1be4de8bb10db96157c45d1c08a64933_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1be4de8bb10db96157c45d1c08a64933_JaffaCakes118
Size

601KB
MD5

1be4de8bb10db96157c45d1c08a64933
SHA1

14bc9f5f7a30a72a0c121919cb95cc0db638d474
SHA256

afa9e76d791956989c59d07d1dfaae53dab6b0e99ca93ef36007b0e8b555d14f
SHA512

ff2867b16779cbc7ad76a950a7ead28f330cf5f5e9424dc3a20d926b90350d8fb0ba1f85c46b69f7e3b533bfc5baca05d916c2b7141679d9560adf61543e559d
SSDEEP

12288:7yS7iCQ8hi56HqdWMP7PbuJBCduwPM6jQhdCaqbftSSrRgtW4581qD37ru:3H7Y6H/KEQuwP1mdTkOt581UO

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/arpfw.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack002/arpfw.exe
unpack002/arpfwdll.dll
unpack002/arpfwsvc.exe
unpack002/driver/enumdrv.exe
unpack002/driver/infclean.exe
unpack002/driver/install.dll
unpack002/driver/installapp.exe
unpack002/driver/sfilter.dll
unpack002/driver/snetcfg.exe
unpack002/driver/ssfilter.sys
unpack002/pvt.dll
unpack002/ssnet.dll
unpack002/winfw.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/arpfw.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_1

Files

1be4de8bb10db96157c45d1c08a64933_JaffaCakes118
.rar
arpfw.exe
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Uninstall.exe
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
arpfw.exe
.exe windows:4 windows x86 arch:x86

bff3571c7c673feea43df03c1dcaf2bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
CompareStringW
SetEnvironmentVariableA
LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetProfileStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
HeapSize
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
HeapFree
TerminateProcess
ExitProcess
RtlUnwind
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GlobalFlags
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcpyA
MultiByteToWideChar
InterlockedDecrement
WideCharToMultiByte
InterlockedIncrement
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GlobalUnlock
MulDiv
GetModuleHandleA
SetLastError
FindResourceA
LoadResource
LockResource
GlobalFree
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GlobalLock
GlobalAlloc
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateDirectoryA
FormatMessageA
GetComputerNameA
GetLastError
CompareStringA
WritePrivateProfileStringA
DeleteFileA
FreeLibrary
LoadLibraryA
GetProcAddress
GlobalDeleteAtom
GlobalAddAtomA
TerminateThread
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetTickCount
Sleep

user32

RegisterClipboardFormatA
LoadStringA
GetSysColorBrush
GetClassNameA
GetWindowThreadProcessId
ReleaseCapture
SetCapture
LoadCursorA
DestroyMenu
CharUpperA
CharNextA
wvsprintfA
ShowWindow
MoveWindow
SetWindowTextA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetScrollPos
SetScrollPos
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
SetRectEmpty
GetMessagePos
GetForegroundWindow
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
SetFocus
SetRect
CopyAcceleratorTableA
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
InvalidateRect
DestroyWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
MapDialogRect
SetWindowContextHelpId
IsDialogMessageA
MessageBeep
IsWindow
IsChild
GetNextDlgGroupItem
GetWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
PostThreadMessageA
DestroyIcon
GetTopWindow
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
LoadMenuA
GetSubMenu
TrackPopupMenu
GetCursorPos
PtInRect
CopyRect
InflateRect
OffsetRect
GetSysColor
EnableWindow
GetDoubleClickTime
DrawFocusRect
IntersectRect
GetWindowRect
LoadBitmapA
SetForegroundWindow
SetWindowPos
UnregisterHotKey
RegisterHotKey
KillTimer
GetDesktopWindow
PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
FindWindowA
LoadImageA
LoadIconA
SetTimer
RegisterWindowMessageA
SetMenuDefaultItem
EnumChildWindows
SetParent
DrawAnimatedRects
RedrawWindow
GetIconInfo
DrawEdge
SendMessageTimeoutA
DrawIconEx
IsRectEmpty
SetWindowLongW
GetWindowLongW
IsWindowUnicode
EnumWindows
EnableScrollBar
CallWindowProcW
DefWindowProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefMDIChildProcA
DefMDIChildProcW
RegisterClassW
FillRect
DrawFrameControl
DrawStateA
SetClassLongA
SetWindowRgn
GetSystemMenu

gdi32

GetTextExtentPoint32A
GetBkColor
GetTextColor
CreateFontIndirectA
CombineRgn
GetMapMode
GetObjectA
LPtoDP
DPtoLP
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
CreateSolidBrush
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
GetObjectType
CreateRectRgn
DeleteObject
GetTextExtentPointA
GetDIBits
CreateDIBitmap
CreatePalette
Polygon
SetBrushOrgEx
BitBlt
StretchBlt
CreateDIBSection
OffsetRgn
CreateCompatibleDC
CreateCompatibleBitmap
GetPixel
GetTextCharsetInfo
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkColor
SetBkMode
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyA
CloseServiceHandle
OpenSCManagerA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
StartServiceA
ControlService
RegDeleteValueA
RegCreateKeyExA
DeleteService
CreateServiceA
ChangeServiceConfigA

shell32

Shell_NotifyIconA
SHAppBarMessage

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_Add
ord17
FlatSB_GetScrollProp
ImageList_GetIcon
_TrackMouseEvent
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoDisconnectObject

olepro32

ord253

oleaut32

VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysStringLen
LoadTypeLi

urlmon

URLDownloadToFileA

shlwapi

StrTrimA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
arpfwdll.dll
.dll windows:4 windows x86 arch:x86

b2e50cc60a521158b3ea2d099cbea42b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

DllClassEntry

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
arpfwsvc.exe
.exe windows:4 windows x86 arch:x86

ba0fcdb0a5dcc998dc922394d0d87a9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
htons

iphlpapi

GetAdaptersInfo
SendARP
FlushIpNetTable
GetUdpTable
NotifyAddrChange

winfw

WinFw_Open
WinFw_EnumAdapterList
WinFw_SetFlag
WinFw_SendPacket
WinFw_StopCapture
WinFw_Close
WinFw_StartCapture

kernel32

lstrcatA
GetCurrentThreadId
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileSize
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetVersion
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
lstrcmpiA
GetFullPathNameA
InitializeCriticalSection
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
SetCurrentDirectoryA
CreateThread
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
DeleteFileA
GetPrivateProfileIntA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapSize

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GrayStringA
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
LoadStringA
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
GetCapture
CheckMenuItem
GetKeyState
GetWindowPlacement

gdi32

GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

OpenServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
CreateServiceA
StartServiceCtrlDispatcherA

comctl32

ord17

pvt

PVTRegHandler
PVTRegL2Handler
PVTInit
PVTMode
PVTHandlePkt

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/enumdrv.exe
.exe windows:4 windows x86 arch:x86

808f4bd793299999125f790fba11f4d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
HeapAlloc
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
RtlUnwind
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
DuplicateHandle
GetCPInfo
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCommandLineA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoA
FormatMessageA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
GetFileAttributesA
GetTickCount
FileTimeToSystemTime
GetVolumeInformationA
GetFullPathNameA
FindFirstFileA
FindClose
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
GetCurrentProcess
WriteFile
ReadFile
HeapDestroy
SetErrorMode
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CloseHandle
LCMapStringA
GetThreadLocale
SizeofResource
GetProfileStringA
GetProcessVersion
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrlenA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrcpynA
GetLastError
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
LCMapStringW
GetStringTypeA
HeapCreate
CompareStringA
CreateFileA

user32

MessageBeep
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
LoadStringA
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DestroyMenu
ScreenToClient
CopyRect
GetTopWindow
GetCapture
CharNextA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
AdjustWindowRectEx
SetFocus
WinHelpA
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
PostQuitMessage
LoadIconA
IsChild
DrawFocusRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode

gdi32

DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
IntersectClipRect
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
OffsetViewportOrgEx
GetStockObject
SetBkMode
RestoreDC
SaveDC
SelectObject
DeleteDC
GetObjectA
SetTextColor
GetClipBox
SetBkColor
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/infclean.exe
.exe windows:4 windows x86 arch:x86

52b580d5981a1dab4a2e8eab7159fa3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
ReadFile
HeapAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
driver/install.dll
.dll windows:4 windows x86 arch:x86

d778c5efd2b8429aa967c47bc5ae50e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA
EnumChildWindows
CallNextHookEx
GetWindowTextA
SendMessageA

Exports

Exports

?InstallHook@@YAXXZ
?UninstallHook@@YAXXZ

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

share
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/installapp.exe
.exe windows:4 windows x86 arch:x86

9715e61658b484d0ac9e4c9a17ea35fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

install

?InstallHook@@YAXXZ
?UninstallHook@@YAXXZ

kernel32

GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
RtlUnwind
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
WaitForSingleObject
CreateProcessA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
WideCharToMultiByte
lstrlenA
LocalFree
FormatMessageA
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GlobalFree
LockResource
LoadResource
FindResourceA
GlobalUnlock
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetProfileStringA
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetThreadLocale
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
GetVersion
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
SetLastError
LoadLibraryA
FreeLibrary

user32

MessageBeep
DestroyMenu
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
GetNextDlgGroupItem
CopyRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
UnhookWindowsHookEx
SetRect
CopyAcceleratorTableA
CharNextA
LoadStringA
GetSysColorBrush
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
GetMenuItemCount
LoadIconA
IsChild

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
GetTextExtentPointA
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysFreeString
SysAllocStringLen

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/netsf.inf
driver/netsf_m.inf
driver/sfilter.dll
.dll regsvr32 windows:5 windows x86 arch:x86

47fb03eee09db3a4d50bec468f1fea35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
vswprintf
swprintf
wcslen
wcscpy
_purecall
free
realloc
malloc
_EH_prolog
__CxxFrameHandler
??2@YAPAXI@Z

advapi32

RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

comctl32

CreatePropertySheetPageW

kernel32

SizeofResource
lstrlenA
MultiByteToWideChar
LoadResource
GetModuleFileNameW
GetShortPathNameW
EnterCriticalSection
FindResourceW
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
HeapDestroy
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
lstrlenW
OutputDebugStringW
FreeLibrary
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString

user32

GetParent
GetWindowLongW
SetWindowLongW
GetWindowTextW
GetDlgItem
CharNextW
SetWindowTextW
SendMessageW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/snetcfg.exe
.exe windows:4 windows x86 arch:x86

d62af8b5ecb25e4e28d48c1730c7de29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
SetFilePointer
CloseHandle
LoadLibraryA
GetProcAddress
FlushFileBuffers
HeapReAlloc
VirtualAlloc
WriteFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetModuleFileNameW
GetLastError
RtlUnwind
HeapAlloc
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupCopyOEMInfA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/ssfilter.sys
.sys windows:5 windows x86 arch:x86

4fb2f1bfdef26bb8601cdaa7ed8b9a8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInterlockedPushEntrySList
KeSetEvent
IofCompleteRequest
RtlUnicodeStringToAnsiString
ZwClose
RtlInitUnicodeString
RtlAppendUnicodeToString
IoCreateNotificationEvent
IoCreateSynchronizationEvent
KeClearEvent
ExInterlockedPopEntrySList

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql

ndis.sys

NdisIMAssociateMiniport
NdisInitUnicodeString
NdisRegisterProtocol
NdisSendPackets
NdisUnchainBufferAtFront
NdisFreeBuffer
NdisAllocateBuffer
NdisInterlockedInsertHeadList
NdisInterlockedInsertTailList
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBuffer
NdisInterlockedRemoveHeadList
NdisFreeSpinLock
NdisRequest
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisSend
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisReturnPackets
NdisTransferData
NdisFreeMemory
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisFreeBufferPool
NdisFreePacketPool
NdisTerminateWrapper
NdisIMDeregisterLayeredMiniport
NdisIMInitializeDeviceInstanceEx
NdisReEnumerateProtocolBindings
NdisPacketPoolUsage
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisMDeregisterDevice
NdisDeregisterProtocol
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenAdapter
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisAllocateMemoryWithTag
NdisOpenProtocolConfiguration
NdisIMDeInitializeDeviceInstance
NdisIMCancelInitializeDeviceInstance
NdisDprFreePacket
NdisDprAllocatePacket
NdisGetReceivedPacket

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 416B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nav.xml
.xml
pvt.dat
pvt.dll
.dll windows:4 windows x86 arch:x86

6c1ff44dae29579bab4620bc7fa660e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
CreateThread
ExitThread
HeapSize
GetACP
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFlags
SetLastError
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
lstrcmpiA
lstrcpynA
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetLastError
lstrcmpA
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
WaitForSingleObject
TerminateThread
Sleep
GetModuleFileNameA
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
HeapCreate
WideCharToMultiByte

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
wsprintfA
GetMenuCheckMarkDimensions

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteDC
DeleteObject
SetBkColor
GetStockObject
SelectObject
RestoreDC
CreateBitmap
SaveDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

ole32

CoUninitialize
CoInitialize

urlmon

URLDownloadToFileA

shlwapi

StrTrimA

ws2_32

htonl
htons

wininet

InternetCrackUrlA

Exports

Exports

PVTHandlePkt
PVTInit
PVTMode
PVTRegHandler
PVTRegL2Handler
PVTUninit

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssnet.dll
.dll windows:4 windows x86 arch:x86

817338b57059bcaaec4b435fb42f74a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupIterateCabinetA

wininet

InternetCrackUrlA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

inet_ntoa
closesocket
gethostbyname
socket
WSAStartup
recv
WSAGetLastError
connect
inet_addr
htons
setsockopt
send
getprotobyname

kernel32

GetLastError
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CloseHandle
WriteFile
CreateFileA
lstrcpynA
CopyFileA
CreateDirectoryA
WinExec
DeleteFileA
GetTempPathA
GetSystemDirectoryA
MoveFileExA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetWindowsDirectoryA
IsBadCodePtr
IsBadReadPtr
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
WideCharToMultiByte
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter

shlwapi

PathFindFileNameA

Exports

Exports

fnDownloadFile
fnPostStatMsg
fnSetPath
fnUpgrade
fnUpgradeExe
fnVisitUrl

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ver.xml
vista.cjstyles
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a1:ec:31:26:dc:ec:1c:61:a4:b2:a9:5a:5b:3a:ac:ba:61:19:08:30
Signer

Actual PE Digest

a1:ec:31:26:dc:ec:1c:61:a4:b2:a9:5a:5b:3a:ac:ba:61:19:08:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winfw.dll
.dll windows:4 windows x86 arch:x86

db67a15886aebf438a28fece3e62ff44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
CreateFileA
CloseHandle
CreateEventW
DeviceIoControl
WaitForMultipleObjects
SetThreadPriority
GetCurrentThread
GetModuleFileNameA
CreateEventA
WaitForSingleObject
SetEvent
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

WinFw_Close
WinFw_EnumAdapterList
WinFw_Open
WinFw_QueuePacket
WinFw_SendPacket
WinFw_SetFlag
WinFw_StartCapture
WinFw_StopCapture
WinFw_TransmitQueue

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

bff3571c7c673feea43df03c1dcaf2bb

Headers

File Characteristics

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 88KB - Virtual size: 86KB

.data
Size: 36KB - Virtual size: 52KB

.rsrc
Size: 60KB - Virtual size: 56KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

Shared
Size: 20KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 920B