1b529242eaf452910fc6ca3fab500617_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b529242eaf452910fc6ca3fab500617_JaffaCakes118
Size

3.5MB
MD5

1b529242eaf452910fc6ca3fab500617
SHA1

e2de0d479d783e52cab6f4e2dbf76a8c27d513a3
SHA256

b87e1701d7d1729eb5fef9d03c7afa1444e65830b17337e6b1d48ad1967f2617
SHA512

16fda0a8878bf52b77acbe3dfd26e35b6bfe77a9f0b237ecb9eb462d0b05d97ee748f087f2b405b5a9ec6d7dac448d261d4b0e0cb224785128f24f6181ca1b40
SSDEEP

98304:hnbppZ0xZVK3CdF3Cu3gbkRzvUZV0WKHZxf4U2o:Zbpj0DE3WKwzvU0lGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MtvP2P_Setup.exe
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/MP2PLoader.exe
unpack002/MtvP2P.exe
unpack002/config/countryflag.dll
unpack002/lang/zh_CN.dll
unpack002/lang/zh_TW.dll
unpack002/modules/IE2EM.dll
unpack002/resource.dll
unpack002/uninst.exe
unpack003/$PLUGINSDIR/LangDLL.dll
unpack002/updater.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/MtvP2P_Setup.exe	nsis_installer_1
static1/unpack001/MtvP2P_Setup.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

1b529242eaf452910fc6ca3fab500617_JaffaCakes118
.rar
MtvP2P_Setup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

0a9b1c71fa1d8a5ac827b3902e1e432c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

DeleteObject
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
CombineRgn

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Splash_setup.bmp
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bgm_setup.mid
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
IE2EM.htm
.html .js polyglot
MP2PLoader.exe
.exe windows:5 windows x86 arch:x86

8bbfc8ef606b228d2928ef80dbdf9076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Backup\我的文档\Visual Studio 2008\Projects\easyMule115\src\release\MP2PLoader.pdb

Imports

kernel32

CreateThread
GetModuleHandleW
Sleep
CloseHandle
ReleaseMutex
WaitForSingleObject
OpenMutexW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetModuleFileNameW
GetPrivateProfileIntW
GetLastError
CreateMutexW
CreateFileMappingW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapFree
HeapAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte

user32

SendMessageW
RegisterWindowMessageW
PostMessageW
DefWindowProcW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
RegisterClassExW

shell32

ShellExecuteW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MtvP2P.exe
.exe windows:5 windows x86 arch:x86

0b368130d2f04cfa6b4ca12dcb0af5d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Backup\我的文档\Visual Studio 2008\Projects\easyMule116\src\release\emule.pdb

Imports

kernel32

GetModuleHandleA
CompareStringA
ReleaseMutex
MulDiv
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetThreadPriority
GetCurrentProcessId
ExitProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
LCMapStringA
GetStringTypeA
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetModuleFileNameA
GetStdHandle
HeapSize
CreateThread
ExitThread
SetStdHandle
RtlUnwind
GetDateFormatA
GetTimeFormatA
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
PeekNamedPipe
GetFileInformationByHandle
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentThread
TryEnterCriticalSection
IsBadWritePtr
WriteFile
WaitForMultipleObjects
ResetEvent
IsBadReadPtr
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
OpenThread
GetVersion
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
Beep
DeviceIoControl
TerminateThread
GetDriveTypeA
GetTimeZoneInformation
FindClose
LocalFree
GetCurrentProcess
lstrlenA
SetEvent
SetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDefaultLCID
SetThreadLocale
GetThreadLocale
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetConsoleCtrlHandler
FreeResource
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
ReadFile
SetFilePointer
GetFileSize
FreeLibrary
GetCurrentThreadId
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
GlobalFlags
SetErrorMode
VirtualProtect
TlsFree
LocalReAlloc
TlsSetValue
SetEndOfFile
CreateFileA
EnterCriticalSection
CloseHandle
WaitForSingleObject
Sleep
ResumeThread
GetTickCount
LoadResource
LockResource
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
DuplicateHandle
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
lstrcmpA
LocalAlloc
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
GetFullPathNameA
GetTempPathA
DeleteFileA
GetFileAttributesA
AreFileApisANSI
GetVersionExA
LockFileEx
LockFile
UnlockFile
FlushFileBuffers
GlobalSize
SizeofResource

advapi32

CryptAcquireContextA
CryptGenRandom
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptReleaseContext

user32

DestroyWindow
MessageBoxA
GetDlgItem
GetDesktopWindow
GetSysColor
GetClientRect
CreatePopupMenu
IsWindowEnabled
GetKeyState
InvalidateRect
UpdateWindow
FrameRect
GetIconInfo
CreateIconIndirect
ScreenToClient
CopyRect
PtInRect
GetParent
RedrawWindow
DrawFrameControl
OffsetRect
DrawFocusRect
InflateRect
DrawEdge
SetCapture
GetCapture
GetMessagePos
SetRect
ReleaseCapture
GetWindow
GetFocus
FillRect
EqualRect
GetCursorPos
SetClipboardData
MapWindowPoints
GetAsyncKeyState
SetCursor
GetSysColorBrush
GetNextDlgGroupItem
DeleteMenu
InvalidateRgn
UnpackDDElParam
ReuseDDElParam
DestroyMenu
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenu
SetMenu
ShowWindow
IsIconic
SetFocus
SetActiveWindow
SetForegroundWindow
SetWindowPos
GetClassNameA
ReleaseDC
GetDC
GetWindowRect
ClientToScreen
IsWindowVisible
ExitWindowsEx
SetTimer
KillTimer
IsWindow
UnhookWindowsHookEx
CallNextHookEx
DestroyIcon
CloseClipboard
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetScrollInfo
EmptyClipboard
OpenClipboard
GetSystemMetrics
GetWindowDC
IsChild
ChildWindowFromPointEx
SubtractRect
MoveWindow
SetParent
IntersectRect
GetWindowPlacement
TrackMouseEvent
GetDlgCtrlID
CheckMenuItem
SetWindowRgn
TranslateMessage
ShowCursor
WindowFromPoint
CheckMenuRadioItem
SetMenuDefaultItem
SetRectEmpty
GetActiveWindow
SetWindowTextA
SetDlgItemTextA
GetWindowTextA
UnregisterHotKey
ScrollDC
DrawIconEx
SetWindowPlacement
WindowFromDC
IsRectEmpty
CopyIcon
ShowScrollBar
DestroyCursor
GetCaretPos
AdjustWindowRectEx
EnumChildWindows
GetMenuItemID
EnableMenuItem
RemoveMenu
GetSubMenu
GetMenuItemCount
CreateMenu
MessageBeep
FlashWindow
DrawIcon
BringWindowToTop
GetSystemMenu
RegisterHotKey
GetScrollInfo
GetWindowRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsMenu
IsZoomed
GetMenuState
GetLastActivePopup
GetWindowThreadProcessId
ValidateRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
BeginPaint
EndPaint
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
EndDialog
GetNextDlgTabItem
ShowOwnedPopups
SystemParametersInfoA
GetMenu
GetForegroundWindow

gdi32

SetTextColor
SetBkMode
SetBkColor
CombineRgn
Escape
RectVisible
PtVisible
CreateRectRgn
GetViewportOrgEx
GetWindowOrgEx
GetBkColor
GetViewportExtEx
GetWindowExtEx
GetMapMode
SetBitmapBits
GetBitmapBits
CreateDIBSection
GetCurrentObject
CreateRectRgnIndirect
CreatePen
RealizePalette
Rectangle
CreatePalette
CreateSolidBrush
Polygon
DeleteDC
DeleteObject
SetPixel
GetPixel
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DPtoLP
GetDeviceCaps
CreateBrushIndirect
CreateBitmap
GetStockObject
GetTextColor
MoveToEx
LineTo
GetBitmapDimensionEx
SetBitmapDimensionEx
CreateDIBitmap
GetDIBits
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
StretchDIBits
SetBoundsRect
SetPixelV
SetTextAlign
SetRectRgn
OffsetRgn
GetRgnBox
Ellipse
LPtoDP
CreateEllipticRgn
SelectPalette
CreatePatternBrush
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreatePolygonRgn
FillRgn

shell32

DragFinish
SHAppBarMessage
SHCreateDirectoryExW
SHGetMalloc

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

msimg32

GradientFill

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy
CreatePropertySheetPageW
DestroyPropertySheetPage
_TrackMouseEvent
ImageList_Draw
ord17

shlwapi

PathFileExistsW
PathMatchSpecW
PathRenameExtensionW
StrStrIW
PathIsRelativeW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathCanonicalizeW
PathStripToRootW
PathAddBackslashW
PathStripPathW
PathGetArgsW
StrStrIA
PathCombineW
PathIsUNCW
StrCmpW
UrlUnescapeW
PathRemoveBackslashW

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CreateStreamOnHGlobal
CoTaskMemFree
ReleaseStgMedium
StgOpenStorage
CoTaskMemAlloc
CoInitialize
StringFromCLSID
OleDuplicateData
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VariantInit
VariantClear
VarBstrCmp
SysAllocStringLen
SysStringLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString
OleLoadPicture
SysStringByteLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
DispCallFunc
LoadRegTypeLi

urlmon

IsValidURL
FindMimeFromData
CoInternetGetSession

wsock32

select
WSAStartup

iphlpapi

GetAdaptersInfo

wininet

InternetCrackUrlW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetErrorDlg
InternetGetCookieW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetGetLastResponseInfoW

winspool.drv

ClosePrinter

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 832KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Splashbg.png
.png
config/Default.htm
.html
config/addresses.dat
config/countryflag.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\eMule_VC\src\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/ip-to-country.csv
config/ipfilter.dat
config/nodes.dat
config/preferences.ini
config/safelist.dat
config/server.met
config/staticservers.dat
config/webservices.dat
config/wordfilter.txt
lang/zh_CN.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lang/zh_TW.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
modules/IE2EM.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0c86eed1bbcb54484399703bf6075a9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Backup\我的文档\Visual Studio 2008\Projects\easyMule115\src\Release\modules\IE2EM.pdb

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
SetThreadLocale
EnterCriticalSection
LoadLibraryExW
GetProcAddress
WideCharToMultiByte
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetProcessHeap
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
lstrlenW
LeaveCriticalSection
FreeLibrary
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCurrentProcessId
GetTickCount
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleHandleA

user32

MessageBoxW
CharNextW
GetKeyState

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

LoadRegTypeLi
VarBstrCat
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
SysFreeString
VarBstrCmp
VarUI4FromStr

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/antiLeech.dll
.dll windows:5 windows x86 arch:x86

3b38ee4cd60f69296d9c6f13016014ce

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:40:06:18:7c:77:9e:d5:e4:87:7b:65:8c:1f:60:ff
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

31/07/2008, 00:00

Not After

31/07/2011, 23:59

Subject

CN=Shanghai Source Networking Technology Co.\, Ltd,OU=WoSign Class 3 Code Signing,O=上海少思网络科技有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:52:ec:61:84:75:fa:b7:87:3b:ef:74:6a:3a:f9:9f:5b:bf:26:47
Signer

Actual PE Digest

b1:52:ec:61:84:75:fa:b7:87:3b:ef:74:6a:3a:f9:9f:5b:bf:26:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\emule_vc\emule\trunk\DLP\Release\antiLeech.pdb

Imports

kernel32

MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
lstrlenA
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateThread
GetTickCount
SetThreadPriority
GetExitCodeThread
Sleep
HeapReAlloc
TerminateThread
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

MessageBoxW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

shlwapi

StrStrIW
StrCmpIW
StrStrW
StrCmpW
StrStrIA

ws2_32

recv
send
ioctlsocket
connect
htons
closesocket
gethostbyname
socket
WSAStartup

Exports

Exports

DLPCheckHelloTag
DLPCheckInfoTag
DLPCheckMessageSpam
DLPCheckModstring
DLPCheckModstring_Hard
DLPCheckModstring_Soft
DLPCheckNameAndHash
DLPCheckNameAndHashAndMod
DLPCheckUserhash
DLPCheckUsername
DLPCheckUsername_Hard
DLPCheckUsername_Soft
GetDLPVersion
TestFunc

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme_cn.txt
readme_cn_big5.txt
readme_en.txt
resource.dll
.dll windows:4 windows x86 arch:x86

93c0255f410b8759acd8326f7dc8f996

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Administrator\My Documents\Visual Studio Projects\resource\Debug\resource.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetLastError
GetCurrentThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
UnhandledExceptionFilter
RtlUnwind
WriteFile
DebugBreak
RaiseException
LoadLibraryA
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
VirtualQuery
InterlockedExchange
GetProcessHeap
CloseHandle
FreeLibrary
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
SetFilePointer
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
updater.exe
.exe windows:5 windows x86 arch:x86

a9e02be66e57220f7585a028144229ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Backup\我的文档\Visual Studio 2008\Projects\easyMule115\src\release\updater.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GlobalFindAtomW
GlobalFlags
WritePrivateProfileStringW
GetModuleHandleA
SetErrorMode
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
CreateThread
Sleep
ExitProcess
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
LoadLibraryA
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
VirtualAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
GetVersionExA
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileTime
GetFileSizeEx
GetFileAttributesW
CreateFileW
FindFirstFileW
FindClose
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
CompareStringW
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GetModuleHandleW
GetProcAddress
CreateEventW
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
GetExitCodeThread
WaitForSingleObject
GetLastError
CreateMutexW
GetVersionExW
MapViewOfFile
OpenFileMappingW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultLangID
GetModuleFileNameW
VirtualFree

user32

UnregisterClassW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
CharUpperW
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
PostMessageW
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MessageBoxW
PostThreadMessageW
CreateWindowExW

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathFileExistsW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW

oleaut32

VariantClear
VariantInit
VariantChangeType

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetSetOptionExW
InternetQueryDataAvailable

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 92KB - Virtual size: 92KB

0a9b1c71fa1d8a5ac827b3902e1e432c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 432B

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 92KB - Virtual size: 92KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 432B

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 832KB - Virtual size: 831KB

.data
Size: 112KB - Virtual size: 2.3MB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 4KB - Virtual size: 90B

.rsrc
Size: 256KB - Virtual size: 253KB

.reloc
Size: 4KB - Virtual size: 8B