2c7219a4b42c08c84363ef9f9e43fa94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c7219a4b42c08c84363ef9f9e43fa94_JaffaCakes118
Size

17.0MB
MD5

2c7219a4b42c08c84363ef9f9e43fa94
SHA1

93ec8016427dc643059652cd2946fe966f587127
SHA256

83b091983efb1c16049746c64a7cb2b71a7295c2406be020a31e026fdf76265a
SHA512

4765671943f8494e62997bcdf37e2ecf5cd85331270d6296f87f8b51ff297d1f8494dde530df93a74942255c4c09a54ba53c2837232790e02b25fa753876c2bd
SSDEEP

393216:+Vu2cciGZsjfnxdHiwlZQEHMNdOSBS/6mKYXo1v3i6kVte:OVRZsjfnxdHPZPsf/IDR41a6mE

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/网络教室xp/Redist/HINSTALL.EXE
unpack001/网络教室xp/Redist/InstDrv.exe
unpack001/网络教室xp/Redist/Instgsmh.EXE
unpack001/网络教室xp/Redist/WS2RPL.EXE
unpack001/网络教室xp/Utils/NetPref.dll
unpack001/网络教室xp/Utils/StudSet.exe
unpack001/网络教室xp/Utils/TechSet.exe
unpack002/DotNetInstaller.exe
unpack002/IKernel.dll
unpack002/IScript.dll
unpack002/IUser.dll
unpack002/ctor.dll
unpack002/objectps.dll

Files

2c7219a4b42c08c84363ef9f9e43fa94_JaffaCakes118
.rar
下载说明.htm
.html .js polyglot
使用必读.txt
使用手册.chm
.chm
新版特色.txt
网络教室xp/Product.ini
网络教室xp/Redist/40COMUPD.EXE
.exe windows:4 windows x86 arch:x86

ec175680921a2715662de338b92377d1

Code Sign

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

10/05/1997, 00:00

Not After

10/05/1998, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/CPS Incorp. by Ref.\,LIAB.LTD(c)96+OU=Digital ID Class 3 - Microsoft Software Validation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteValueA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
FreeSid
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
lstrlenA
lstrcmpiA
GetPrivateProfileStringA
GetCurrentProcess
GetPrivateProfileIntA
lstrcpyA
GetModuleFileNameA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
CreateDirectoryA
GetSystemDirectoryA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LoadResource
CreateMutexA
GetLastError
SetEvent
CreateEventA
SetCurrentDirectoryA
TerminateThread
ResetEvent
CreateThread
GetVersionExA
FormatMessageA
FreeLibrary
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
LoadLibraryA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
LocalAlloc
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
FindResourceA
GetDriveTypeA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
LocalFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
VirtualAlloc
GetLocaleInfoA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
CloseHandle
lstrcpynA
SetFilePointer
RtlUnwind

gdi32

GetDeviceCaps

user32

PeekMessageA
LoadStringA
GetDesktopWindow
wsprintfA
ExitWindowsEx
CharPrevA
CharNextA
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItemTextA
EnableWindow
SendMessageA
SetDlgItemTextA
DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
MessageBeep
EndDialog

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 401KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
网络教室xp/Redist/DCOM95.EXE
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
网络教室xp/Redist/DXMEDIA.EXE
.exe windows:4 windows x86 arch:x86

00aa430a2f5d9b50ba7d35b8699adf8b

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
WaitForSingleObject
CreateThread
SetEvent
FreeLibrary
lstrcmpA
GetCommandLineA
LocalAlloc
GetSystemDirectoryA
CreateFileA
LoadResource
FindResourceA
GetSystemInfo
LocalFree
FindClose
GetCurrentProcess
lstrlenA
GetTempPathA
GetCurrentDirectoryA
lstrcmpiA
GetWindowsDirectoryA
lstrcpyA
lstrcatA
OpenEventA
CreateEventA
CloseHandle
CreateDirectoryA
LoadLibraryA
GetProcAddress
FindFirstFileA
FindNextFileA
GetVersionExA
RemoveDirectoryA
GetLastError
WriteFile
SizeofResource
DeleteFileA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
HeapAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
SetHandleCount
GetStdHandle
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP

user32

ReleaseDC
CharNextA
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
GetDesktopWindow
UpdateWindow
InvalidateRect
CharUpperBuffA
GetClientRect
SendMessageA
SetWindowPos
GetSystemMetrics
GetDC
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
BeginPaint
LoadBitmapA
EndPaint
DefWindowProcA
PostQuitMessage
UnregisterClassA
DestroyWindow
wsprintfA
LoadStringA
FillRect

gdi32

SetBkMode
CreateSolidBrush
DeleteObject
GetTextMetricsA
TextOutA
SetTextColor

advapi32

GetTokenInformation
RegCloseKey
RegSetValueExA
RegOpenKeyExA
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken
RegCreateKeyExA
RegDeleteKeyA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
网络教室xp/Redist/DXMSetup.bat
网络教室xp/Redist/HHUPD.EXE
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
网络教室xp/Redist/HINSTALL.EXE
.exe windows:4 windows x86 arch:x86

c340aea4bb3658997147cc12288759ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
CreateServiceA
QueryServiceStatus
ControlService
StartServiceA
OpenServiceA
DeleteService

kernel32

SetLastError
LocalFree
GetFileAttributesA
GetLastError
DeleteFileA
LoadLibraryA
WideCharToMultiByte
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
lstrcpyA
GetModuleHandleA
OpenFile
lstrlenA
GetWindowsDirectoryA
RemoveDirectoryA
WriteFile
CloseHandle
ReadFile
LocalAlloc
CreateFileA
GlobalAlloc
Sleep
FindClose
FindFirstFileA
MoveFileA
CreateDirectoryA
DeviceIoControl
GetVersion
OpenProcess
TerminateProcess
GlobalFree
LocalReAlloc
GetCurrentProcessId
WaitForSingleObject
SetEvent
GetVersionExA
GetModuleFileNameA
GetProcAddress
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
GetTimeZoneInformation
FreeLibrary
GetLocalTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateEventA
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA

user32

RegisterClassA
DefWindowProcA
PostQuitMessage
MessageBoxA
DialogBoxParamA
EndDialog
SendMessageA
GetDlgItem
GetKeyboardType
EnumWindows
LoadCursorA
LoadIconA
IsWindowVisible
EndPaint
PeekMessageA
SendMessageCallbackA
SetForegroundWindow
FindWindowA
UpdateWindow
ShowWindow
DestroyWindow
SystemParametersInfoA
CreateWindowExA
BeginPaint
GetParent
GetWindowTextA
GetWindowThreadProcessId

gdi32

TextOutA
SetBkColor

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/Redist/InstDrv.exe
.exe windows:4 windows x86 arch:x86

431d2f4162471e411e6b2d20cd24b0fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
CloseServiceHandle
DeleteService
ControlService
RegDeleteKeyA

kernel32

GetWindowsDirectoryA
GetTempPathA
CopyFileA
GetVersionExA
GetLastError
DeleteFileA
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
WriteFile
HeapFree
CloseHandle
ReadFile
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetFilePointer
FlushFileBuffers
VirtualAlloc
HeapReAlloc
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/Redist/Instgsmh.EXE
.exe windows:5 windows x86 arch:x86

d287b46f6436ae965f0f1af9da8d89c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
FreeLibrary
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/Redist/WS2RPL.EXE
.exe windows:5 windows x86 arch:x86

d287b46f6436ae965f0f1af9da8d89c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
FreeLibrary
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 723KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/Redist/WS2SETUP.EXE
.exe windows:4 windows x86 arch:x86

2627a144954d261d757f031f285f7c9c

Code Sign

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

10/05/1997, 00:00

Not After

10/05/1998, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/CPS Incorp. by Ref.\,LIAB.LTD(c)96+OU=Digital ID Class 3 - Microsoft Software Validation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteValueA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
FreeSid
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
lstrlenA
lstrcmpiA
GetCurrentProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcpyA
GetModuleFileNameA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
CreateDirectoryA
InterlockedDecrement
LocalAlloc
GetLastError
InterlockedIncrement
SetCurrentDirectoryA
CreateEventA
ResetEvent
CreateThread
GetVersionExA
FormatMessageA
FreeLibrary
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeResource
LockResource
LoadResource
FindResourceA
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
SetEvent
TerminateThread
GlobalAlloc
GlobalFree
GetTempFileNameA
GetDriveTypeA
GetTempPathA
lstrcpynA
CloseHandle
GetDiskFreeSpaceA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
LocalFree
TerminateProcess
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapCreate
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
HeapFree
HeapAlloc
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
FlushFileBuffers
GetVolumeInformationA
LocalFileTimeToFileTime
DosDateTimeToFileTime
ExitProcess

gdi32

GetDeviceCaps

user32

EnableWindow
LoadStringA
GetDesktopWindow
wsprintfA
ExitWindowsEx
CharPrevA
DialogBoxParamA
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
SendMessageA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
MessageBoxA
ShowWindow
CharNextA
MessageBeep
EndDialog

comctl32

ord17

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 874KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
网络教室xp/Setup.bmp
网络教室xp/Utils/NetPref.dll
.dll windows:4 windows x86 arch:x86

d0393b7e847d514b9d5bd43cb45c8fa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ws2_32

socket
WSACleanup
WSAStartup
WSAIoctl
closesocket

kernel32

HeapDestroy
HeapFree
WriteFile
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
LoadLibraryA
HeapCreate
VirtualFree
RtlUnwind
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
InterlockedIncrement
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement

Exports

Exports

GetBindAddress
GetBroadcastAddress
GetBroadcastEnabled
GetChannelNo
GetKeepLiveDuration
SetBindAddress
SetBroadcastEnabled
SetChannelNo
SetKeepLiveDuration

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网络教室xp/Utils/StuSetup.ini
网络教室xp/Utils/StudSet.exe
.exe windows:4 windows x86 arch:x86

67a7a305262cb65a6d654d8866efbd18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
inet_ntoa
WSAStartup
socket
WSAIoctl
closesocket

mfc42

ord3922
ord1089
ord2554
ord2512
ord5731
ord2396
ord5300
ord5302
ord4079
ord5199
ord3346
ord5289
ord5714
ord2982
ord4698
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord5307
ord3830
ord3831
ord3147
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord2976
ord674
ord641
ord793
ord616
ord2514
ord2092
ord366
ord2621
ord1134
ord2725
ord3719
ord2411
ord3825
ord4218
ord2578
ord6055
ord1776
ord4398
ord815
ord4486
ord3582
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord6375
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord567
ord324
ord2301
ord2294
ord2362
ord2297
ord2363
ord2302
ord4234
ord800
ord537
ord6334
ord3092
ord4710
ord2379
ord755
ord470
ord2645
ord1199
ord4274
ord5290
ord3402
ord2023
ord3798
ord1576

msvcrt

_setmbcp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
exit
_acmdln

kernel32

FreeLibrary
GetStartupInfoA
GetModuleHandleA
CreateProcessA
GetModuleFileNameA
GetPrivateProfileStringA
LoadLibraryA
GetVersionExA
WaitForSingleObject
GetProcAddress
OpenProcess

user32

IsIconic
GetWindowThreadProcessId
GetClientRect
GetSystemMetrics
LoadIconA
SendMessageA
DrawIcon
FindWindowA
EnableWindow
PostMessageA

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/Utils/TechSet.exe
.exe windows:4 windows x86 arch:x86

50f2878b4a4bb99923a6d508e513db69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5731
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord2512
ord3922
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4274
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord324
ord2301
ord4234
ord6334
ord4710
ord2379
ord755
ord470
ord2645
ord6375
ord2554
ord4486
ord4376
ord4853
ord4441
ord1576

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__getmainargs
_except_handler3
_controlfp
exit
_XcptFilter
_acmdln
_onexit
__dllonexit
__CxxFrameHandler
_exit
_setmbcp

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetStartupInfoA
GetModuleHandleA

user32

GetClientRect
GetSystemMetrics
SendMessageA
EnableWindow
DrawIcon
IsIconic
LoadIconA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/data1.cab
网络教室xp/data1.hdr
网络教室xp/data2.cab
网络教室xp/engine32.cab
.cab
DotNetInstaller.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IKernel.dll
.dll regsvr32 windows:4 windows x86 arch:x86

70dd4a6079b9d7beb45bf56d685d4157

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
Sleep
CreateProcessA
lstrcmpA
CreateFileA
ReadFile
SetFilePointer
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
CompareStringA
CompareStringW
GetVersionExA
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
QueryPerformanceFrequency
CreateEventA
GetFileSize
GetFileTime
LoadLibraryExA
SearchPathA
FreeLibrary
WaitForSingleObject
GetDiskFreeSpaceA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetCurrentProcessId
GetVersion
GetPrivateProfileSectionA
GetShortPathNameA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
SetEvent
LockResource
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
RemoveDirectoryA
SetFileTime
GetCurrentProcess
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
OpenEventA
MoveFileA
ResetEvent
CloseHandle
DeleteFileA
GetPrivateProfileIntA
SetEndOfFile
CopyFileA
CreateDirectoryA
GetFileAttributesA
SetLastError
FindFirstFileA
lstrcmpiA
FindClose
FindNextFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
lstrlenA
GetLastError
LoadLibraryA
TerminateProcess
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
ExitProcess
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineA
ExitThread
TlsSetValue
GetCurrentThreadId
CreateThread
HeapFree
HeapAlloc
RaiseException
RtlUnwind
QueryPerformanceCounter
lstrcpynA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
GetCurrentThread
GetLocalTime
lstrcatA
InterlockedExchange
HeapSize
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
HeapReAlloc

user32

LoadStringA
wsprintfA
CharUpperA
GetDesktopWindow
PostThreadMessageA
PeekMessageA
CharLowerBuffA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
ExitWindowsEx
MsgWaitForMultipleObjects

advapi32

SetFileSecurityA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
RegEnumValueA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
GetFileSecurityA
IsValidSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegQueryValueA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
ProgIDFromCLSID
WriteClassStm
OleLoadFromStream
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
StringFromCLSID
CoLoadLibrary
CoCreateGuid
CLSIDFromString
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromGUID2
OleSaveToStream

oleaut32

LoadTypeLi
RegisterTypeLi
SafeArrayGetDim
SafeArrayCopy
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
VariantChangeType
LoadRegTypeLi
SysReAllocStringLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantCopyInd
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantClear
GetErrorInfo

rpcrt4

UuidFromStringA
UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 532KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISProBE9x.tlb
ISProBENT.tlb
IScript.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0cc1ac4e9a294bc7cb1e2f5b8df322d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
GetModuleHandleA
lstrlenW
GetModuleFileNameA
lstrcmpiA
HeapDestroy
CloseHandle
UnmapViewOfFile
ReadFile
CreateFileA
MultiByteToWideChar
CreateEventA
GetFileSize
FindClose
FindFirstFileA
GetFileAttributesA
WaitForSingleObject
SetEvent
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
SetEndOfFile
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
SetLastError
QueryPerformanceFrequency
GetLastError
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
WriteFile
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
GetWindowsDirectoryA
GetLocalTime
CompareStringA
CompareStringW
GetVersionExA
lstrcatA
MapViewOfFile
CreateFileMappingA
VirtualQuery
VirtualProtect
SearchPathA
lstrcpyA
lstrcpynA
ResetEvent
GetTickCount
QueryPerformanceCounter
SystemTimeToFileTime
RaiseException
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
HeapFree
HeapAlloc
ExitProcess
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue

user32

PostThreadMessageA
CharLowerBuffA
DispatchMessageA
wsprintfA
LoadStringA
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA

ole32

StringFromCLSID
CoCreateInstance
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
ProgIDFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantClear
GetErrorInfo
VariantCopy
SysStringByteLen
SysAllocStringByteLen
DispGetParam
VariantCopyInd
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SafeArrayDestroy
SysFreeString
SysStringLen
SysReAllocStringLen
VariantChangeType
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IUser.dll
.dll regsvr32 windows:4 windows x86 arch:x86

08e37d0ace54221e998c983fb88d4024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
HeapDestroy
GetTickCount
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
GetEnvironmentStringsW
lstrlenW
GetShortPathNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WriteFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
TerminateProcess
ExitProcess
HeapAlloc
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
RaiseException
HeapFree
GetCommandLineA
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
CreateFileMappingA
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
lstrcatA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
FreeEnvironmentStringsW
GlobalUnlock
WideCharToMultiByte
SetLastError
MultiByteToWideChar
lstrlenA
GetFileAttributesA
GetLastError
GetEnvironmentStrings
MapViewOfFile
GetFileSize
UnmapViewOfFile
SearchPathA
VirtualProtect
VirtualQuery
ReadFile
GetVersionExA
CompareStringW
CompareStringA
CloseHandle
CreateEventA
QueryPerformanceFrequency
CreateFileA
LocalFree
FormatMessageA
FindFirstFileA
Sleep
InterlockedExchange
GetCurrentProcessId
GetVersion
GetWindowsDirectoryA
GetLocalTime
FindClose

user32

wsprintfA
ScreenToClient
GetWindowRect
CopyRect
OffsetRect
DrawTextA
GetDlgCtrlID
GetDlgItemTextA
GetWindowDC
EnumChildWindows
IntersectRect
GetClassNameA
MessageBeep
BeginPaint
EndPaint
SendMessageA
UpdateWindow
GetWindow
SystemParametersInfoA
MapWindowPoints
CreateDialogIndirectParamA
GetWindowPlacement
ClientToScreen
GetSystemMetrics
SetFocus
SetDlgItemTextA
GetParent
InvalidateRect
DialogBoxParamA
GetSystemMenu
RemoveMenu
LoadStringA
AppendMenuA
GetClientRect
GetClassInfoExA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
CallWindowProcA
DefWindowProcA
CreateWindowExA
LoadIconA
ShowWindow
SetWindowRgn
IsIconic
DestroyWindow
GetDesktopWindow
EnableWindow
SetCapture
LoadCursorA
SetCursor
ReleaseCapture
SetWindowTextA
IsWindow
GetDC
ReleaseDC
GetWindowLongA
SetWindowLongA
SetWindowPos
MoveWindow
GetDlgItem
GetSysColor
FillRect
CharLowerBuffA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
BitBlt
DeleteDC
DeleteMetaFile
GetTextExtentPoint32A
GetStockObject
Rectangle
CreateRectRgn
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush
DeleteObject
SaveDC
SelectObject
SetBkMode
SetTextColor
TextOutA
RestoreDC
EnumFontFamiliesExA

advapi32

RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

ole32

StringFromCLSID
CoTaskMemFree
ProgIDFromCLSID

oleaut32

GetErrorInfo
CreateErrorInfo
SetErrorInfo
SysReAllocStringLen
SysStringLen
SysAllocStringLen
LoadRegTypeLi
SysAllocString
SysFreeString

winmm

sndPlaySoundA
mciSendCommandA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

61cdbca8ee8bf07c986e768398ee2479

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CopyFileA
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
SetLastError
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
CompareStringA
CompareStringW
GetShortPathNameA
CreateEventA
HeapDestroy
LoadLibraryA
lstrcatA
DeleteFileA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
GetCurrentProcessId
GetSystemDirectoryA
DebugBreak
HeapReAlloc
HeapFree
GetCurrentThread
GetVersion
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryExA
FreeLibrary
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
CreateProcessA
CloseHandle
Sleep
lstrlenA
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
lstrcmpiA
GetProcAddress
GetCurrentProcess

user32

WaitForInputIdle
CharUpperA
MessageBoxA
LoadStringA
PeekMessageA
MsgWaitForMultipleObjects
CharNextA
wsprintfA

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegOpenKeyExA

ole32

GetRunningObjectTable
CreateItemMoniker
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoReleaseMarshalData
ProgIDFromCLSID
CoMarshalInterThreadInterfaceInStream
CoLoadLibrary

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType
VariantCopy
LoadTypeLi
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LaunchSetup

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iKernel.rgs
objectps.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d00bdfbf9f57dcbb8a80a384e93f5c3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RtlUnwind

rpcrt4

NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
NdrPointerUnmarshall
NdrConvert
NdrProxySendReceive
NdrOleFree
NdrProxyGetBuffer
NdrSimpleStructBufferSize
RpcRaiseException
NdrProxyInitialize
NdrPointerFree
NdrPointerMarshall
NdrStubGetBuffer
NdrPointerBufferSize
NdrSimpleStructUnmarshall
NdrStubInitialize
NdrInterfacePointerMarshall
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerUnmarshall
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrSimpleStructMarshall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
网络教室xp/layout.bin
网络教室xp/setup.exe
.exe windows:4 windows x86 arch:x86

afc0ae393ac34d8f12ef0a6a57541b29

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

1e:d8:2f
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

06/08/2003, 21:02

Not After

05/08/2004, 21:02

Subject

CN=InstallShield Software Corporation,OU=Research and Development,O=InstallShield Software Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
VerInstallFileA

kernel32

LoadResource
FindResourceA
GetModuleHandleA
SetErrorMode
CreateDirectoryA
GetModuleFileNameA
CreateFileA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventA
CloseHandle
WriteFile
Sleep
ReadFile
FreeLibrary
RemoveDirectoryA
DeleteFileA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
SetEvent
OpenEventA
CreateProcessA
GetCurrentThreadId
LockResource
GetSystemInfo
HeapCreate
GetFileSize
lstrcpynA
lstrcatA
WritePrivateProfileStringA
FindClose
FindFirstFileA
SetFilePointer
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetSystemDefaultLangID
MoveFileA
HeapDestroy
FindResourceExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SizeofResource
FindNextFileA
lstrcmpA
GetVersion
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
VirtualQuery
VirtualProtect
SearchPathA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
GetCurrentProcess
GetCurrentThread
RtlUnwind
lstrcpyA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
CompareStringW
CompareStringA
WideCharToMultiByte
lstrlenA
GetLastError
SetLastError
lstrcmpiA
GetPrivateProfileIntA
GetPrivateProfileStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
HeapAlloc
IsBadReadPtr

user32

KillTimer
DestroyWindow
GetWindowTextA
SetTimer
SetWindowRgn
GetDesktopWindow
DialogBoxIndirectParamA
SetActiveWindow
ShowWindow
CharNextA
MoveWindow
GetDlgItem
SendMessageA
SetDlgItemTextA
LoadIconA
GetWindowRect
SystemParametersInfoA
SetWindowPos
wsprintfA
LoadStringA
MsgWaitForMultipleObjects
CharLowerBuffA
SetWindowTextA
MessageBoxA
PeekMessageA
CharUpperA
PostThreadMessageA
CreateDialogIndirectParamA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
EndDialog
ScreenToClient

gdi32

GetTextExtentPoint32A
LPtoDP
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

RegCreateKeyExA
GetTokenInformation
AllocateAndInitializeSid
OpenThreadToken
EqualSid
FreeSid
RegCloseKey
RegOpenKeyExA
RegSetValueExA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoTaskMemFree
StringFromGUID2
GetRunningObjectTable
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络教室xp/setup.ibt
网络教室xp/setup.ini
网络教室xp/setup.inx
网络教室xp/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

ec175680921a2715662de338b92377d1

Code Sign

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 13KB - Virtual size: 37KB

.rsrc Size: 401KB - Virtual size: 404KB

.reloc Size: 20KB - Virtual size: 20KB

b83464d8132ecd9f810820e192566e15

Code Sign

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

00aa430a2f5d9b50ba7d35b8699adf8b

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 22KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

b83464d8132ecd9f810820e192566e15

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8c
Certificate

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 13KB - Virtual size: 37KB

.rsrc
Size: 401KB - Virtual size: 404KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 676KB - Virtual size: 676KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 1.5MB - Virtual size: 1.6MB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 69KB - Virtual size: 72KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 723KB - Virtual size: 724KB

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8c
Certificate