassA

Exports

Exports

AutoSettingRouter

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
WMVCORE.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

93ffa084929ccbb3d7c99014a7547237

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

db:33:48:2d:fc:64:c7:90:0d:20:c2:dc:94:1c:df:e1:32:24:c8:62
Signer

Actual PE Digest

db:33:48:2d:fc:64:c7:90:0d:20:c2:dc:94:1c:df:e1:32:24:c8:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\dnsrv.binaries.x86fre\symbols.pri\retail\DLL\WMVCORE.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
TraceEvent

gdi32

GetSystemPaletteEntries

kernel32

SetFilePointerEx
GetFileSizeEx
DuplicateHandle
SleepEx
OpenProcess
GetExitCodeProcess
GetSystemDirectoryA
lstrcpynW
CompareStringW
GetTempPathW
GetVersion
GetSystemInfo
CreateEventA
HeapSize
RaiseException
LocalFree
LocalAlloc
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
SetFileAttributesW
CreateFileW
WriteFile
CloseHandle
FreeResource
GetLocalTime
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
lstrlenW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetVersionExA
GetModuleHandleA
LoadLibraryA
HeapReAlloc
SetLastError
CreateThread
GetExitCodeThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateSemaphoreA
SetEndOfFile
GetFileTime
FileTimeToSystemTime
IsBadStringPtrW
IsBadWritePtr
GetLocaleInfoW
FindAtomW
GetModuleFileNameW
GetUserDefaultLCID
GetSystemDefaultLangID
GetVersionExW
GlobalAlloc
GlobalLock
GetProcAddress
LoadLibraryW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MulDiv
InterlockedCompareExchange
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
InterlockedDecrement
ReadFile
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetEvent
SystemTimeToFileTime
GetSystemTime
WaitForSingleObject
GetFileSize
ReleaseSemaphore
CreateSemaphoreW
MultiByteToWideChar
IsBadReadPtr
SetFilePointer
WideCharToMultiByte
GetDiskFreeSpaceExW
lstrlenA
CompareFileTime
DeleteFileW
Sleep
FreeLibrary
CreateEventW
InterlockedExchange
GetVolumeInformationW
GetComputerNameW
SetThreadAffinityMask
WaitForMultipleObjects
ResetEvent
DisableThreadLibraryCalls
ExitProcess
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
VirtualProtect
InitializeCriticalSectionAndSpinCount

msvcrt

wcsncat
iswspace
_vsnwprintf
_vsnprintf
swscanf
wcstoul
setlocale
_wtoi
_snwprintf
swprintf
wcstol
_ultow
_wtol
__CxxFrameHandler
_ultoa
strncmp
sscanf
isspace
strstr
_stricmp
iswdigit
isalnum
_except_handler3
free
strcpy
realloc
abs
_waccess
_wcsupr
_ui64toa
isdigit
strchr
time
_strcmpi
_itoa
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
malloc
calloc
memset
wcsncpy
strcspn
strspn
abort
exit
fprintf
_iob
getenv
ceil
toupper
isxdigit
iswcntrl
iswascii
wcsspn
wcscspn
_ltoa
isalpha
wcsftime
gmtime
wcstok
strcmp
perror
floor
printf
_CIpow
_snprintf
_strnicmp
wcsrchr
wcschr
wcspbrk
wcsncmp
_wcsicmp
_set_error_mode
_purecall
wcscmp
wcscpy
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
wcscat
memcmp
memcpy
rand
strlen
srand
_beginthreadex
memmove
_wcslwr
longjmp
_setjmp3
sprintf
strncpy
strpbrk
memchr
wcstombs
wcsstr
_itow
towupper
iswprint
_errno
strtoul

ole32

CLSIDFromString
CoGetTreatAsClass
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
VariantTimeToSystemTime
SysStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

user32

GetDesktopWindow
GetDC
ReleaseDC
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
PostThreadMessageW

wmasf

ord5
ord17
ord8
ord6
ord10
ASFTimeToPresTime
ASFTimeToSendTime
ASFSendTimeToTime
ASFPresTimeToTime
ord18
ASFCreateStreamSelector
ASFGetTimeBase
ASFSetDataUnitInfo
ord24
ord11
ord7
ord9

Exports

Exports

DllRegisterServer
WMCheckURLExtension
WMCheckURLScheme
WMCreateBackupRestorer
WMCreateBackupRestorerPrivate
WMCreateEditor
WMCreateIndexer
WMCreateLicenseRevocationAgentPrivate
WMCreateProfileManager
WMCreateReader
WMCreateReaderPriv
WMCreateSyncReader
WMCreateSyncReaderPriv
WMCreateWriter
WMCreateWriterFileSink
WMCreateWriterNetworkSink
WMCreateWriterPriv
WMCreateWriterPushSink
WMIsAvailableOffline
WMIsContentProtected
WMValidateData

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XPSP2Patch/EvID4226Patch.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

EvID
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EvID
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EvID
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XPSP2Patch/SysOptimize.exe
.exe windows:4 windows x86 arch:x86

ba77bafdf10bddaf7c79c08bd88368f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ProjectNew\Fun Player\Rel1.2.2\xpsp2_crack\std_crack\Release\SysOptimize.pdb

Imports

kernel32

MultiByteToWideChar
lstrlenW
InitializeCriticalSection
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
WriteFile
FatalAppExitA
HeapCreate
HeapDestroy
ExitProcess
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlUnwind
IsDebuggerPresent
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
SetLastError
RaiseException
DeleteCriticalSection
FindFirstFileA
lstrcpyA
GetLastError
ReadFile
CloseHandle
SetThreadPriority
TerminateThread
GetCurrentThreadId
GetThreadLocale
GetStringTypeExA
lstrlenA
OutputDebugStringA
DebugBreak
InterlockedDecrement
GetCurrentProcess
CreatePipe
GetModuleFileNameA
CreateProcessA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
Sleep
FreeEnvironmentStringsW
GetVersionExA
InterlockedCompareExchange
HeapFree

user32

DispatchMessageA
TranslateMessage
GetMessageA
wvsprintfA
FindWindowA
CharNextA
SendMessageA
EndPaint
BeginPaint
SetWindowLongA
CreateDialogParamA
GetDC
ReleaseDC
LoadBitmapA
EndDialog
DialogBoxParamA
GetWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
MapWindowPoints
SetWindowPos
IsWindow
IsDialogMessageA
GetParent
KillTimer
SetTimer
FillRect
GetClientRect
DestroyWindow
DefWindowProcA
SetRect
SetWindowTextA
GetSysColorBrush
ExitWindowsEx
LoadStringA
RegisterWindowMessageA
RegisterShellHookWindow
GetActiveWindow
GetSystemMetrics
LoadImageA
PostQuitMessage
GetWindowTextA
GetDlgItem
DeregisterShellHookWindow
ShowWindow
PeekMessageA
UnregisterClassA

gdi32

CreateFontIndirectA
DeleteDC
CreatePatternBrush
DeleteObject
GetDeviceCaps
DPtoLP
GetObjectA
SelectObject
SetBrushOrgEx
GetStockObject
SetBkMode

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XPSP2Patch/funshion010.exe
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dbghelp.dll
.dll windows:5 windows x86 arch:x86

bfdf63b29852e4529780d92b76de1d65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_adjust_fdiv
__dllonexit
_initterm
_except_handler3
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
wcscmp
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_onexit
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
_strnicmp
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
lstrcmpW
SuspendThread
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetCurrentThreadId
GetThreadSelectorEntry
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhtnodes.dat
wmasf.dll
.dll windows:5 windows x86 arch:x86

f5ff989df3991d98134d8365e6abd655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMASF.pdb

Imports

kernel32

DisableThreadLibraryCalls
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
CloseHandle
GetLastError
WriteFile
FlushFileBuffers
WideCharToMultiByte
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
MulDiv
InitializeCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter

msvcrt

_purecall
malloc
_adjust_fdiv
_initterm
free
_wcsicmp
wcscmp
wcscpy
wcslen
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z

ole32

CoCreateGuid

Exports

Exports

ASFAddPresDelta
ASFAddSendDelta
ASFCalculatePresDelta
ASFCreateBitrateTracker
ASFCreateIOMonitor
ASFCreateIndexMaker
ASFCreateIndexMakerFileSink
ASFCreateLibrary
ASFCreateMediaObjectIndexMaker
ASFCreateStreamSelector
ASFFindHeaderObject
ASFFindRootObject
ASFFindStreamPropertiesObject
ASFGUIDFromCodecID
ASFGUIDToCodecID
ASFGetDataUnitInfo
ASFGetHeaderObject
ASFGetRootObject
ASFGetStreamPropertiesObject
ASFGetTimeBase
ASFPresDeltaTimeToTime
ASFPresDeltaToFull
ASFPresFullToDelta
ASFPresTimeToSendTime
ASFPresTimeToTime
ASFReadHeaderFromFile
ASFReadHeaderFromFileHandle
ASFSendTimeToPresTime
ASFSendTimeToTime
ASFSetDataUnitInfo
ASFTimeToPresDeltaTime
ASFTimeToPresTime
ASFTimeToSendTime
ASFWriteHeaderToFile
CreateAsfCellPoolAllocator

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

237a51742fed62d237b6f1b75452402f

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

59:f8:8e:1a:c8:d0:a0:bc:ea:68:09:9a:04:06:b6:dbCertificate

Extended Key Usages

87:14:d4:87:9f:fe:0d:2a:7b:ab:fb:a7:82:ec:8e:83:3c:95:64:3fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 290KB

.ndata Size: - Virtual size: 624KB

.rsrc Size: 30KB - Virtual size: 32KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

2db813254ea8b4d2a92d703ecb659f39

Headers

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

59:f8:8e:1a:c8:d0:a0:bc:ea:68:09:9a:04:06:b6:db
Certificate

87:14:d4:87:9f:fe:0d:2a:7b:ab:fb:a7:82:ec:8e:83:3c:95:64:3f
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 290KB

.ndata
Size: - Virtual size: 624KB

.rsrc
Size: 30KB - Virtual size: 32KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 22KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B