2c8de6aeb20ba8f91dd90b83582c0908_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c8de6aeb20ba8f91dd90b83582c0908_JaffaCakes118
Size

9.0MB
MD5

2c8de6aeb20ba8f91dd90b83582c0908
SHA1

48500a8ed49beac04f6fa9f73d5e8986252a15f5
SHA256

1ee348b89e4f51863de19aada36ffac28f07afe624faf180427e549d182eb079
SHA512

45cfbacaa7f975be90c39de4e1e72737068eaad90df45aa70ae6d87ee97af4a3f5f857bb559ce9b1c67d2b105aa5a1c3b221f016912c8f7cbc33d37a66317995
SSDEEP

196608:nrJM/zgGu1KhZtta/yuoGGL+p/xZF+rDTqwXJwbPIMlTWhZ3+:nrJEVjf3a/XUap/XI7ZUp+R+

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ASYCFILT.DLL
unpack002/COMCAT.DLL
unpack002/MCICHS.DLL
unpack002/MSVBVM60.DLL
unpack002/MSVCRT.DLL
unpack002/OLEAUT32.DLL
unpack002/OLEPRO32.DLL
unpack002/SCRRNCHS.DLL
unpack002/SCRRUN.DLL
unpack002/SETUP1.EXE
unpack002/ST6UNST.EXE
unpack002/STDOLE2.TLB
unpack002/VB6CHS.DLL
unpack002/VB6STKIT.DLL
unpack002/browser_com.exe
unpack002/choose_ys.exe
unpack002/exam_com.exe
unpack002/juzi_com.exe
unpack002/listentest_com.exe
unpack002/login.exe
unpack002/main_ys1.exe
unpack002/write_com.exe
unpack001/mstts.exe
unpack001/setup.exe

Files

2c8de6aeb20ba8f91dd90b83582c0908_JaffaCakes118
.rar
Setup.Lst
main_ys1.CAB
.cab
900_1.dat
ASYCFILT.DLL
.dll windows:4 windows x86 arch:x86

390ef37875e351d87137c1d1bddb9a0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

ReleaseStgMedium

user32

UnionRect

gdi32

CreateSolidBrush
SetDIBits
SetMapMode
DeleteObject
PatBlt
GetCurrentObject
SelectObject
SetStretchBltMode
GetObjectA
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor
SelectPalette
SetDIBitsToDevice
StretchDIBits

kernel32

TlsGetValue
GetCPInfo
GetACP
GetModuleFileNameA
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
lstrlenA
GlobalDeleteAtom
GlobalAddAtomA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LoadLibraryA
FlushFileBuffers
SetFilePointer
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CloseHandle
SetStdHandle
ReadFile

Exports

Exports

DllCanUnloadNow
FilterCreateInstance

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
COMCAT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ole32

StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

kernel32

GetModuleFileNameA
lstrlenA
GlobalAlloc
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
GetUserDefaultLCID
IsBadWritePtr
GlobalFree

user32

wsprintfA

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCI32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

13fa0cf96dc804ea3f3d2f71b1bcf4aa

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

winmm

mciGetErrorStringA
sndPlaySoundA
mciSendCommandA

kernel32

CompareStringW
GlobalSize
lstrcmpA
CompareStringA
LockResource
FindResourceA
LoadResource
InterlockedDecrement
GetLastError
HeapReAlloc
GetLocaleInfoA
InterlockedIncrement
GetProcAddress
GetModuleFileNameA
LoadLibraryA
GetWindowsDirectoryA
GetVersion
lstrcatA
lstrcpynA
GlobalAlloc
DisableThreadLibraryCalls
GlobalFree
lstrcpyA
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetFileAttributesA
lstrcmpiA
lstrlenA
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
GetTickCount
lstrlenW
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap

user32

ReleaseCapture
SetCursorPos
MapWindowPoints
ScreenToClient
GetClipboardFormatNameA
IsChild
InvalidateRect
UpdateWindow
GetActiveWindow
DialogBoxParamA
GetKeyState
CreateDialogIndirectParamA
SetTimer
EnableWindow
GetClientRect
IsWindowEnabled
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
EndDialog
GetWindowLongA
SetWindowPos
CreateWindowExA
SetWindowLongA
GetParent
CallWindowProcA
GetDlgCtrlID
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
PtInRect
SetWindowRgn
EndDeferWindowPos
EqualRect
ClientToScreen
DeferWindowPos
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
CharNextA
BeginDeferWindowPos
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
RegisterClipboardFormatA
MessageBoxA
wsprintfA
PostMessageA
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
GetCursorPos
IsWindow
ShowWindow
SetCursor
IsWindowVisible
LoadIconA
CopyRect
GetSysColor
DrawIcon
OffsetRect
GetFocus
InflateRect
DrawFocusRect
DefWindowProcA
SetFocus
SendMessageA
FillRect
LoadCursorA
RegisterClassA
KillTimer
LoadStringA
GetWindowRect
GetDC
IntersectRect

ole32

CreateOleAdviseHolder
RevokeDragDrop
CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
OleSaveToStream
OleLoadFromStream
DoDragDrop
CoCreateInstance
CoTaskMemAlloc

advapi32

RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantCopyInd
VariantCopy
VariantInit
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
VariantChangeType
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
GetErrorInfo
LoadRegTypeLi
OleLoadPicture
SysAllocStringLen
OleTranslateColor
OleCreatePictureIndirect
VariantClear
SysFreeString
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SetViewportOrgEx
SetMapMode
SetWindowExtEx
DeleteDC
StretchBlt
GetNearestColor
SetViewportExtEx
GetBitmapBits
CreateDIBitmap
CreatePalette
SelectPalette
RealizePalette
GetObjectA
GetPaletteEntries
CreateBitmap
GetDIBits
CopyMetaFileA
CreateDCA
CopyEnhMetaFileA
GetObjectType
DeleteObject
SetWindowOrgEx
GetStockObject
PatBlt
CreateSolidBrush
SelectObject
GetDeviceCaps
RoundRect
GetViewportExtEx
GetWindowExtEx
LPtoDP
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCICHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

479485184984aadb89b6e8cf253117e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

LockFile
UnlockFile
TerminateProcess
MoveFileA
HeapSize
SetHandleCount
GetStdHandle
FlushFileBuffers
GetACP
lstrlenA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetTempFileNameA
lstrcpynA
_lclose
_llseek
CreateDirectoryA
RemoveDirectoryA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
HeapAlloc
HeapFree
ExitThread
CreateThread
GetTimeZoneInformation
SetEnvironmentVariableA
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
CreateProcessW
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
GetShortPathNameA
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
MultiByteToWideChar
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetCurrentProcessId
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
FreeLibrary
GetLocaleInfoA
GetCPInfo
GetOEMCP

user32

DdeAbandonTransaction
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
keybd_event
VkKeyScanW
SetWindowsHookExW
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
MessageBoxIndirectA
DialogBoxParamA
EnumThreadWindows
GetLastActivePopup
SetActiveWindow
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
GetKeyboardLayout
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
DdeClientTransaction
DdeGetData
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetParent
GetFocus
GetSystemMenu
CallNextHookEx
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeConnect
DdePostAdvise
DdeDisconnect
DdeCreateStringHandleA
DdeSetUserHandle
DdeNameService
DdeFreeStringHandle
DdeUninitialize
DdeInitializeA
DdeFreeDataHandle
DdeQueryConvInfo
DdeQueryStringA
DrawFrameControl
SetScrollRange
SetScrollPos
IsClipboardFormatAvailable
LockWindowUpdate
CharLowerBuffA
OpenClipboard
SetClipboardData
GetClipboardData
GetCaretBlinkTime
EmptyClipboard
CloseClipboard
CreateCaret
SetCaretPos
GetWindowTextLengthA
DestroyCaret
ShowCaret
HideCaret
DrawTextExA
GetScrollPos
GetClipboardFormatNameA
SetWindowRgn
ToAscii
GetScrollInfo
DestroyAcceleratorTable
ShowScrollBar
SetMenuItemInfoA
SetScrollInfo
GetMenuItemInfoA
GetQueueStatus
SetKeyboardState
GetKeyboardState
TrackPopupMenu
GetDoubleClickTime
SetWindowContextHelpId
DeleteMenu
SetMenuDefaultItem
DrawMenuBar
GetMenuItemID
InsertMenuA
GetSubMenu
CreateMenu
GetMenu
SetMenu
BeginDeferWindowPos
ModifyMenuA
CheckMenuItem
PostThreadMessageA
EndDeferWindowPos
DeferWindowPos
VkKeyScanA
CharLowerA
GetMenuState
DrawIcon
IsCharAlphaA
LoadIconA
GetClassInfoExA
CreateAcceleratorTableA

gdi32

UnrealizeObject
CreatePen
SetBkColor
CreateSolidBrush
DeleteObject
SetTextColor
CreatePatternBrush
CreateBitmap
ExtTextOutA
SelectObject
SetBkMode
GetBitmapBits
GetObjectA
GetTextExtentPointA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
OffsetRgn
PtInRegion
CreatePalette
SelectPalette
SelectClipRgn
OffsetWindowOrgEx
IntersectClipRect
DeleteDC
BitBlt
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
EndPage
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateHatchBrush

advapi32

ReportEventA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleCreateLinkToFile
CoTaskMemFree
BindMoniker
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
CoTaskMemAlloc
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad

oleaut32

VariantInit
OleTranslateColor
OleCreatePropertyFrame
SysAllocString
SysFreeString
VariantClear
OleCreatePictureIndirect
SysStringLen
OleCreateFontIndirect
OaBuildVersion
SysAllocStringLen
SysAllocStringByteLen
SetErrorInfo
CreateErrorInfo
VariantChangeType
DispGetParam
LoadTypeLi
GetErrorInfo
LoadRegTypeLi
RegisterTypeLi
SysStringByteLen
UnRegisterTypeLi
LHashValOfNameSys
LoadTypeLibEx
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreate
OleLoadPicture
SafeArrayGetDim
VariantCopy
VariantCopyInd
SafeArrayDestroy
VariantChangeTypeEx
CreateDispTypeInfo
SafeArrayDestroyData
DispInvoke
SafeArrayGetUBound
DispGetIDsOfNames
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayCopy
OleIconToCursor
SafeArrayRedim
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
RevokeActiveObject
SafeArrayLock
SafeArrayUnlock
SafeArrayAllocData
SysReAllocStringLen
GetActiveObject
VarDateFromStr
VarCyFromI4
VarR8FromStr
VarBstrFromI4
VarBstrFromR4
VarBstrFromI2
VarBstrFromDate
VarBstrFromCy
VarBstrFromR8
VarI4FromStr
VarI4FromR8
VarI2FromStr
VarCyFromStr
VarR4FromStr
LHashValOfNameSysA
SysReAllocString

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSVCRT.DLL
.dll windows:4 windows x86 arch:x86

8d26773106ed39fbb89a157d19d8aa89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcsupr

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OLEAUT32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

354f0e4993e3e3b9ed42e25935d15ead

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

StgCreateDocfileOnILockBytes
WriteClassStg
WriteFmtUserTypeStg
ReadClassStg
MkParseDisplayName
StgCreateDocfile
CreateBindCtx
CoCreateInstance
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoSetState
ReleaseStgMedium
CoGetClassObject
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
CoGetMalloc
CLSIDFromString
CoUnmarshalInterface
CoMarshalInterface
CoUnmarshalHresult
CoMarshalHresult

user32

RegisterClassA
RegisterClipboardFormatA
GetClassInfoA
CreateWindowExA
PostMessageA
RegisterWindowMessageA
GetWindowLongA
IsWindow
DestroyWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
GetSysColor
SetWindowLongA
SetFocus
SetActiveWindow
GetActiveWindow
PostQuitMessage
DispatchMessageW
GetMessageW
SendMessageA
EnableWindow
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDlgItem
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetDC
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpW
wsprintfA
wsprintfW
DestroyIcon
CreateIcon
CreateCursor
DrawIcon
GetSystemMetrics
GetIconInfo
CopyIcon
CopyImage

gdi32

IntersectClipRect
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SaveDC
GetTextExtentPointA
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType
GetStockObject
SelectPalette
RealizePalette
StretchBlt
GetDIBits
StretchDIBits
GetObjectA
GetBitmapDimensionEx
GetEnhMetaFileHeader
SetMetaFileBitsEx
CreateBitmap
PatBlt
DeleteEnhMetaFile
DeleteMetaFile
GetDeviceCaps
SelectObject
GetTextMetricsW
GetTextMetricsA
GetTextFaceW
GetTextFaceA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject
GetPaletteEntries

kernel32

CreateThread
_lread
GetStringTypeExA
GetStringTypeExW
SetEnvironmentVariableA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
VirtualAlloc
HeapSize
HeapReAlloc
RaiseException
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThreadId
TerminateProcess
ExitProcess
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
GetCommandLineA
SetErrorMode
GetLocalTime
MultiByteToWideChar
LeaveCriticalSection
GetProcAddress
LoadLibraryA
EnterCriticalSection
CloseHandle
Sleep
CreateEventA
TerminateThread
WaitForMultipleObjects
SetEvent
FreeLibrary
SetThreadPriority
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
InterlockedExchange
GetModuleHandleA
GetLastError
GetCurrentProcess
TlsGetValue
GetSystemDefaultLCID
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetSystemDirectoryA
WideCharToMultiByte
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
GlobalReAlloc
GetLocaleInfoW
IsBadWritePtr
IsBadReadPtr
GetVersion
IsDBCSLeadByte
MulDiv
LockResource
LoadResource
FindResourceA
_lclose
GetDriveTypeA
_lwrite
_llseek
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
MapViewOfFile
GlobalDeleteAtom
GlobalAddAtomA
lstrlenW
GetDriveTypeW
CreateFileMappingA
CreateFileA
CreateFileW
lstrcmpiA
UnmapViewOfFile
TlsFree
GetSystemInfo
GetFileSize
TlsAlloc
GetFullPathNameA
TlsSetValue
SearchPathA
SetLastError

advapi32

RegOpenKeyW
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegFlushKey
RegQueryValueW
RegSetValueA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCloseKey

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
GetVarConversionLocaleSetting
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SetVarConversionLocaleSetting
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UserBSTR_free_inst
UserBSTR_free_local
UserBSTR_from_local
UserBSTR_to_local
UserEXCEPINFO_free_inst
UserEXCEPINFO_free_local
UserEXCEPINFO_from_local
UserEXCEPINFO_to_local
UserHWND_free_inst
UserHWND_free_local
UserHWND_from_local
UserHWND_to_local
UserMSG_free_inst
UserMSG_free_local
UserMSG_from_local
UserMSG_to_local
UserVARIANT_free_inst
UserVARIANT_free_local
UserVARIANT_from_local
UserVARIANT_to_local
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyInt
VarCyMul
VarCyMulI4
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 544KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OLEPRO32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

f5ccf8bf224eb9ec83fbb805c335d308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
InitializeCriticalSection
GetModuleHandleA
GlobalAddAtomA
DeleteCriticalSection
lstrlenW
GlobalHandle
GlobalDeleteAtom
GlobalReAlloc
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
MulDiv
LeaveCriticalSection
GetProcAddress
GetVersion
GetLocaleInfoA
GetStringTypeW
GetLocaleInfoW
GetStringTypeA
VirtualAlloc
LCMapStringA
LCMapStringW
InterlockedIncrement
GetLastError
WriteFile
VirtualFree
IsDBCSLeadByte
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
HeapDestroy
GetEnvironmentStringsW
HeapCreate
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetCPInfo
GetOEMCP
GetStartupInfoA
GetFileType
GetModuleFileNameA
SetHandleCount
GetStdHandle
TlsFree
TlsAlloc
TlsGetValue
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
ExitProcess
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
WideCharToMultiByte
LoadLibraryA
HeapAlloc
RtlUnwind
HeapFree
TerminateProcess
GetCommandLineA
InterlockedDecrement

user32

RegisterClipboardFormatA
GetKeyState
ReleaseDC
IsWindowUnicode
GetWindowLongA
GetSysColor
SetWindowLongA
SetActiveWindow
DestroyWindow
SetFocus
PostMessageA
GetActiveWindow
PostQuitMessage
TranslateMessage
DispatchMessageA
DispatchMessageW
SendMessageA
GetMessageW
GetMessageA
IsWindow
EnableWindow
GetParent
GetWindowTextA
GetFocus
CharNextA
GetDlgItem
CharLowerA
SendMessageW
GetClientRect
GetDialogBaseUnits
GetDC
wsprintfA
GetTopWindow
WinHelpW
CreateIcon
wsprintfW
DestroyIcon
GetSystemMetrics
CreateCursor
DrawIcon
CopyImage
GetIconInfo
CopyIcon

gdi32

SetViewportOrgEx
SetBkColor
SetStretchBltMode
GetBitmapBits
DeleteEnhMetaFile
SetEnhMetaFileBits
GetTextExtentPointA
GetPaletteEntries
DeleteMetaFile
CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetTextFaceW
GetTextMetricsA
GetTextFaceA
SelectObject
GetDeviceCaps
GetTextMetricsW
CreateBitmap
SetMetaFileBitsEx
PatBlt
GetBitmapDimensionEx
GetObjectA
GetEnhMetaFileHeader
GetDIBits
StretchBlt
StretchDIBits
SelectPalette
GetStockObject
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
SetWindowExtEx
SetTextColor
SetMapMode
SetWindowOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType

ole32

CoCreateInstance
CoGetMalloc
StringFromGUID2
StgCreateDocfile
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium

advapi32

RegFlushKey
RegQueryValueW
RegCloseKey
RegSetValueA
RegCreateKeyA
RegOpenKeyW
RegOpenKeyA

oleaut32

VariantChangeType
SysAllocString
VariantClear
LoadTypeLi
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SCRRNCHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SCRRUN.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

76c11ecf1003000e53224ed1abb74067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
IsTextUnicode
RegOpenKeyExA
RegCloseKey

kernel32

GetFullPathNameW
FindNextFileW
GetLastError
FindFirstFileW
GetFileAttributesW
FindClose
GetShortPathNameW
GetDriveTypeW
CloseHandle
CreateFileW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
MoveFileW
CopyFileW
CreateDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
LeaveCriticalSection
CompareStringA
EnterCriticalSection
lstrcatW
lstrcpyW
FindNextFileA
FindFirstFileA
GetFileAttributesA
GetFullPathNameA
GetShortPathNameA
GetDriveTypeA
CreateFileA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
MoveFileA
CopyFileA
CreateDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrcatA
lstrcpyA
GetVersion
GetUserDefaultLCID
LCMapStringW
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
SetLastError
CompareStringW
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetProcAddress
LoadLibraryA
GetTickCount
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenA
GetLocaleInfoA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetVolumeInformationA
GetVolumeInformationW
SetErrorMode
SetVolumeLabelA
SetVolumeLabelW
GetLogicalDrives
ReadFile
PeekNamedPipe
WriteFile
WriteConsoleW
SetFilePointer
GetFileInformationByHandle
GetFileType
GetStdHandle

user32

CharNextA
wsprintfA
LoadStringA

ole32

CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoGetMalloc
StringFromCLSID

oleaut32

SysStringLen
VarCyFromR4
UnRegisterTypeLi
VarCyFromI4
SysReAllocStringLen
VarR4FromCy
VarDecFromI4
VarR4FromDec
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
VariantClear
VariantCopy
LoadRegTypeLi
SysAllocStringLen
SysFreeString
LHashValOfNameSysA
LHashValOfNameSys
SysAllocString
LoadTypeLi
VariantChangeTypeEx
VarCyFromR8
LoadTypeLibEx

msvcrt

??2@YAPAXI@Z
wcscmp
_purecall
malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
rand
strncpy
srand
_mbsicmp
_mbsnbicmp
_mbsnbcpy
isalpha
_mbctolower
_mbctoupper
_mbsdec
_ismbblead
_itow
_wcsicmp
_wcsnicmp
??3@YAXPAX@Z
wcsncpy
iswalpha
towlower
towupper
_itoa
memmove
sprintf
wcscpy
free
wcslen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP1.EXE
.exe windows:4 windows x86 arch:x86

4d509ffe740b37c7b6ce748642da3704

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTextTstLe
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaGosubReturn
ord588
__vbaStrVarMove
__vbaLenBstr
ord589
ord697
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaVarTextTstEq
__vbaSetSystemError
__vbaRecDestruct
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord667
__vbaAryDestruct
__vbaLateMemSt
ord669
__vbaForEachCollObj
__vbaBoolStr
__vbaExitProc
__vbaFileCloseAll
ord595
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord597
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaForEachCollVar
__vbaStrTextCmp
ord523
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
__vbaVarCmpGt
__vbaLateMemStAd
__vbaNextEachCollObj
ord632
ord525
__vbaVarZero
__vbaChkstk
__vbaGosubFree
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaCyI2
ord529
__vbaCyI4
__vbaObjVar
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaVarTextTstNe
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaVarTextCmpEq
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaGosub
ord607
__vbaI2Str
__vbaVarDiv
ord530
ord608
ord531
__vbaFPException
__vbaInStrVar
ord532
ord717
__vbaStrVarVal
__vbaUbound
ord533
ord534
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord644
ord537
ord645
_CIlog
ord646
__vbaErrorOverflow
__vbaFileOpen
ord647
ord648
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
ord576
__vbaDerefAry1
__vbaVarTextTstGt
_adj_fdivr_m32
__vbaPowerR8
ord577
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
ord651
__vbaVarTextCmpNe
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ST6UNST.EXE
.exe windows:4 windows x86 arch:x86

2c2a74fe0776f6aac245ba9e8eeec7c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
ReadFile
LocalFree
SetFilePointer
LocalAlloc
GlobalDeleteAtom
Sleep
GlobalAddAtomA
GlobalFree
GlobalAlloc
IsDBCSLeadByte
GlobalLock
GlobalFindAtomA
CompareStringA
WideCharToMultiByte
WriteFile
CloseHandle
GetWindowsDirectoryA
OpenProcess
GetVersion
FreeLibrary
RemoveDirectoryA
GetLastError
DeleteFileA
FindFirstFileA
FindClose
lstrlenA
lstrcpyA
lstrcatA
lstrcmpA
lstrcpynA
MultiByteToWideChar
CreateProcessA
WaitForSingleObject
SetErrorMode
GetCurrentDirectoryA
OutputDebugStringA
LoadLibraryA
GetProcAddress
GetFileAttributesA
GlobalUnlock
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
IsBadCodePtr
FreeEnvironmentStringsW
FreeEnvironmentStringsA
lstrcmpiA
GetModuleFileNameA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
TerminateProcess
ExitProcess
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

PackDDElParam
SendMessageA
DispatchMessageA
DefWindowProcA
CharNextA
DestroyWindow
UnregisterClassA
CreateWindowExA
RegisterClassA
wsprintfA
UnpackDDElParam
LoadStringA
LoadIconA
LoadCursorA
MessageBoxA
wvsprintfA
TranslateMessage
GetMessageA
SetCursor
ShowCursor
SetDlgItemTextA
SetWindowLongA
EndDialog
GetDlgItem
SetFocus
DialogBoxParamA
UpdateWindow
SetWindowTextA
InvalidateRect
CharUpperA
CharPrevA
BeginPaint
GetClientRect
DrawTextA
SetRect
EndPaint
PostQuitMessage
GetSystemMenu
EnableMenuItem
CreateDialogParamA
GetWindowRect
GetSystemMetrics
SetWindowPos
ShowWindow
PostMessageA
PeekMessageA
FillRect
SetClassLongA

gdi32

CreateSolidBrush
SetROP2
Rectangle
SelectObject
SetTextColor
SetBkMode
GetStockObject
GetTextMetricsA
ExtTextOutA
CreateFontIndirectA
DeleteObject

advapi32

RegOpenKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize

oleaut32

LoadTypeLi

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
STDOLE2.TLB
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VB6CHS.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VB6STKIT.DLL
.dll windows:4 windows x86 arch:x86

04b9c2e7c9382d2e610aaad198ba3446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DispatchMessageA
CharPrevA
PeekMessageA
wsprintfA
CharNextA
LoadStringA
MessageBoxA
TranslateMessage

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

ole32

CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize

oleaut32

LoadTypeLi
RegisterTypeLi

kernel32

DeleteFileA
GetVersion
GetStringTypeW
GetStringTypeA
GetLastError
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileAttributesA
GetCPInfo
FreeEnvironmentStringsA
VirtualAlloc
HeapReAlloc
GetLocaleInfoW
FlushFileBuffers
CompareStringW
GetOEMCP
FreeEnvironmentStringsW
HeapCreate
lstrcatA
lstrcpyA
lstrcmpiA
lstrlenA
OutputDebugStringA
CopyFileA
OpenFile
Sleep
lstrcpynA
WriteFile
CloseHandle
SetFilePointer
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentDirectoryA
SetErrorMode
LocalFree
LocalUnlock
LocalLock
LocalAlloc
SetFileTime
GetFileTime
GetWindowsDirectoryA
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
VirtualFree
GetModuleFileNameA
HeapDestroy
GetCommandLineA
GetACP
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindFirstFileA
GetFileType
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
ReadFile
SetEnvironmentVariableA
SetCurrentDirectoryA
GetStdHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetEndOfFile
SetHandleCount
InitializeCriticalSection
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFullPathNameA
InterlockedDecrement
InterlockedIncrement

Exports

Exports

AbortAction
AddActionNote
ChangeActionKey
CommitAction
DLLSelfRegister
DisableLogging
EnableLogging
ExtractFileFromCab
GetClsidFromActXFile
LogConfig
LogError
LogNote
LogWarning
NewAction
RegisterTLB
SyncShell
_SetTime@8
fCreateShellLink
fRemoveShellLink
fWithinAction

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VTXTAUTO.TLB
browser_com.exe
.exe windows:4 windows x86 arch:x86

154fc4f3d430a217523e78d9386055f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarForInit
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrCompVar
__vbaGetOwner3
__vbaStrVarVal
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarMod
__vbaVarCopy
ord617
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c1.dat
c2.dat
c3.dat
c4.dat
choose_ys.exe
.exe windows:4 windows x86 arch:x86

0cd8c7ca2787b571b7cd4243337b5479

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaLineInputVar
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaI4Abs
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaVarTstLt
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner3
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaGetOwner3
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaVarDup
ord613
__vbaVarMod
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
exam_com.exe
.exe windows:4 windows x86 arch:x86

5b0b17e799db70c3760be86154975b12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaVarFix
_adj_fprem1
__vbaStrCat
ord552
ord553
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord593
__vbaVarForInit
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrCompVar
__vbaStrVarVal
__vbaGetOwner3
ord535
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarMod
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord542
ord543
_allmul
ord544
ord545
_CItan
ord546
__vbaFPInt
ord547
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
juzi_com.exe
.exe windows:4 windows x86 arch:x86

218dab84a7455ab846805ae3daf541ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarForInit
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaStrVarVal
__vbaGetOwner3
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarMod
__vbaVarCopy
ord617
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
listentest_com.exe
.exe windows:4 windows x86 arch:x86

203f4f5e07581f7a5fb3fa40c9337498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
ord516
__vbaVarFix
_adj_fprem1
__vbaStrCat
ord552
ord553
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarCmpGe
ord593
__vbaVarForInit
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrCompVar
__vbaGetOwner3
__vbaStrVarVal
ord535
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarMod
__vbaFpI4
__vbaVarTstGe
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord542
ord543
_allmul
ord544
ord545
_CItan
ord546
__vbaFPInt
ord547
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
login.exe
.exe windows:4 windows x86 arch:x86

6706734ae035316cd980a16ae20f0545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaStrVarMove
ord588
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaLineInputVar
ord516
__vbaVarFix
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
ord552
ord553
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarForInit
ord593
__vbaI4Abs
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
ord522
__vbaBoolVarNull
_CIsin
ord524
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrVarVal
ord535
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVarMod
__vbaVarCopy
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
ord542
ord543
ord650
_allmul
ord544
ord545
_CItan
ord546
ord547
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
login.ini
main_ys1.exe
.exe windows:4 windows x86 arch:x86

9ee1573733a73a1ae5c1d866d0c27266

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarLateMemSt
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
write_com.exe
.exe windows:4 windows x86 arch:x86

5b0b17e799db70c3760be86154975b12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaVarFix
_adj_fprem1
__vbaStrCat
ord552
ord553
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord593
__vbaVarForInit
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaStrCompVar
__vbaStrVarVal
__vbaGetOwner3
ord535
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVarMod
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord542
ord543
_allmul
ord544
ord545
_CItan
ord546
__vbaFPInt
ord547
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mstts.exe
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:4 windows x86 arch:x86

e0645631469507a53fff2b011b90023d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStockObject
SetTextColor
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SetBkColor
SelectObject
GetTextMetricsA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

user32

MessageBoxA
UpdateWindow
UnregisterClassA
GetWindowLongA
PeekMessageA
CharNextA
DispatchMessageA
DestroyWindow
PostMessageA
PackDDElParam
CharPrevA
SetWindowTextA
BeginPaint
GetClientRect
EndPaint
DrawTextA
OffsetRect
IsWindow
PostQuitMessage
FindWindowA
GetSystemMetrics
ShowCursor
GetDC
ShowWindow
MoveWindow
ReleaseDC
BringWindowToTop
GetMessageA
TranslateMessage
wvsprintfA
SetFocus
InvalidateRect
LoadStringA
LoadCursorA
LoadIconA
UnpackDDElParam
ExitWindowsEx
wsprintfA
CreateWindowExA
DefWindowProcA
RegisterClassA
SendMessageA

comdlg32

GetOpenFileNameA

advapi32

AdjustTokenPrivileges
RegEnumKeyExA
OpenProcessToken
RegCloseKey
LookupPrivilegeValueA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA

ole32

CoUninitialize
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantChangeTypeEx
VariantClear
VariantTimeToSystemTime
RegisterTypeLi
LoadTypeLi

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerInstallFileA

kernel32

OpenFile
GlobalFree
CloseHandle
GetCPInfo
SetFilePointer
LCMapStringA
GetCurrentProcessId
LCMapStringW
VirtualFree
HeapCreate
VirtualAlloc
SetStdHandle
GetStdHandle
HeapDestroy
SetEndOfFile
GetCommandLineA
SetHandleCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetStartupInfoA
GetLocalTime
GetSystemTime
SetEnvironmentVariableA
HeapFree
HeapAlloc
GetTimeZoneInformation
ExitProcess
FileTimeToLocalFileTime
TerminateProcess
GetFileType
FileTimeToSystemTime
GetFileAttributesA
RemoveDirectoryA
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
HeapReAlloc
CreateFileA
LocalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetModuleHandleA
GetDriveTypeA
SetFileTime
LoadLibraryA
GetProcAddress
GetExitCodeProcess
FlushFileBuffers
CompareStringW
GetStringTypeW
GetStringTypeA
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
LocalAlloc
GlobalDeleteAtom
_lread
_lwrite
_lclose
GetFileSize
GetPrivateProfileStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
lstrcatA
lstrcpyA
lstrlenA
lstrcmpiA
OutputDebugStringA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
FindClose
Sleep
IsDBCSLeadByte
WriteFile
FindFirstFileA
GetFullPathNameA
FreeLibrary
SetErrorMode
LocalLock
MoveFileExA
GlobalAddAtomA
CreateProcessA
GlobalAlloc
lstrcpynA
GlobalUnlock
GlobalLock
GlobalFindAtomA
CompareStringA
GetShortPathNameA
GetTempPathA
MoveFileA
DeleteFileA
ReadFile
GetTempFileNameA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
LocalUnlock

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
spchapi.exe
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Code Sign

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

10:47:36:cd:35:24:07:d2:1a:09:3a:95:1f:ac:c1:8c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

10/05/1997, 00:00

Not After

10/05/1998, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/CPS Incorp. by Ref.\,LIAB.LTD(c)96+OU=Digital ID Class 3 - Microsoft Software Validation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 545KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
安装说明.txt

Sharing

General

Malware Config

Signatures

Files

390ef37875e351d87137c1d1bddb9a0a

Headers

File Characteristics

Imports

ole32

user32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 5KB

5316dd1ba7417f578451f902c4b4f845

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 1024B - Virtual size: 906B

13fa0cf96dc804ea3f3d2f71b1bcf4aa

Code Sign

Signer

Headers

File Characteristics

Imports

winmm

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 7KB - Virtual size: 6KB

Headers

File Characteristics

Sections

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 12B

479485184984aadb89b6e8cf253117e6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

ENGINE Size: 56KB - Virtual size: 52KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 196KB - Virtual size: 195KB

.reloc Size: 64KB - Virtual size: 61KB

8d26773106ed39fbb89a157d19d8aa89

.text
Size: 100KB - Virtual size: 96KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 1024B - Virtual size: 906B

.text
Size: 94KB - Virtual size: 93KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.0MB - Virtual size: 1.0MB

ENGINE
Size: 56KB - Virtual size: 52KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 64KB - Virtual size: 61KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 28KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 544KB - Virtual size: 541KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 676B

.reloc
Size: 32KB - Virtual size: 29KB

.text
Size: 108KB - Virtual size: 106KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 28B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB