2a6bb21c0b4f0dbd3c48431d90c05cd2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a6bb21c0b4f0dbd3c48431d90c05cd2_JaffaCakes118
Size

1.9MB
MD5

2a6bb21c0b4f0dbd3c48431d90c05cd2
SHA1

b5ab2ca26e31b88c477b73333bad6f3436789773
SHA256

6f45d5345b55a0519c06966a70b8163fe2a1ff1508369c7db1dcdf0c69a93258
SHA512

1027b26729c1ec843e5eff158854a72cb6abf0f86f81ff0176eaaa3a5d6841945e223adb8894e325d735e866e344e2c3cc5ee8eb2c33b06623d077179caf9f2b
SSDEEP

49152:WFSfwQsavHYzCo2c2scPhH9N03c6iaaLVM/BSeOnN890M:3fvHYzCReELG3cz/YB9Oa90M

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bdfw-v9.7.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsExec.dll
unpack002/bdfw.exe
unpack002/bdfwsvc.exe
unpack002/bin/DSignRemove.exe
unpack002/bin/efwinstall.exe
unpack002/driver/2k/enetfilt2k.sys
unpack002/driver/xp/enetfilt.sys
unpack002/easydb.dll
unpack002/easyskin.dll
unpack002/lang/bdfwchs.dll
unpack002/libcurl.dll
unpack002/psapi.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/bdfw-v9.7.exe	nsis_installer_1
static1/unpack001/bdfw-v9.7.exe	nsis_installer_2
static1/unpack002/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_2

Files

2a6bb21c0b4f0dbd3c48431d90c05cd2_JaffaCakes118
.rar
bdfw-v9.7.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 750B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdfw.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 204KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 38KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 65KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bdfwsvc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 231KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 60KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 97KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 301KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/DSignRemove.exe
.exe windows:4 windows x86 arch:x86

8c22c14a4564e7ab1082b733d9a64235

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\RemoveDriverSign\Release\RemoveDriverSign.pdb

Imports

advapi32

RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/efwinstall.exe
.exe windows:5 windows x86 arch:x86

42333f0c9a25e176038c934a8d62661e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_except_handler3
_controlfp
_initterm
_c_exit
wcslen
vwprintf
_iob
fflush
wprintf
iswprint
wcscpy
exit
wcschr
__wgetmainargs
__winitenv
_cexit
_XcptFilter
__set_app_type
tolower

kernel32

GetTickCount
CreateThread
GetLastError
Sleep

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

user32

GetWindowInfo
SetFocus
SendInput
FindWindowW

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/unicode.map
driver/2k/bdwrap2k.inf
driver/2k/bdwrap2k_m.inf
driver/2k/enetfilt2k.sys
.sys windows:5 windows x86 arch:x86

f45440b92c92d461d027c85373e2e6fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DevCode\src\driver\objfre_w2K_x86\i386\enetfilt2k.pdb

Imports

ntoskrnl.exe

ExSystemTimeToLocalTime
RtlTimeToTimeFields
RtlUshortByteSwap
RtlUlongByteSwap
IoAllocateMdl
InterlockedDecrement
MmBuildMdlForNonPagedPool
IoFreeMdl
KeSetEvent
IoCreateNotificationEvent
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeClearEvent
MmMapLockedPagesSpecifyCache
InterlockedCompareExchange
_except_handler3
ExfInterlockedRemoveHeadList
IofCompleteRequest
RtlInitUnicodeString
InterlockedIncrement
KeInitializeSpinLock
ExfInterlockedInsertTailList
ZwClose
_alldiv
_allrem
_allmul
KeQuerySystemTime
ExFreePool
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
DbgPrint

hal

KeQueryPerformanceCounter

ndis.sys

NdisDprReleaseSpinLock
NdisAllocateMemoryWithTag
NdisQueryBufferSafe
NdisQueryBuffer
NdisReturnPackets
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisFreeBuffer
NdisTransferData
NdisAllocatePacket
NdisIMCopySendPerPacketInfo
NdisSend
NdisDprAcquireSpinLock
NdisFreePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisReset
NdisGetCurrentProcessorCounts
NdisFreeSpinLock
NdisInterlockedDecrement
NdisFreePacketPool
NdisFreeMemory
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterDevice
NdisSetEvent
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisRequest
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMCancelTimer
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisInitUnicodeString
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisSystemProcessorCount
NdisAllocateBufferPool
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisCloseConfiguration
NdisReadConfiguration

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/bdwrap.inf
driver/xp/bdwrap_m.inf
driver/xp/enetfilt.sys
.sys windows:5 windows x86 arch:x86

29b3591d968293a34571d1be2e6b74e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\driver\driver\objfre_wxp_x86\i386\fortguard.pdb

Imports

ntoskrnl.exe

KeTickCount
ExSystemTimeToLocalTime
RtlTimeToTimeFields
IoAllocateMdl
InterlockedDecrement
MmBuildMdlForNonPagedPool
IoFreeMdl
KeSetEvent
IoCreateNotificationEvent
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeClearEvent
MmMapLockedPagesSpecifyCache
InterlockedCompareExchange
_except_handler3
ExfInterlockedRemoveHeadList
IofCompleteRequest
RtlInitUnicodeString
InterlockedIncrement
KeInitializeSpinLock
ExfInterlockedInsertTailList
ZwClose
_alldiv
_allrem
_allmul
KeQuerySystemTime
ExFreePool
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
DbgPrint

hal

KeQueryPerformanceCounter

ndis.sys

NdisDprReleaseSpinLock
NdisAllocateMemoryWithTag
NdisQueryBufferSafe
NdisReturnPackets
NdisGetPoolFromPacket
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisFreeBuffer
NdisTransferData
NdisIMGetCurrentPacketStack
NdisSend
NdisAllocatePacket
NdisDprAcquireSpinLock
NdisIMCopySendCompletePerPacketInfo
NdisFreePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisReset
NdisGetCurrentProcessorCounts
NdisFreeSpinLock
NdisInterlockedDecrement
NdisFreePacketPool
NdisFreeMemory
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisIMCopySendPerPacketInfo
NdisMDeregisterDevice
NdisSetEvent
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisRequest
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMCancelTimer
NdisCancelSendPackets
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisInitUnicodeString
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisSystemProcessorCount
NdisAllocateBufferPool
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenProtocolConfiguration
NdisDeregisterProtocol

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
easydb.dll
.dll windows:4 windows x86 arch:x86

65238d542ed63889203e85026185205d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
MapViewOfFile
CreateFileMappingA
FlushFileBuffers
UnmapViewOfFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetStdHandle
GetLastError
GetFileType
CreateFileA
HeapReAlloc
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ReadFile
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualProtect
GetSystemInfo

Exports

Exports

??0c4_Bytes@@QAE@ABV0@@Z
??0c4_Bytes@@QAE@PBXH@Z
??0c4_Bytes@@QAE@PBXH_N@Z
??0c4_Bytes@@QAE@XZ
??0c4_BytesProp@@QAE@ABV0@@Z
??0c4_BytesProp@@QAE@PBD@Z
??0c4_BytesRef@@QAE@ABVc4_Reference@@@Z
??0c4_Cursor@@QAE@AAVc4_Sequence@@H@Z
??0c4_CustomViewer@@IAE@XZ
??0c4_CustomViewer@@QAE@ABV0@@Z
??0c4_DoubleProp@@QAE@ABV0@@Z
??0c4_DoubleProp@@QAE@PBD@Z
??0c4_DoubleRef@@QAE@ABVc4_Reference@@@Z
??0c4_FileStrategy@@QAE@ABV0@@Z
??0c4_FileStrategy@@QAE@PAU_iobuf@@@Z
??0c4_FileStream@@QAE@ABV0@@Z
??0c4_FileStream@@QAE@PAU_iobuf@@_N@Z
??0c4_FloatProp@@QAE@ABV0@@Z
??0c4_FloatProp@@QAE@PBD@Z
??0c4_FloatRef@@QAE@ABVc4_Reference@@@Z
??0c4_IntProp@@QAE@ABV0@@Z
??0c4_IntProp@@QAE@PBD@Z
??0c4_IntRef@@QAE@ABVc4_Reference@@@Z
??0c4_LongRef@@QAE@ABVc4_Reference@@@Z
??0c4_Property@@QAE@ABV0@@Z
??0c4_Property@@QAE@DH@Z
??0c4_Property@@QAE@DPBD@Z
??0c4_Reference@@QAE@ABVc4_RowRef@@ABVc4_Property@@@Z
??0c4_Row@@QAE@ABV0@@Z
??0c4_Row@@QAE@ABVc4_RowRef@@@Z
??0c4_Row@@QAE@XZ
??0c4_RowRef@@IAE@Vc4_Cursor@@@Z
??0c4_Sequence@@QAE@XZ
??0c4_Storage@@QAE@AAVc4_Strategy@@_NH@Z
??0c4_Storage@@QAE@ABV0@@Z
??0c4_Storage@@QAE@ABVc4_View@@@Z
??0c4_Storage@@QAE@PBDH@Z
??0c4_Storage@@QAE@XZ
??0c4_Strategy@@QAE@ABV0@@Z
??0c4_Strategy@@QAE@XZ
??0c4_Stream@@QAE@ABV0@@Z
??0c4_Stream@@QAE@XZ
??0c4_String@@QAE@ABV0@@Z
??0c4_String@@QAE@DH@Z
??0c4_String@@QAE@PBD@Z
??0c4_String@@QAE@PBE@Z
??0c4_String@@QAE@PBXH@Z
??0c4_String@@QAE@XZ
??0c4_StringProp@@QAE@ABV0@@Z
??0c4_StringProp@@QAE@PBD@Z
??0c4_StringRef@@QAE@ABVc4_Reference@@@Z
??0c4_View@@QAE@ABV0@@Z
??0c4_View@@QAE@ABVc4_Property@@@Z
??0c4_View@@QAE@PAVc4_CustomViewer@@@Z
??0c4_View@@QAE@PAVc4_Sequence@@@Z
??0c4_View@@QAE@PAVc4_Stream@@@Z
??0c4_ViewProp@@QAE@ABV0@@Z
??0c4_ViewProp@@QAE@PBD@Z
??0c4_ViewRef@@QAE@ABVc4_Reference@@@Z
??1c4_Bytes@@QAE@XZ
??1c4_BytesProp@@QAE@XZ
??1c4_CustomViewer@@UAE@XZ
??1c4_DoubleProp@@QAE@XZ
??1c4_FileStrategy@@UAE@XZ
??1c4_FileStream@@UAE@XZ
??1c4_FloatProp@@QAE@XZ
??1c4_IntProp@@QAE@XZ
??1c4_Property@@QAE@XZ
??1c4_Row@@QAE@XZ
??1c4_Sequence@@MAE@XZ
??1c4_Storage@@QAE@XZ
??1c4_Strategy@@UAE@XZ
??1c4_Stream@@UAE@XZ
??1c4_String@@QAE@XZ
??1c4_StringProp@@QAE@XZ
??1c4_View@@QAE@XZ
??1c4_ViewProp@@QAE@XZ
??4c4_Bytes@@QAEAAV0@ABV0@@Z
??4c4_BytesProp@@QAEAAV0@ABV0@@Z
??4c4_BytesRef@@QAEAAV0@ABV0@@Z
??4c4_BytesRef@@QAEAAV0@ABVc4_Bytes@@@Z
??4c4_Cursor@@QAEAAV0@ABV0@@Z
??4c4_CustomViewer@@QAEAAV0@ABV0@@Z
??4c4_DoubleProp@@QAEAAV0@ABV0@@Z
??4c4_DoubleRef@@QAEAAV0@ABV0@@Z
??4c4_DoubleRef@@QAEAAV0@N@Z
??4c4_FileStrategy@@QAEAAV0@ABV0@@Z
??4c4_FileStream@@QAEAAV0@ABV0@@Z
??4c4_FloatProp@@QAEAAV0@ABV0@@Z
??4c4_FloatRef@@QAEAAV0@ABV0@@Z
??4c4_FloatRef@@QAEAAV0@N@Z
??4c4_IntProp@@QAEAAV0@ABV0@@Z
??4c4_IntRef@@QAEAAV0@ABV0@@Z
??4c4_IntRef@@QAEAAV0@J@Z
??4c4_LongRef@@QAEAAV0@ABV0@@Z
??4c4_LongRef@@QAEAAV0@_J@Z
??4c4_Property@@QAEXABV0@@Z
??4c4_Reference@@QAEAAV0@ABV0@@Z
??4c4_Row@@QAEAAV0@ABV0@@Z
??4c4_Row@@QAEAAV0@ABVc4_RowRef@@@Z
??4c4_RowRef@@QAE?AV0@ABV0@@Z
??4c4_Storage@@QAEAAV0@ABV0@@Z
??4c4_Strategy@@QAEAAV0@ABV0@@Z
??4c4_Stream@@QAEAAV0@ABV0@@Z
??4c4_String@@QAEABV0@ABV0@@Z
??4c4_StringProp@@QAEAAV0@ABV0@@Z
??4c4_StringRef@@QAEAAV0@ABV0@@Z
??4c4_StringRef@@QAEAAV0@PBD@Z
??4c4_View@@QAEAAV0@ABV0@@Z
??4c4_ViewProp@@QAEAAV0@ABV0@@Z
??4c4_ViewRef@@QAEAAV0@ABV0@@Z
??4c4_ViewRef@@QAEAAV0@ABVc4_View@@@Z
??8@YA_NABVc4_Bytes@@0@Z
??8@YA_NABVc4_Reference@@0@Z
??8@YA_NABVc4_RowRef@@0@Z
??8@YA_NABVc4_String@@0@Z
??8@YA_NABVc4_String@@PBD@Z
??8@YA_NABVc4_View@@0@Z
??8@YA_NPBDABVc4_String@@@Z
??8@YA_NVc4_Cursor@@0@Z
??9@YA_NABVc4_Bytes@@0@Z
??9@YA_NABVc4_Reference@@0@Z
??9@YA_NABVc4_RowRef@@0@Z
??9@YA_NABVc4_String@@0@Z
??9@YA_NABVc4_String@@PBD@Z
??9@YA_NABVc4_View@@0@Z
??9@YA_NPBDABVc4_String@@@Z
??9@YA_NVc4_Cursor@@0@Z
??Ac4_BytesProp@@QBE?AVc4_Row@@ABVc4_Bytes@@@Z
??Ac4_Cursor@@QBE?AVc4_RowRef@@H@Z
??Ac4_DoubleProp@@QBE?AVc4_Row@@N@Z
??Ac4_FloatProp@@QBE?AVc4_Row@@N@Z
??Ac4_IntProp@@QBE?AVc4_Row@@J@Z
??Ac4_String@@QBEDH@Z
??Ac4_StringProp@@QBE?AVc4_Row@@PBD@Z
??Ac4_View@@QBE?AVc4_RowRef@@H@Z
??Ac4_ViewProp@@QBE?AVc4_Row@@ABVc4_View@@@Z
??Bc4_BytesRef@@QBE?AVc4_Bytes@@XZ
??Bc4_DoubleRef@@QBENXZ
??Bc4_FloatRef@@QBENXZ
??Bc4_IntRef@@QBEJXZ
??Bc4_LongRef@@QBE_JXZ
??Bc4_String@@QBEPBDXZ
??Bc4_String@@QBEPBEXZ
??Bc4_StringRef@@QBEPBDXZ
??Bc4_ViewRef@@QBE?AVc4_View@@XZ
??Dc4_Cursor@@QBE?AVc4_RowRef@@XZ
??Ec4_Cursor@@QAE?AV0@H@Z
??Ec4_Cursor@@QAEAAV0@XZ
??Fc4_Cursor@@QAE?AV0@H@Z
??Fc4_Cursor@@QAEAAV0@XZ
??Gc4_Cursor@@QBE?AV0@H@Z
??Gc4_Cursor@@QBEHV0@@Z
??H@YA?AVc4_Cursor@@HV0@@Z
??H@YA?AVc4_Cursor@@V0@H@Z
??H@YA?AVc4_Row@@ABVc4_RowRef@@0@Z
??H@YA?AVc4_String@@ABV0@0@Z
??H@YA?AVc4_String@@ABV0@PBD@Z
??H@YA?AVc4_String@@PBDABV0@@Z
??Ic4_RowRef@@QBE?AVc4_Cursor@@XZ
??M@YA_NABVc4_RowRef@@0@Z
??M@YA_NABVc4_View@@0@Z
??M@YA_NVc4_Cursor@@0@Z
??Mc4_String@@QBE_NABV0@@Z
??N@YA_NABVc4_RowRef@@0@Z
??N@YA_NABVc4_View@@0@Z
??N@YA_NVc4_Cursor@@0@Z
??O@YA_NABVc4_RowRef@@0@Z
??O@YA_NABVc4_View@@0@Z
??O@YA_NVc4_Cursor@@0@Z
??P@YA_NABVc4_RowRef@@0@Z
??P@YA_NABVc4_View@@0@Z
??P@YA_NVc4_Cursor@@0@Z
??Qc4_Property@@QBE?AVc4_View@@ABV0@@Z
??Qc4_View@@QBE?AV0@ABVc4_Property@@@Z
??Rc4_BytesProp@@QBE?AVc4_BytesRef@@ABVc4_RowRef@@@Z
??Rc4_DoubleProp@@QBE?AVc4_DoubleRef@@ABVc4_RowRef@@@Z
??Rc4_FloatProp@@QBE?AVc4_FloatRef@@ABVc4_RowRef@@@Z
??Rc4_IntProp@@QBE?AVc4_IntRef@@ABVc4_RowRef@@@Z
??Rc4_Property@@QBE?AVc4_Reference@@ABVc4_RowRef@@@Z
??Rc4_StringProp@@QBE?AVc4_StringRef@@ABVc4_RowRef@@@Z
??Rc4_ViewProp@@QBE?AVc4_ViewRef@@ABVc4_RowRef@@@Z
??Yc4_Cursor@@QAEAAV0@H@Z
??Yc4_String@@QAEABV0@ABV0@@Z
??Yc4_String@@QAEABV0@PBD@Z
??Zc4_Cursor@@QAEAAV0@H@Z
??_7c4_CustomViewer@@6B@
??_7c4_FileStrategy@@6B@
??_7c4_FileStream@@6B@
??_7c4_Sequence@@6B@
??_7c4_Strategy@@6B@
??_7c4_Stream@@6B@
??_Fc4_FileStrategy@@QAEXXZ
??_Fc4_View@@QAEXXZ
?Access@c4_BytesRef@@QBE?AVc4_Bytes@@JH@Z
?Add@c4_View@@QAEHABVc4_RowRef@@@Z
?AddProperty@c4_View@@QAEHABVc4_Property@@@Z
?Allocate@c4_Row@@CA?AVc4_Cursor@@XZ
?AsRow@c4_BytesProp@@QBE?AVc4_Row@@ABVc4_Bytes@@@Z
?AsRow@c4_DoubleProp@@QBE?AVc4_Row@@N@Z
?AsRow@c4_FloatProp@@QBE?AVc4_Row@@N@Z
?AsRow@c4_IntProp@@QBE?AVc4_Row@@J@Z
?AsRow@c4_StringProp@@QBE?AVc4_Row@@PBD@Z
?AsRow@c4_ViewProp@@QBE?AVc4_Row@@ABVc4_View@@@Z
?Attach@c4_Sequence@@QAEXPAV1@@Z
?AutoCommit@c4_Storage@@QAE_N_N@Z
?Blocked@c4_View@@QBE?AV1@XZ
?Buffer@c4_Sequence@@QAEAAVc4_Bytes@@XZ
?CleanupInternalData@c4_Property@@SAXXZ
?ClearCache@c4_Sequence@@IAEXXZ
?Clone@c4_View@@QBE?AV1@XZ
?Commit@c4_Storage@@QAE_N_N@Z
?Compare@c4_Sequence@@UBEHHVc4_Cursor@@@Z
?Compare@c4_String@@QBEHPBD@Z
?Compare@c4_View@@QBEHABV1@@Z
?CompareNoCase@c4_String@@QBEHPBD@Z
?Concat@c4_View@@QBE?AV1@ABV1@@Z
?ConcatRow@c4_Row@@QAEXABVc4_RowRef@@@Z
?Container@c4_RowRef@@QBE?AVc4_View@@XZ
?Contents@c4_Bytes@@QBEPBEXZ
?Counts@c4_View@@QBE?AV1@ABV1@ABVc4_IntProp@@@Z
?Data@c4_String@@ABEPBDXZ
?DataCommit@c4_FileStrategy@@UAEXJ@Z
?DataCommit@c4_Strategy@@UAEXJ@Z
?DataOpen@c4_FileStrategy@@UAE_NPBDH@Z
?DataRead@c4_FileStrategy@@UAEHJPAXH@Z
?DataRead@c4_Strategy@@UAEHJPAXH@Z
?DataWrite@c4_FileStrategy@@UAEXJPBXH@Z
?DataWrite@c4_Strategy@@UAEXJPBXH@Z
?DecRef@c4_Sequence@@QAEXXZ
?Description@c4_Sequence@@UAEPBDXZ
?Description@c4_Storage@@QAEPBDPBD@Z
?Description@c4_View@@QBEPBDXZ
?Detach@c4_Sequence@@QAEXPAV1@@Z
?Different@c4_View@@QBE?AV1@ABV1@@Z
?Duplicate@c4_View@@QBE?AV1@XZ
?ElementAt@c4_View@@QAE?AVc4_RowRef@@H@Z
?Empty@c4_String@@QAEXXZ
?EndOfData@c4_Strategy@@QAEJJ@Z
?FileSize@c4_FileStrategy@@UAEJXZ
?FileSize@c4_Strategy@@UAEJXZ
?Find@c4_String@@QBEHD@Z
?Find@c4_String@@QBEHPBD@Z
?Find@c4_View@@QBEHABVc4_RowRef@@H@Z
?FindOneOf@c4_String@@QBEHPBD@Z
?FindPropIndexByName@c4_View@@QBEHPBD@Z
?FindProperty@c4_View@@QAEHH@Z
?FreshGeneration@c4_FileStrategy@@UAEJXZ
?FreshGeneration@c4_Strategy@@UAEJXZ
?FullLength@c4_String@@ABEHXZ
?Get@c4_BytesProp@@QBE?AVc4_Bytes@@ABVc4_RowRef@@@Z
?Get@c4_DoubleProp@@QBENABVc4_RowRef@@@Z
?Get@c4_FloatProp@@QBENABVc4_RowRef@@@Z
?Get@c4_IntProp@@QBEJABVc4_RowRef@@@Z
?Get@c4_Sequence@@UAE_NHHAAVc4_Bytes@@@Z
?Get@c4_StringProp@@QBEPBDABVc4_RowRef@@@Z
?Get@c4_ViewProp@@QBE?AVc4_View@@ABVc4_RowRef@@@Z
?GetAs@c4_Storage@@QAE?AVc4_View@@PBD@Z
?GetAside@c4_Storage@@QBEPAV1@XZ
?GetAt@c4_View@@QBE?AVc4_RowRef@@H@Z
?GetData@c4_Reference@@QBE_NAAVc4_Bytes@@@Z
?GetDependencies@c4_Sequence@@QBEPAVc4_Dependencies@@XZ
?GetId@c4_Property@@QBEHXZ
?GetIndexOf@c4_View@@QBEHABVc4_RowRef@@@Z
?GetItem@c4_View@@QBE_NHHAAVc4_Bytes@@@Z
?GetLength@c4_String@@QBEHXZ
?GetSize@c4_Reference@@QBEHXZ
?GetSize@c4_View@@QBEHXZ
?GroupBy@c4_View@@QBE?AV1@ABV1@ABVc4_ViewProp@@@Z
?Hash@c4_View@@QBE?AV1@ABV1@H@Z
?IncRef@c4_Sequence@@QAEXXZ
?Indexed@c4_View@@QBE?AV1@ABV1@0_N@Z
?Init@c4_String@@AAEXPBXH@Z
?Initialize@c4_Storage@@AAEXAAVc4_Strategy@@_NH@Z
?InsertAt@c4_Sequence@@UAEXHVc4_Cursor@@H@Z
?InsertAt@c4_View@@QAEXHABV1@@Z
?InsertAt@c4_View@@QAEXHABVc4_RowRef@@H@Z
?InsertRows@c4_CustomViewer@@QAE_NHABVc4_RowRef@@H@Z
?InsertRows@c4_CustomViewer@@UAE_NHVc4_Cursor@@H@Z
?Intersect@c4_View@@QBE?AV1@ABV1@@Z
?IsCompatibleWith@c4_View@@QBE_NABV1@@Z
?IsEmpty@c4_String@@QBE_NXZ
?IsValid@c4_FileStrategy@@UBE_NXZ
?IsValid@c4_Strategy@@UBE_NXZ
?ItemSize@c4_Sequence@@UAEHHH@Z
?Join@c4_View@@QBE?AV1@ABV1@0_N@Z
?JoinProp@c4_View@@QBE?AV1@ABVc4_ViewProp@@_N@Z
?Left@c4_String@@QBE?AV1@H@Z
?LoadFrom@c4_Storage@@QAE_NAAVc4_Stream@@@Z
?Locate@c4_View@@QBEHABVc4_RowRef@@PAH@Z
?Lookup@c4_CustomViewer@@QAEHABVc4_RowRef@@AAH@Z
?Lookup@c4_CustomViewer@@UAEHVc4_Cursor@@AAH@Z
?Mid@c4_String@@QBE?AV1@HH@Z
?Minus@c4_View@@QBE?AV1@ABV1@@Z
?Modify@c4_BytesRef@@QBE_NABVc4_Bytes@@JH@Z
?Move@c4_Sequence@@UAEXHH@Z
?Name@c4_Property@@QBEPBDXZ
?NthPropId@c4_Sequence@@QBEHH@Z
?NthProperty@c4_View@@QBEABVc4_Property@@H@Z
?NumProperties@c4_View@@QBEHXZ
?NumRefs@c4_Sequence@@QBEHXZ
?Ordered@c4_View@@QBE?AV1@H@Z
?Pair@c4_View@@QBE?AV1@ABV1@@Z
?Persist@c4_Sequence@@UBEPAVc4_Persist@@XZ
?Persist@c4_View@@QBEPAVc4_Persist@@XZ
?PostChange@c4_Sequence@@UAEXAAVc4_Notifier@@@Z
?PreChange@c4_Sequence@@UAEPAVc4_Notifier@@AAV2@@Z
?Product@c4_View@@QBE?AV1@ABV1@@Z
?Project@c4_View@@QBE?AV1@ABV1@@Z
?ProjectWithout@c4_View@@QBE?AV1@ABV1@@Z
?PropIndex@c4_Sequence@@QAEHABVc4_Property@@@Z
?PropIndex@c4_Sequence@@QAEHH@Z
?Read@c4_FileStream@@UAEHPAXH@Z
?ReadOnly@c4_View@@QBE?AV1@XZ
?Refs@c4_Property@@QBEXH@Z
?Release@c4_Row@@CAXVc4_Cursor@@@Z
?RelocateRows@c4_View@@QAEXHHAAV1@H@Z
?RemapIndex@c4_Sequence@@UBEHHPBV1@@Z
?RemapWith@c4_View@@QBE?AV1@ABV1@@Z
?RemoveAll@c4_View@@QAEXXZ
?RemoveAt@c4_Sequence@@UAEXHH@Z
?RemoveAt@c4_View@@QAEXHH@Z
?RemoveRows@c4_CustomViewer@@UAE_NHH@Z
?Rename@c4_View@@QBE?AV1@ABVc4_Property@@0@Z
?ResetFileMapping@c4_FileStrategy@@UAEXXZ
?ResetFileMapping@c4_Strategy@@UAEXXZ
?Resize@c4_Sequence@@QAEXHH@Z
?RestrictSearch@c4_Sequence@@UAE_NVc4_Cursor@@AAH1@Z
?RestrictSearch@c4_View@@QAEHABVc4_RowRef@@AAH1@Z
?ReverseFind@c4_String@@QBEHD@Z
?Right@c4_String@@QBE?AV1@H@Z
?Rollback@c4_Storage@@QAE_N_N@Z
?SaveTo@c4_Storage@@QAEXAAVc4_Stream@@@Z
?Search@c4_View@@QBEHABVc4_RowRef@@@Z
?Select@c4_View@@QBE?AV1@ABVc4_RowRef@@@Z
?SelectRange@c4_View@@QBE?AV1@ABVc4_RowRef@@0@Z
?Set@c4_BytesProp@@QBEXABVc4_RowRef@@ABVc4_Bytes@@@Z
?Set@c4_DoubleProp@@QBEXABVc4_RowRef@@N@Z
?Set@c4_FloatProp@@QBEXABVc4_RowRef@@N@Z
?Set@c4_IntProp@@QBEXABVc4_RowRef@@J@Z
?Set@c4_Sequence@@UAEXHABVc4_Property@@ABVc4_Bytes@@@Z
?Set@c4_StringProp@@QBEXABVc4_RowRef@@PBD@Z
?Set@c4_ViewProp@@QBEXABVc4_RowRef@@ABVc4_View@@@Z
?SetAside@c4_Storage@@QAE_NAAV1@@Z
?SetAt@c4_Sequence@@QAEXHVc4_Cursor@@@Z
?SetAt@c4_View@@QAEXHABVc4_RowRef@@@Z
?SetAtGrow@c4_View@@QAEXHABVc4_RowRef@@@Z
?SetBase@c4_Strategy@@QAEXJ@Z
?SetBuffer@c4_Bytes@@QAEPAEH@Z
?SetBufferClear@c4_Bytes@@QAEPAEH@Z
?SetData@c4_Reference@@QBEXABVc4_Bytes@@@Z
?SetItem@c4_CustomViewer@@UAE_NHHABVc4_Bytes@@@Z
?SetItem@c4_View@@QBEXHHABVc4_Bytes@@@Z
?SetSize@c4_View@@QAEXHH@Z
?SetStructure@c4_Storage@@QAEXPBD@Z
?Size@c4_Bytes@@QBEHXZ
?Slice@c4_View@@QBE?AV1@HHH@Z
?Sort@c4_View@@QBE?AV1@XZ
?SortOn@c4_View@@QBE?AV1@ABV1@@Z
?SortOnReverse@c4_View@@QBE?AV1@ABV1@0@Z
?SpanExcluding@c4_String@@QBE?AV1@PBD@Z
?SpanIncluding@c4_String@@QBE?AV1@PBD@Z
?Strategy@c4_Storage@@QBEAAVc4_Strategy@@XZ
?Swap@c4_Bytes@@QAEXAAV1@@Z
?Type@c4_Property@@QBEDXZ
?Union@c4_View@@QBE?AV1@ABV1@@Z
?Unique@c4_View@@QBE?AV1@XZ
?UseTempBuffer@c4_Sequence@@QAEPBDPBD@Z
?View@c4_Storage@@QAE?AVc4_ViewRef@@PBD@Z
?Write@c4_FileStream@@UAE_NPBXH@Z
?_DecSeqRef@c4_View@@IAEXXZ
?_IncSeqRef@c4_View@@IAEXXZ
?_LoseCopy@c4_Bytes@@AAEXXZ
?_MakeCopy@c4_Bytes@@AAEXXZ

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
easyskin.dat
easyskin.dll
.dll windows:4 windows x86 arch:x86

aa92e17cb8d921734defd7ad71332948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

TransparentBlt

mfc42

ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2452
ord816
ord562
ord2381
ord5590
ord2571
ord3701
ord500
ord772
ord6142
ord3986
ord5981
ord3619
ord2405
ord2859
ord2754
ord4133
ord4297
ord5787
ord5788
ord283
ord2753
ord932
ord6759
ord5933
ord3880
ord3425
ord3054
ord6716
ord6692
ord3797
ord3055
ord3056
ord3296
ord2862
ord3754
ord3914
ord3297
ord4125
ord3803
ord4060
ord2937
ord3920
ord3293
ord6675
ord6762
ord6678
ord4123
ord6696
ord6734
ord3546
ord3766
ord861
ord273
ord603
ord3693
ord2713
ord6157
ord6605
ord4023
ord5785
ord2841
ord2107
ord5450
ord6394
ord559
ord812
ord5862
ord6144
ord3566
ord2975
ord3757
ord3481
ord1176
ord3752
ord1949
ord2915
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord860
ord800
ord537
ord823
ord858
ord540
ord539
ord6467
ord825
ord909
ord394
ord4185
ord5628
ord535
ord4191
ord3435
ord3441
ord5860
ord5606
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord6186
ord5756
ord6192
ord5759
ord2971
ord289
ord613
ord4284
ord5781
ord696
ord3643
ord472
ord2380
ord3706
ord323
ord1640
ord2714
ord2450
ord640
ord6880
ord702
ord912
ord5593
ord5596
ord400
ord3649
ord5634
ord915
ord4188
ord879
ord4204
ord4129
ord5710
ord6662
ord2740
ord2846
ord5440
ord404
ord703
ord354
ord5186
ord924
ord882
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord6215
ord2078
ord567
ord1168
ord2086
ord326
ord1641
ord1146
ord2414
ord609
ord3571
ord3663
ord3626
ord4407
ord3742
ord818
ord4275
ord2379
ord939
ord755
ord5875
ord6172
ord5789
ord6383
ord470
ord2860
ord2864
ord3646
ord397
ord699
ord665
ord1979
ord1969
ord3438
ord5572
ord2801

msvcrt

_strnicmp
_wcsnset
_stricmp
_strcmpi
_mbscmp
__CxxFrameHandler
_purecall
_CxxThrowException
atoi
_except_handler3
free
wcscmp
malloc
__RTDynamicCast
strncmp
wcschr
swprintf
mbstowcs
wcslen
wcscpy
_itow
_ftol
toupper
wcscat
wcsstr
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

GetDateFormatW
InterlockedExchange
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
LocalReAlloc
GetVersion
MulDiv
GetLastError
GetUserDefaultLangID
FindResourceExA
GetTimeFormatW
RaiseException
GetLocaleInfoW
GetLocalTime
lstrcpyA
lstrcmpA
LoadLibraryW
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
LocalAlloc
GetVersionExA
lstrcmpiA
GlobalAlloc
GlobalFree
lstrlenA
LoadResource
SizeofResource
GlobalLock
GlobalUnlock
OutputDebugStringA
LocalSize
LocalLock
LocalUnlock
FindResourceA
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte

user32

GetWindowTextW
GetWindowTextLengthW
CallWindowProcW
GetSubMenu
AppendMenuA
RemoveMenu
WindowFromPoint
LoadIconA
DrawStateA
TrackMouseEvent
DestroyWindow
RegisterClassA
GetClassInfoA
CreateWindowExA
DefWindowProcA
GetTabbedTextExtentA
MessageBoxA
AdjustWindowRect
GetMenuBarInfo
PeekMessageA
DispatchMessageA
GetMessageA
GetDCEx
AdjustWindowRectEx
GetSystemMenu
DrawMenuBar
TrackPopupMenu
GetMenu
IsMenu
GetActiveWindow
SetRectEmpty
GetAncestor
InvalidateRect
SetCapture
ReleaseCapture
IsIconic
IsZoomed
LockWindowUpdate
GetCursorPos
GetWindowRgn
EnableScrollBar
SetWindowRgn
GrayStringA
DrawTextA
TabbedTextOutA
ScreenToClient
IsWindowVisible
IsWindowEnabled
GetWindowLongA
GetWindowTextLengthA
GetForegroundWindow
GetWindow
IsWindow
RemovePropA
SetPropA
GetMenuStringW
SetWindowLongW
SetWindowLongA
GetPropA
WindowFromDC
CopyImage
GetDC
ReleaseDC
GetSystemMetrics
ShowWindow
SetForegroundWindow
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
CopyRect
IsRectEmpty
SetRect
GetWindowRect
OffsetRect
PtInRect
SetCursor
GetParent
SendMessageA
LoadCursorA
GetClientRect
DestroyCursor
EnableWindow
LoadBitmapA
GetClassNameA
PostMessageA
GetClassLongA
SetClassLongA
SetWindowPos
RedrawWindow
EnumChildWindows
GetMessagePos
KillTimer
SetTimer
MapWindowPoints
GetWindowDC
DrawEdge
GetSysColorBrush
BeginPaint
EndPaint
CallWindowProcA
DestroyIcon
UnionRect
GetDlgCtrlID
GetScrollPos
FillRect
FrameRect
InvertRect
GetTopWindow
GetWindowTextA
IntersectRect
SubtractRect
UpdateWindow
GetSysColor
DrawFrameControl
DrawFocusRect
SystemParametersInfoA
GetMenuItemRect
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
SystemParametersInfoW
ShowScrollBar
SetScrollInfo
SetScrollPos
IsWindowUnicode
GetMenuState
GetDlgItem
GetIconInfo
DrawIconEx
SetFocus
GetNextDlgTabItem
DrawTextW
GetFocus
SendMessageW
HideCaret
ShowCaret
InflateRect
GetCaretPos
SetCaretPos
GetKeyState
GetScrollInfo
CallNextHookEx
GetDesktopWindow
SetWindowsHookExA
GetCapture
UnhookWindowsHookEx
ClientToScreen

gdi32

RestoreDC
DeleteObject
GetDIBColorTable
CreatePalette
CreateHalftonePalette
SelectPalette
RealizePalette
GetObjectW
GetDeviceCaps
IntersectClipRect
GetClipRgn
GetTextMetricsA
ExtTextOutW
CreateFontIndirectW
SetStretchBltMode
GetClipBox
Rectangle
CreatePatternBrush
SetBrushOrgEx
UnrealizeObject
StretchBlt
SelectClipRgn
GetTextExtentPoint32A
PlayEnhMetaFile
SetPixel
CreateSolidBrush
CreateDIBSection
Arc
Ellipse
GetTextExtentPoint32W
SetWindowOrgEx
SaveDC
CreatePen
DeleteDC
CreateFontIndirectA
GetPixel
GetTextExtentPointW
GetTextExtentPointA
GetTextMetricsW
SetBoundsRect
ExcludeClipRect
CreateRoundRectRgn
CreateEllipticRgn
PtInRegion
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportOrgEx
GetStockObject
ExtSelectClipRgn
PatBlt
GetBkMode
GetTextColor
GetBkColor
GetCurrentObject
SetBkMode
SetTextColor
CreateRectRgn
OffsetRgn
GetRegionData
ExtCreateRegion
BeginPath
MoveToEx
LineTo
EndPath
WidenPath
PathToRegion
GetRgnBox
CreateRectRgnIndirect
CombineRgn
CreateCompatibleDC
SelectObject
GetObjectA
CreateBitmap
CreateCompatibleBitmap
BitBlt
SetBkColor

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_DrawEx
UninitializeFlatSB
InitializeFlatSB
ImageList_SetBkColor

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
VariantClear
SysAllocString

oleacc

AccessibleObjectFromWindow

Exports

Exports

AboutSkinCrafter
AddAdditionalThread
AddDrawImage
AddDrawText
AddSkinFromFile
ApplyAddedSkin
ApplySkin
DeInitDecoration
DecorateAs
DefineLanguage
DeleteAddedSkin
DeleteAdditionalThread
DoDecorate
DoNotDecorate
ExcludeWnd
GetSkinCopyRight
GetUserData
GetUserDataSize
IncludeWnd
InitDecoration
InitDecoration2
InitLicenKeys
LoadSkinFromData
LoadSkinFromFile
LoadSkinFromResource
RemoveAddedSkin
RemoveDrawItem
RemoveSkin
SetAddedCustomScrollbars
SetAddedCustomSkinWnd
SetCustomScrollbars
SetCustomSkinWnd
UpdateControl
UpdateWnd

Sections

.text
Size: 332KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwconf.dat
lang/bdfwchs.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:4 windows x86 arch:x86

80f4d520a8db2b21744b76b5ea02b06b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\mystuff\prgm\c\libcurl\Release\libcurl.pdb

Imports

wsock32

recv
send
ntohl
gethostbyname
WSAGetLastError
WSASetLastError
htonl
ntohs
listen
gethostbyaddr
inet_addr
accept
WSAStartup
WSACleanup
socket
htons
connect
closesocket
ioctlsocket
bind
getsockname
select
__WSAFDIsSet
inet_ntoa

winmm

timeGetTime

kernel32

VirtualFree
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
InterlockedExchange
RtlUnwind
InitializeCriticalSection
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLastError
ExpandEnvironmentStringsA
GetExitCodeThread
TerminateThread
WaitForSingleObject
GetTickCount
CreateThread
SetLastError
ReadFile
WaitForMultipleObjects
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
ExitProcess
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
HeapDestroy
HeapCreate
PeekNamedPipe
VirtualAlloc
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
CloseHandle
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_escape
curl_formadd
curl_formfree
curl_formparse
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_mvfprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psapi.dll
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
restart.bat
sysconf.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 12KB

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 750B

.rdata Size: 1024B - Virtual size: 673B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 190B

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 410B

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 12KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 750B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 12KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 750B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.data
Size: 313KB - Virtual size: 316KB

.adata
Size: - Virtual size: 4KB

.data
Size: 301KB - Virtual size: 304KB