31ae3c1153fc3f20f19b2b9fe9361f93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31ae3c1153fc3f20f19b2b9fe9361f93_JaffaCakes118
Size

3.1MB
MD5

31ae3c1153fc3f20f19b2b9fe9361f93
SHA1

73cd8f457abb397d2f1d429f795c0418f9cc55d0
SHA256

d788ea67f67c518fdba566edc723d4d1317923adc570a1893d2e0a66d435b763
SHA512

66f0574211c09b77b6e40019f594517c0f8be98ce8ab4fc1e3295df228252f58a4672e4b5e51284d8244f0e8f9304173ec5ab57bb7229897a806469b352b3996
SSDEEP

98304:WMnG4eHBGzcsUCnWas16Z/w2pui4OC9mKfIWfxSoN8/X:WMG40G37s16Z/w2pui4VrFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/完美卸载/ActionUP.exe
unpack001/完美卸载/ActiveDll.dll
unpack001/完美卸载/CheckTrust.dll
unpack001/完美卸载/CleanFav.exe
unpack001/完美卸载/CleanShortCuts.exe
unpack001/完美卸载/DiskDrag.exe
unpack001/完美卸载/FileWipe.exe
unpack001/完美卸载/ForceKiller.exe
unpack001/完美卸载/FormatDisk.exe
unpack001/完美卸载/GetHardInfo.exe
unpack001/完美卸载/IeRepair.exe
unpack001/完美卸载/RsScan.exe
unpack001/完美卸载/ScanEngine.dll
unpack001/完美卸载/SkinPlusPlus.dll
unpack001/完美卸载/SysSec.exe
unpack001/完美卸载/UnKill.exe
unpack001/完美卸载/UnZip.exe
unpack001/完美卸载/WipeDisk.exe
unpack001/完美卸载/WipeShell.dll
unpack001/完美卸载/WmKillDrv.sys
unpack001/完美卸载/WmVirualDisk.sys
unpack001/完美卸载/msvcp60.dll

Files

31ae3c1153fc3f20f19b2b9fe9361f93_JaffaCakes118
.rar
完美卸载/ADS.CFG
完美卸载/Action.inf
完美卸载/ActionUP.exe
.exe windows:4 windows x86 arch:x86

36d19efdcb373fc81ccbd035dfec0258

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord686
ord693
ord2514
ord2621
ord1134
ord800
ord3790
ord1105
ord823
ord2764
ord4202
ord6907
ord3998
ord858
ord537
ord535
ord2818
ord540
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5163
ord3262
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3370
ord4627
ord3640
ord1146
ord1168
ord567
ord384
ord324
ord2302
ord4234
ord3996
ord2862
ord2096
ord4710
ord2379
ord755
ord470
ord6215
ord3663
ord2448
ord5710
ord4129
ord6929
ord6927
ord860
ord665
ord354
ord2044
ord5834
ord5450
ord6394
ord5440
ord6383
ord541
ord801
ord5861
ord6143
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6374
ord4673
ord1576

msvcrt

__p___argc
_mbsicmp
rename
_mbscmp
_setmbcp
__dllonexit
_onexit
_controlfp
_exit
_XcptFilter
exit
_acmdln
sprintf
__CxxFrameHandler
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
strrchr

kernel32

CloseHandle
MoveFileExA
DeleteFileA
WinExec
TerminateProcess
OpenProcess
GetProcAddress
LoadLibraryA
Module32First
CreateToolhelp32Snapshot
GetVersionExA
Process32Next
GetPriorityClass
Process32First
FreeLibrary
GetModuleHandleA
GetStartupInfoA
Module32Next
GetModuleFileNameA

user32

EnableWindow
KillTimer
IsIconic
GetClientRect
DrawIcon
SendMessageA
SetWindowPos
SetTimer
LoadIconA
GetSystemMetrics

comctl32

ImageList_ReplaceIcon

skinplusplus

ord1

msvcirt

??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/Active.ini
完美卸载/ActiveDll.dll
.dll windows:4 windows x86 arch:x86

d3787489724508598718fbfba4cb3a1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3953
ord540
ord2512
ord5710
ord4129
ord2764
ord6929
ord6927
ord860
ord665
ord3790
ord354
ord2044
ord823
ord5834
ord5450
ord6394
ord5440
ord6383
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord2818
ord2554
ord4486
ord6375
ord4274
ord2448
ord1105
ord858
ord389
ord5207
ord690
ord2393
ord537
ord535
ord3663
ord800

msvcrt

__CxxFrameHandler
fclose
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
_mbscmp
fopen
fwrite
sprintf

kernel32

LocalFree
GetModuleFileNameA
DeleteFileA
LocalAlloc

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

msvcirt

??_Difstream@@QAEXXZ
?close@ifstream@@QAEXXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock

netapi32

Netbios

Exports

Exports

ActiveProduct

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/Alert.wav
完美卸载/AutoHelp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4808eb2da524e99c7e821d4525f6d7dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:7c:8d:15:44:83:b4:11:63:a7:df:21:65:96:87:03
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2009, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Network Department,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:09:32:13:4f:d2:45:2b:57:af:22:c9:b6:f9:37:9a:ea:43:d4:df
Signer

Actual PE Digest

6f:09:32:13:4f:d2:45:2b:57:af:22:c9:b6:f9:37:9a:ea:43:d4:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\AutoHelp.pdb

Imports

kernel32

SetLastError
MoveFileA
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
SetFilePointer
DeleteFileA
FileTimeToSystemTime
FindClose
FindFirstFileA
GetFileAttributesA
WritePrivateProfileStringA
SetErrorMode
ReleaseMutex
FlushViewOfFile
CreateMutexA
ReadFile
UnlockFile
LockFile
GetProcAddress
FreeLibrary
GetSystemTime
Sleep
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
LockFileEx
AreFileApisANSI
GetFileAttributesW
DeleteFileW
GetTempPathW
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
LoadLibraryW
CreateFileW
GetVersion
GetEnvironmentVariableA
OpenMutexA
SetEvent
CreateDirectoryA
CreateProcessA
CreateEventA
GetTickCount
MoveFileExA
RemoveDirectoryA
CreateDirectoryW
RemoveDirectoryW
GetFileType
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
MoveFileW
GetFileTime
GetWindowsDirectoryA
GetWindowsDirectoryW
GetFileInformationByHandle
SetFileAttributesW
FindFirstFileW
CreateFileMappingW
GetSystemDirectoryA
GetShortPathNameA
GetDriveTypeA
lstrcmpA
ReadProcessMemory
OpenProcess
TerminateProcess
SuspendThread
GetPrivateProfileSectionA
GetLogicalDrives
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
DeviceIoControl
GetCurrentDirectoryA
GetLongPathNameA
SearchPathA
ExpandEnvironmentStringsA
QueryPerformanceCounter
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetPrivateProfileStringA
GetFileAttributesExA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceExA
GetTempPathA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
TerminateThread
IsDBCSLeadByte
lstrcpynA
CreateThread
GetModuleHandleA
lstrcmpiA
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetModuleFileNameA
lstrlenA
lstrcpyA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
OpenEventA

user32

GetWindowLongA
UnregisterClassA
SendMessageA
PostMessageA
DestroyWindow
DefWindowProcA
CharNextA
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetClassInfoExA
LoadCursorA
wsprintfA
GetDC
CreateWindowExA
BeginPaint
GetClientRect
EndPaint
GetParent
GetFocus
IsChild
SetFocus
ShowWindow
InvalidateRect
IsWindow
GetKeyState
CallWindowProcA
RegisterClassExA
SetWindowLongA
LoadBitmapA

gdi32

CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
GetDeviceCaps
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
SetViewportOrgEx
SetMapMode
LPtoDP
SaveDC
CreateDCA

advapi32

LookupPrivilegeValueA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW

shell32

SHGetFileInfoA
SHGetFolderPathA

ole32

OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemFree
CoUninitialize
StringFromGUID2
OleSaveToStream
CoCreateGuid
CoInitialize
CoCreateInstance
OleRegGetMiscStatus
CoTaskMemAlloc
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm

oleaut32

SysFreeString
CreateErrorInfo
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SysAllocStringLen
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
SetErrorInfo
VariantChangeType
VarUI4FromStr
VariantClear

shlwapi

PathRemoveFileSpecA
SHDeleteKeyW
PathSkipRootA
SHDeleteKeyA
PathFileExistsA
PathFindExtensionA

msvcp71

?_Nomemory@std@@YAXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
wctype
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr71

_mbsupr
wcsncmp
wcschr
wcslen
_itoa
_gcvt
_fpclass
_i64toa
_ui64toa
_snwprintf
_strtoi64
_strtoui64
_errno
_HUGE
strtod
wcscmp
_wtoi
iswspace
_mbsinc
_ismbcspace
_mbsstr
_mbsicoll
??1exception@@UAE@XZ
_strnicmp
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
isdigit
isspace
isxdigit
localtime
tolower
isalnum
strncpy
toupper
fclose
fread
ftell
fseek
fopen
fwrite
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
memset
_mbscmp
_ismbcalpha
_mbsnbicmp
_mbslwr
_strdup
wctomb
_isctype
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
strchr
_strupr
swscanf
_stricmp
strstr
calloc
strrchr
malloc
free
_resetstkoflw
_except_handler3
_CxxThrowException
??3@YAXPAX@Z
wcsncpy
_mbschr
__CxxFrameHandler
??_V@YAXPAX@Z
_purecall
realloc
_wcsicmp
_mbsrchr
_vscprintf
vsprintf
memmove
atoi
sprintf
_snprintf
_snscanf
rand
srand
time
_mbsnbcpy
_mbsicmp
_ultoa
strncmp
_strlwr
_msize

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetAttemptConnect
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCrackUrlA
HttpAddRequestHeadersA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetDllAutoHelpObject
GetDllAutoHelpObjectEx
REClearROT
RECreateObjectLoader
RECreateROT
REGetClassObject

Sections

.text
Size: 884KB - Virtual size: 881KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/Avsoft.ini
完美卸载/CheckTrust.dll
.dll windows:4 windows x86 arch:x86

5170f10afa16735b56325047137a3130

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WorkCode\完美卸载26.10\正式版\SysProtect\CheckTrust\release\CheckTrust.pdb

Imports

kernel32

GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
ExitProcess
RaiseException
HeapSize
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
LoadLibraryA
GetVersionExA
InterlockedIncrement
FormatMessageW
GetModuleHandleA
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
lstrlenW
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalUnlock
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
HeapCreate
CreateFileW

user32

LoadCursorW
GetSysColorBrush
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetSystemMetrics
GetMenuItemID
GetSubMenu
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetMenuItemCount
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
DestroyMenu
CreateWindowExW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
wsprintfW
GetWindowPlacement
UnregisterClassA

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

Exports

Exports

CheckFileTructEx

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/CleanFav.exe
.exe windows:4 windows x86 arch:x86

d0e3035b007b9d4ba48a3de8d49cdcef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord283
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord1640
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord818
ord693
ord765
ord2514
ord5943
ord2621
ord1134
ord1199
ord1247
ord536
ord2818
ord5861
ord922
ord923
ord6648
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord3698
ord2582
ord4402
ord3370
ord3640
ord1168
ord324
ord2135
ord2302
ord4234
ord1768
ord3996
ord2862
ord4710
ord755
ord470
ord801
ord1200
ord690
ord1988
ord2393
ord6888
ord6907
ord3998
ord5356
ord5808
ord1075
ord5204
ord3229
ord1228
ord389
ord5953
ord6143
ord541
ord1576
ord4224
ord3302
ord6675
ord2642
ord3092
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord1949
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord2725
ord323
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord5289
ord1105

msvcrt

_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
strrchr
sprintf
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode

kernel32

GetModuleHandleA
TerminateThread
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
HeapFree
DeleteFileA
GetModuleFileNameA
GetCurrentProcess
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

SendMessageA
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
GetDC
TabbedTextOutA
GrayStringA
GetSubMenu
DrawTextA
ReleaseDC
DrawIconEx
DestroyCursor
GetWindowLongA
KillTimer
IsIconic
DrawIcon
SetWindowPos
SetTimer
LoadIconA
EnableWindow
DestroyIcon
GetMenuItemInfoA
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SystemParametersInfoA

gdi32

TextOutA
ExtTextOutA
Escape
GetStockObject
CreateFontA
SetBkColor
CreateBitmap
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetDeviceCaps
GetBkMode

advapi32

RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

SHFileOperationA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

skinplusplus

ord1
ord27

winmm

PlaySoundA

msvcirt

_mtunlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
?get@istream@@IAEAAV1@PADHH@Z
_mtlock

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/CleanPlugin/ACDSee 历史记录
完美卸载/CleanPlugin/AbsoluteFTP 历史记录
完美卸载/CleanPlugin/Acrobat Reader 5 历史记录
完美卸载/CleanPlugin/Acrobat Reader 6 历史记录
完美卸载/CleanPlugin/Ad-aware 6 历史记录
完美卸载/CleanPlugin/Adaptec Easy CD Creator 历史记录
完美卸载/CleanPlugin/Adobe Photoshop 6.0 历史记录
完美卸载/CleanPlugin/Adobe Photoshop 7.0 历史记录
完美卸载/CleanPlugin/BitTorrent广告缓存
完美卸载/CleanPlugin/Bitcomet下载记录
完美卸载/CleanPlugin/Borland Delphi v7 历史记录
完美卸载/CleanPlugin/CuteFTP 历史记录
完美卸载/CleanPlugin/Disk Explorer Professional 3 历史记录
完美卸载/CleanPlugin/Diskeeper 5.0 历史记录
完美卸载/CleanPlugin/DivX Player 历史记录
完美卸载/CleanPlugin/Download Accelerator 历史记录
完美卸载/CleanPlugin/Easy CD 刻录软件工作记录
完美卸载/CleanPlugin/Ebay Toolbar 历史记录
完美卸载/CleanPlugin/E话通垃圾清理
完美卸载/CleanPlugin/FlashFXP垃圾文件
完美卸载/CleanPlugin/Foxmail 清理插件
完美卸载/CleanPlugin/GetRight 历史记录
完美卸载/CleanPlugin/Google Chrome 浏览器 Cookie
完美卸载/CleanPlugin/Google Chrome 浏览器其他记录
完美卸载/CleanPlugin/Google Chrome 浏览器历史记录
完美卸载/CleanPlugin/Google Chrome 浏览器缓存
完美卸载/CleanPlugin/Google Deskbar 历史记录
完美卸载/CleanPlugin/Google Toolbar 历史记录
完美卸载/CleanPlugin/Graphic Workshop Pro 历史记录
完美卸载/CleanPlugin/HLSW游戏控制台记录
完美卸载/CleanPlugin/HyperSnap 5 截图软件工作记录
完美卸载/CleanPlugin/ICQ 2003a 历史记录
完美卸载/CleanPlugin/KMPlayer
完美卸载/CleanPlugin/LeapFTP 2.6 历史记录
完美卸载/CleanPlugin/MSN Messenger 历史记录
完美卸载/CleanPlugin/MSN Toolbar 历史记录
完美卸载/CleanPlugin/Macromedia Dreamweaver MX 历史记录
完美卸载/CleanPlugin/Macromedia Firework MX 历史记录
完美卸载/CleanPlugin/Macromedia Flash MX 历史记录
完美卸载/CleanPlugin/McAfee Virus Scan(玛赛防毒软件) 历史记录
完美卸载/CleanPlugin/Microsoft Imaging 历史记录
完美卸载/CleanPlugin/Microsoft Netmeeting 历史记录
完美卸载/CleanPlugin/Microsoft Office 2000 历史记录
完美卸载/CleanPlugin/Microsoft Office 97 历史记录
完美卸载/CleanPlugin/Microsoft Office XP 历史记录
完美卸载/CleanPlugin/Microsoft Photo Editor 3.0 历史记录
完美卸载/CleanPlugin/Microsoft Publisher 2000 历史记录
完美卸载/CleanPlugin/Microsoft Word 2000 历史记录
完美卸载/CleanPlugin/Microsoft Word Backup Files 历史记录
完美卸载/CleanPlugin/NetAnts 历史记录
完美卸载/CleanPlugin/NetCaptor 历史记录
完美卸载/CleanPlugin/Nokia PC套件
完美卸载/CleanPlugin/Norton Anti-Virus诺顿杀毒软件历史记录
完美卸载/CleanPlugin/Norton Firewal诺顿防火墙历史记录
完美卸载/CleanPlugin/Norton Internet Security诺顿互联网防火墙历史记录
完美卸载/CleanPlugin/Opera 浏览器其他记录
完美卸载/CleanPlugin/Opera 浏览器自动完成记录
完美卸载/CleanPlugin/Opera 浏览器历史记录
完美卸载/CleanPlugin/Opera 浏览器缓存
完美卸载/CleanPlugin/Outlook Express 5,6 历史记录
完美卸载/CleanPlugin/PPTV 播放缓存
完美卸载/CleanPlugin/PhotoDraw 2000 历史记录
完美卸载/CleanPlugin/PhotoImpact Viewer 4.0 历史记录
完美卸载/CleanPlugin/PhotoImpact(硬派) 历史记录
完美卸载/CleanPlugin/PowerDVD 历史记录
完美卸载/CleanPlugin/QQ 自动更新历史记录
完美卸载/CleanPlugin/QQ2004 历史及广告垃圾
完美卸载/CleanPlugin/QQ2005 历史及广告垃圾
完美卸载/CleanPlugin/QQGame2004 游戏清理插件
完美卸载/CleanPlugin/QQGame2005 游戏缓存
完美卸载/CleanPlugin/QQ影音历史记录
完美卸载/CleanPlugin/QQ游戏历史记录
完美卸载/CleanPlugin/QQ音乐缓存
完美卸载/CleanPlugin/QuickTime苹果播放器
完美卸载/CleanPlugin/Ray盘下载历史记录
完美卸载/CleanPlugin/RealNetworks Real Download 历史记录
完美卸载/CleanPlugin/RealOne & RealPlayer 历史记录
完美卸载/CleanPlugin/Roxio Easy CD Creator 历史记录
完美卸载/CleanPlugin/Skype网络电话
完美卸载/CleanPlugin/UUSee网络电视历史记录
完美卸载/CleanPlugin/Ulead GIF Animator 历史记录
完美卸载/CleanPlugin/Ulead Photo Express 历史记录
完美卸载/CleanPlugin/UltraEdit 历史记录
完美卸载/CleanPlugin/WinAce 2. 历史记录
完美卸载/CleanPlugin/WinISO 光盘镜像软件工作记录
完美卸载/CleanPlugin/WinRAR 3.0 历史记录
完美卸载/CleanPlugin/WinZip 9.0-9.1 历史记录
完美卸载/CleanPlugin/Winamp 历史记录
完美卸载/CleanPlugin/Windows Live Messager
完美卸载/CleanPlugin/Windows Live Messager历史记录
完美卸载/CleanPlugin/Windows XP 最近运行程序记录
完美卸载/CleanPlugin/Windows XP 预览缓存文件
完美卸载/CleanPlugin/Windows 网络映射驱动器列表
完美卸载/CleanPlugin/Windows日志文件
完美卸载/CleanPlugin/Yahoo! Messenger 历史记录
完美卸载/CleanPlugin/Yahoo! Player 历史记录
完美卸载/CleanPlugin/Zone Alarm 防火墙日志
完美卸载/CleanPlugin/傲游浏览器
完美卸载/CleanPlugin/天网防火墙日志清理
完美卸载/CleanPlugin/影音传送带辅助文件
完美卸载/CleanPlugin/新浪UC缓存清理
完美卸载/CleanPlugin/新版迅雷看看播放器下载缓存
完美卸载/CleanPlugin/映射驱动器记录
完美卸载/CleanPlugin/暴风影音记录
完美卸载/CleanPlugin/比特精灵下载记录
完美卸载/CleanPlugin/电骡工作记录清理
完美卸载/CleanPlugin/网际快车FlashGet 历史记录
完美卸载/CleanPlugin/访问的局域网共享资源记录
完美卸载/CleanPlugin/迅雷广告缓存
完美卸载/CleanPlugin/迅雷影音历史记录
完美卸载/CleanPlugin/迅雷看看缓存文件
完美卸载/CleanPlugin/酷我音乐盒
完美卸载/CleanPlugin/酷狗音乐2010
完美卸载/CleanShortCuts.exe
.exe windows:4 windows x86 arch:x86

da5bcefca0fe6931068b30c739d28f1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord283
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord3596
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord818
ord693
ord2514
ord2621
ord1134
ord2725
ord541
ord2452
ord5861
ord6143
ord3790
ord6648
ord2818
ord4204
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord922
ord923
ord1200
ord6907
ord3998
ord926
ord2642
ord3092
ord5953
ord6883
ord5265
ord4376
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord2582
ord4402
ord3370
ord3640
ord1168
ord324
ord2135
ord2302
ord4234
ord1768
ord1105
ord4710
ord755
ord470
ord4224
ord3302
ord6675
ord2862
ord3996
ord1576
ord6215
ord2448
ord5710
ord6929
ord6927
ord2044
ord5834
ord1949
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord536
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord801
ord640
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord5300
ord6888

msvcrt

_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
strrchr
exit
fclose
fopen
sprintf
strstr
__p___argv
__p___argc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr

kernel32

GetModuleHandleA
TerminateThread
GetWindowsDirectoryA
Sleep
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
HeapFree
FindNextFileA
DeleteFileA
GetModuleFileNameA
FindFirstFileA
FindClose
GetDriveTypeA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
KillTimer
GetDC
DrawIcon
SetWindowPos
SetTimer
LoadIconA
RegisterHotKey
LoadBitmapA
DrawTextA
ReleaseDC
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
GetMenuItemInfoA
SetRect
DrawEdge
IsIconic
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
FillRect

gdi32

PtVisible
RectVisible
PatBlt
TextOutA
ExtTextOutA
Escape
GetStockObject
CreateFontA
GetObjectA
CreateBitmap
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
SetBkColor
GetDeviceCaps
GetBkMode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHFileOperationA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

skinplusplus

ord32
ord1
ord27

winmm

PlaySoundA

msvcirt

??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
_mtunlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
?get@istream@@IAEAAV1@PADHH@Z
??_Dofstream@@QAEXXZ
_mtlock

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/CleanShortCuts.ini
完美卸载/CopyPathExt.tlb
完美卸载/DesktopMon.exe
.exe windows:4 windows x86 arch:x86

bdd0def10770a453ab29fb75cce6be26

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:be:8f:32:7e:11:7c:f3:85:d5:7f:68:48:43:cc:8a:74:25:4a:89
Signer

Actual PE Digest

d9:be:8f:32:7e:11:7c:f3:85:d5:7f:68:48:43:cc:8a:74:25:4a:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord567
ord6143
ord324
ord1175
ord6883
ord926
ord2302
ord4234
ord4710
ord2379
ord755
ord470
ord5861
ord4202
ord2642
ord3092
ord4853
ord6215
ord6877
ord4376
ord1105
ord539
ord939
ord941
ord6374
ord543
ord803
ord6307
ord521
ord3701
ord500
ord772
ord6142
ord2393
ord5860
ord663
ord348
ord1187
ord860
ord3790
ord4204
ord5953
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord5265
ord3639
ord3402
ord5290
ord4401
ord1576
ord1776
ord6055
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord2764
ord858
ord535
ord541
ord1134
ord2621
ord540
ord2818
ord2514
ord692
ord801
ord641
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord537
ord800
ord823
ord3584
ord825

msvcrt

_setmbcp
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
free
_strdup
_except_handler3
_beginthreadex
__CxxFrameHandler
_purecall
malloc
_mbstok
_mbsrchr
_mbsicmp
__p___argv
__dllonexit
_mbscmp
strrchr
sprintf
__p___argc

kernel32

InitializeCriticalSection
GetCurrentProcess
MultiByteToWideChar
lstrcpyA
CreateMutexA
GetLastError
Sleep
ResetEvent
FreeLibrary
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetStartupInfoA
LeaveCriticalSection
EnterCriticalSection
CreateIoCompletionPort
CreateFileA
SetLastError
GetFileAttributesA
PostQueuedCompletionStatus
SetThreadPriority
GetThreadPriority
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetCurrentThread
GetModuleFileNameA
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetModuleHandleA

user32

EnableWindow
PostQuitMessage
FindWindowA
IsIconic
GetSystemMetrics
IsWindow
DestroyWindow
RegisterClassA
DefWindowProcA
SystemParametersInfoA
KillTimer
GetClientRect
DrawIcon
SendMessageA
SetTimer
SetWindowPos
LoadIconA
RegisterWindowMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
MessageBeep
GetMessageA
PostThreadMessageA
PostMessageA
CreateWindowExA

gdi32

GetStockObject

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

skinplusplus

ord1

winmm

PlaySoundA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/DiskDrag.exe
.exe windows:4 windows x86 arch:x86

86fc11bfe170e5cd29bac9e675ce3150

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WorkCode\新版开发\优化大师\DiskDrag\release\DiskDrag.pdb

Imports

kernel32

FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapAlloc
HeapFree
GetTimeZoneInformation
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
HeapSize
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetOEMCP
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CreateFileA
GetFullPathNameA
FindFirstFileA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
LocalFree
InterlockedDecrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetCurrentThreadId
GlobalLock
GlobalUnlock
MulDiv
CompareStringA
InterlockedExchange
CompareStringW
GetLogicalDriveStringsW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetCurrentProcess
GetSystemTimeAsFileTime
GetFileAttributesExW
FindNextFileW
FindClose
FindFirstFileW
SystemTimeToFileTime
GetSystemTime
FlushFileBuffers
DeviceIoControl
GetFileInformationByHandle
CreateFileW
Sleep
FormatMessageA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
CreateThread
DeleteFileA
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
SetThreadExecutionState
GetModuleFileNameA
CloseHandle
Process32Next
Process32First
GetCurrentProcessId
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
FreeResource
SizeofResource
WideCharToMultiByte
LockResource
LoadResource
FindResourceA
GetACP
GetCPInfo
MultiByteToWideChar
lstrlenA
GetVersionExA
SetUnhandledExceptionFilter
GetVersion

user32

RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
GetWindowThreadProcessId
CreateDialogIndirectParamA
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
IsWindowEnabled
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
MessageBeep
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
CopyAcceleratorTableA
SetForegroundWindow
UpdateWindow
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
IntersectRect
DestroyMenu
IsWindow
EndPaint
BeginPaint
GetWindowDC
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CharUpperA
KillTimer
DrawIcon
IsIconic
SetTimer
LoadIconA
EnableWindow
OffsetRect
GetClientRect
PostMessageA
SendMessageA
CharNextA
SetCapture
UnregisterClassA
GetWindowRect
GetActiveWindow
ClientToScreen
ReleaseCapture
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
GrayStringA
DrawTextExA
TabbedTextOutA
GetSubMenu
LoadBitmapA
GetSysColorBrush
FillRect
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
SystemParametersInfoA
SetRect
GetSysColor
CopyRect

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
SetViewportExtEx
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
CreateCompatibleBitmap
RestoreDC
SaveDC
LineTo
MoveToEx
SetDCPenColor
SetTextColor
SetBkColor
CreateBitmap
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteDC
DeleteObject
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
SysFreeString
VariantClear

skinplusplus

ord1

Exports

Exports

AddArrayString
FragmentCount
GetItemLcn
IsFragmented
RunJkDefrag
StopJkDefrag
SystemErrorStr
TreeBiggest
TreeDetach
TreeFirst
TreeInsert
TreeNext
TreeNextPrev
TreePrev
TreeSmallest
stristr
stristrW

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/End1.htm
完美卸载/End2.htm
完美卸载/End3.htm
完美卸载/End4.htm
完美卸载/End5.htm
完美卸载/FileWipe.exe
.exe windows:4 windows x86 arch:x86

6cb8ca96cc531a51bcf87e6a4d4ba200

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord6197
ord283
ord2915
ord5710
ord6283
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord640
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord765
ord693
ord2514
ord2621
ord1134
ord2764
ord5265
ord4376
ord4998
ord6052
ord1775
ord4425
ord3597
ord4407
ord3698
ord2582
ord4402
ord3370
ord3640
ord324
ord2301
ord2302
ord4234
ord4710
ord755
ord470
ord2818
ord6907
ord3301
ord2642
ord3092
ord4224
ord3996
ord2862
ord3452
ord2515
ord355
ord6334
ord801
ord3998
ord5953
ord541
ord5861
ord922
ord923
ord538
ord5280
ord2448
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord3706
ord3742
ord812
ord818
ord1270
ord1232
ord559
ord6144
ord2152
ord6453
ord6215
ord3089
ord6605
ord2380
ord5781
ord6119
ord2754
ord3797
ord816
ord562
ord5862
ord2860
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord1168
ord6194
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord5302
ord384
ord1576

msvcrt

__setusermatherr
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
sprintf
strrchr
atoi
strtoul
_mbsicmp
rand
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetModuleHandleA
MulDiv
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
HeapFree
GetShortPathNameA
WinExec
SetFileAttributesA
GetFileSize
DeleteFileA
GetModuleFileNameA
MultiByteToWideChar
CreateFileA
WriteFile
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

CopyRect
FillRect
ModifyMenuA
SetRect
GetMenuItemInfoA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
GetClientRect
PtInRect
IsRectEmpty
ChildWindowFromPointEx
SetWindowRgn
GetSysColor
ScreenToClient
IsWindow
GetClassInfoA
DefWindowProcA
LoadCursorA
KillTimer
IsIconic
DrawIcon
SetWindowPos
SetTimer
LoadIconA
PeekMessageA
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
PostQuitMessage
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetCursorPos
GetMenuItemCount
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
DrawEdge

gdi32

RectVisible
PatBlt
TextOutA
ExtTextOutA
Escape
GetStockObject
CreateFontA
SetBkColor
PtVisible
CreateRectRgn
FrameRgn
FillRgn
OffsetRgn
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
CreateBitmap
GetDeviceCaps
GetBkMode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFileInfoA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
ShellExecuteExA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent

skinplusplus

ord27
ord1

winmm

PlaySoundA

msvcirt

?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtlock

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/ForceKiller.exe
.exe windows:4 windows x86 arch:x86

acc2d8e1cef3837293c3bea6dc14c4f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord6197
ord283
ord2915
ord5710
ord6283
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord1175
ord3738
ord561
ord815
ord641
ord765
ord693
ord2514
ord6282
ord6877
ord2818
ord2621
ord1134
ord1168
ord5265
ord4376
ord4998
ord6052
ord5290
ord4425
ord3597
ord4407
ord3698
ord2582
ord4402
ord3370
ord3640
ord324
ord2301
ord2302
ord4234
ord4710
ord755
ord470
ord6907
ord3301
ord2642
ord3092
ord4224
ord3996
ord2862
ord3452
ord2515
ord355
ord6334
ord801
ord3998
ord5953
ord541
ord5861
ord922
ord923
ord538
ord5280
ord2448
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord3706
ord3742
ord812
ord818
ord1270
ord1232
ord559
ord6144
ord2152
ord6453
ord6215
ord3089
ord6605
ord2380
ord5781
ord6119
ord2754
ord3797
ord816
ord562
ord5862
ord2860
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord536
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord1775
ord2096
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord4622
ord384
ord1576

msvcrt

__setusermatherr
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
sprintf
strrchr
__p___argc
atoi
strtoul
_mbsicmp
rand
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetModuleHandleA
DeviceIoControl
GetLastError
MulDiv
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
HeapFree
GetShortPathNameA
WinExec
GetCommandLineA
DeleteFileA
MoveFileExA
GetSystemDirectoryA
CopyFileA
GetModuleFileNameA
MultiByteToWideChar
CreateFileA
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

FillRect
LoadImageA
GetMenuItemCount
GetMenuItemInfoA
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
FrameRect
LoadBitmapA
TabbedTextOutA
GrayStringA
GetSubMenu
DestroyCursor
CopyRect
PtInRect
IsRectEmpty
ChildWindowFromPointEx
SetWindowRgn
GetCursorPos
ScreenToClient
IsWindow
GetClassInfoA
DefWindowProcA
LoadCursorA
KillTimer
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
IsIconic
DrawIcon
SetWindowPos
SetTimer
LoadIconA
PeekMessageA
PostQuitMessage
EnableWindow
AppendMenuA
SetRect
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
DrawEdge
GetWindowLongA

gdi32

GetStockObject
CreateFontA
SetTextColor
SetBkColor
CreateBitmap
CreateRectRgn
FrameRgn
OffsetRgn
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
FillRgn
GetDeviceCaps
GetBkMode

advapi32

CreateServiceA
RegQueryValueExA
RegOpenKeyExA
ControlService
StartServiceA
DeleteService
OpenSCManagerA
RegCloseKey
OpenServiceA
CloseServiceHandle

shell32

SHGetFileInfoA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
ShellExecuteExA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent

skinplusplus

ord27
ord1

winmm

PlaySoundA

msvcirt

?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtlock

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/FormatDisk.exe
.exe windows:4 windows x86 arch:x86

5ad779ef28436893499463cc734ab53c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord2818
ord540
ord2621
ord1134
ord5731
ord1168
ord4234
ord2379
ord755
ord470
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord1576

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
__p___argc
__p___argv
_setmbcp
exit

kernel32

WinExec
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
FreeLibrary

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/GetHardInfo.exe
.exe windows:4 windows x86 arch:x86

775b313d5e22681a004da64bd6a5289f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord5199
ord815
ord2621
ord1134
ord3663
ord2448
ord5710
ord4129
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord5450
ord6394
ord5440
ord6383
ord6883
ord3880
ord3425
ord3054
ord3227
ord3408
ord861
ord1601
ord2614
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord541
ord1168
ord1669
ord6877
ord6143
ord6283
ord924
ord922
ord939
ord801
ord2652
ord1200
ord6282
ord4673
ord825
ord823
ord537
ord2764
ord858
ord2818
ord535
ord860
ord800
ord540
ord561
ord1576

msvcrt

fopen
fprintf
fclose
strrchr
memmove
sprintf
atol
_except_handler3
__CxxFrameHandler
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
_mbscmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_ftol
_controlfp

kernel32

GlobalMemoryStatus
GetSystemInfo
ExitProcess
GetComputerNameA
LoadLibraryA
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA
GetProcAddress
FreeLibrary
GetVersionExA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
SetPriorityClass
GetPriorityClass
LocalFree
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
GetLastError
GetCurrentProcess

advapi32

RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SysFreeString

msvcirt

??0ofstream@@QAE@XZ
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
?open@ofstream@@QAEXPBDHH@Z

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/Head.htm
.html
完美卸载/IE5.DAT
完美卸载/IE6.DAT
完美卸载/IE7.DAT
完美卸载/IE8.DAT
完美卸载/IeRepair.exe
.exe windows:4 windows x86 arch:x86

dbe14f9d67c465fac0d32c31ad73b074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

checktrust

CheckFileTructEx

mfc42

ord2438
ord823
ord6142
ord4083
ord2863
ord5606
ord2859
ord3571
ord3573
ord3693
ord3626
ord5875
ord4129
ord2763
ord4277
ord5683
ord2414
ord2567
ord5788
ord2614
ord858
ord1641
ord3619
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord6194
ord1640
ord323
ord5785
ord2405
ord2096
ord2408
ord5860
ord807
ord2920
ord2012
ord4163
ord2120
ord554
ord1644
ord1146
ord5572
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord2764
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord3402
ord6055
ord1776
ord4396
ord4424
ord3574
ord4425
ord609
ord556
ord567
ord4275
ord4284
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord3663
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord818
ord801
ord692
ord795
ord2621
ord1134
ord2725
ord3721
ord1168
ord2135
ord2302
ord1768
ord4299
ord6215
ord2086
ord755
ord470
ord5953
ord3097
ord6883
ord6143
ord541
ord4204
ord4644
ord1771
ord1576
ord2413
ord2024
ord4217
ord2576
ord4397
ord3352
ord3577
ord924
ord926
ord2937
ord5890
ord1200
ord4219
ord2581
ord4401
ord3639
ord6282
ord6283
ord5608
ord5861
ord922
ord5710
ord4278
ord1871
ord1949
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord4224
ord2818
ord4710
ord6334
ord1175
ord2864
ord2919
ord2379
ord4234
ord2301
ord825
ord324
ord540
ord641
ord283
ord3597
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord537
ord860
ord535
ord800
ord809
ord6366

msvcrt

sprintf
_setmbcp
__CxxFrameHandler
free
malloc
wcscpy
wcslen
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_ftol
memmove
_mbscmp
_mbsnbcpy
exit
__p___argv
__p___argc
_controlfp
strrchr
fclose
fprintf
fopen
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm

kernel32

GetModuleHandleA
CreateDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
WinExec
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
GetStartupInfoA

user32

GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemCount
KillTimer
GetWindow
GetClassNameA
GetWindowLongA
PostMessageA
FindWindowExA
SendMessageA
SetTimer
MessageBoxA
wsprintfA
IsIconic
DrawIcon
SetWindowPos
LoadIconA
FindWindowA
ShowWindow
FlashWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
AppendMenuA
GetMenuState
EnableWindow
ModifyMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
GetMenuItemInfoA
SystemParametersInfoA

gdi32

PtVisible
RectVisible
PatBlt
TextOutA
SetPixel
Escape
GetStockObject
CreateFontA
SetBkColor
CreateBitmap
GetObjectA
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetPixel
ExtTextOutA
GetDeviceCaps
GetBkMode

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyExA

shell32

SHFileOperationA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Draw
ImageList_AddMasked

skinplusplus

ord27
ord1

winmm

PlaySoundA

msvcirt

_mtunlock
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??_Difstream@@QAEXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
?close@ifstream@@QAEXXZ

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/Image/Logo.jpg
.jpg
完美卸载/Image/Scan1.gif
.gif
完美卸载/Image/Woa37.jpg
.jpg
完美卸载/Image/prog.gif
.gif
完美卸载/Image/web_icon_006.gif
.gif
完美卸载/Logo.jpg
.jpg
完美卸载/MainCon.exe
.exe windows:4 windows x86 arch:x86

374b848bd17094466ce295ae58790604

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:61:db:e9:31:b0:68:7f:54:94:01:bd:01:1b:0c:d5:80:45:e9:dd
Signer

Actual PE Digest

44:61:db:e9:31:b0:68:7f:54:94:01:bd:01:1b:0c:d5:80:45:e9:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinplusplus

ord1
ord27

checktrust

CheckFileTructEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

scanengine

RemoveTrojan
IfisTrojan
LoadVirInfoDb

mfc42

ord2302
ord4234
ord5953
ord1929
ord795
ord755
ord2860
ord470
ord6215
ord4204
ord2393
ord690
ord5207
ord389
ord1105
ord3790
ord1168
ord4278
ord6663
ord5861
ord924
ord922
ord923
ord1200
ord6648
ord6283
ord6282
ord2915
ord6199
ord2448
ord5710
ord6929
ord6927
ord665
ord354
ord2044
ord5834
ord3721
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord616
ord693
ord818
ord2621
ord1134
ord765
ord2725
ord1988
ord2135
ord1768
ord1572
ord4299
ord5856
ord4224
ord3733
ord810
ord4271
ord3297
ord3914
ord6008
ord4538
ord4402
ord3640
ord4243
ord6675
ord2754
ord2862
ord3301
ord6762
ord6696
ord3797
ord6888
ord2582
ord3370
ord3996
ord6907
ord3998
ord3092
ord547
ord6905
ord3098
ord3293
ord3754
ord324
ord1669
ord1979
ord5442
ord3318
ord5186
ord3584
ord543
ord803
ord2642
ord6007
ord6334
ord3698
ord2301
ord692
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord6662
ord6874
ord926
ord3742
ord2108
ord2116
ord2152
ord1233
ord5608
ord2370
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord6889
ord4000
ord2097
ord3303
ord1949
ord2243
ord6453
ord2380
ord1871
ord4034
ord1270
ord1232
ord3089
ord3920
ord3755
ord1920
ord4202
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord3289
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord641
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord283
ord6197
ord4160
ord2122
ord289
ord6880
ord613
ord3874
ord6270
ord5981
ord4774
ord5053
ord2379
ord4284
ord4275
ord567
ord556
ord609
ord809
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord2652
ord536
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord6143
ord2764
ord6883
ord6877
ord537
ord1175
ord860
ord3811
ord3337
ord2818
ord535
ord825
ord540
ord541
ord800
ord801
ord2086
ord1576

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
vsprintf
_mbsstr
rand
__p___argc
__p___argv
atoi
remove
rename
__p__commode
isspace
isalnum
strchr
strstr
_mbsicmp
fprintf
strrchr
fopen
fwrite
fclose
fflush
_mbsnbcpy
_mbscmp
memmove
_ftol
wcslen
wcscpy
malloc
free
sprintf
__CxxFrameHandler
_controlfp
__p__fmode
fread
__set_app_type
_strlwr
_fcloseall
_strupr
_setmbcp
strtoul

kernel32

TerminateProcess
DuplicateHandle
Process32First
GetPriorityClass
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
GetModuleHandleA
GetLongPathNameA
lstrcatA
LoadLibraryExA
TerminateThread
MultiByteToWideChar
lstrcpyA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
OpenProcess
SetProcessWorkingSetSize
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
GetTickCount
ReleaseMutex
GetTempPathA
GetCurrentProcess
GetFileSize
GetShortPathNameA
WinExec
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
LocalFree
GetWindowsDirectoryA
GetSystemDirectoryA
ExitProcess
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
GetDriveTypeA
SetCurrentDirectoryA
GetModuleFileNameA
WaitForSingleObject
Sleep
MulDiv
CreateFileA
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
CopyFileA
MoveFileExA
FindFirstFileA
FindNextFileA
FindClose
GetLastError
CreateDirectoryA
GetStartupInfoA

user32

CopyIcon
wsprintfA
PtInRect
GetFocus
GetCursor
IsWindowVisible
GetWindow
GetWindowTextA
FindWindowExA
GetClassNameA
IsIconic
DrawIcon
IsWindow
GetWindowThreadProcessId
RegisterWindowMessageA
FindWindowA
ShowWindow
UpdateWindow
RedrawWindow
SetForegroundWindow
MessageBoxA
PeekMessageA
PostQuitMessage
LoadIconA
SetWindowPos
KillTimer
SetTimer
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
LoadCursorA
SetWindowRgn
GetWindowDC
TrackPopupMenu
GetCursorPos
CheckMenuItem
SetMenuDefaultItem
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
IsRectEmpty
ChildWindowFromPoint
IsWindowEnabled
LoadMenuA
DefWindowProcA
GetClassInfoA
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
EqualRect
ScreenToClient
SetRectEmpty
SetRect
GetMenuItemInfoA

gdi32

Escape
ExtTextOutA
RectVisible
TextOutA
GetStockObject
PatBlt
CreateRoundRectRgn
CreatePolygonRgn
OffsetRgn
FillRgn
SelectClipRgn
FrameRgn
MaskBlt
SetTextJustification
SetBkMode
GetTextMetricsA
MoveToEx
LineTo
StretchBlt
CreateRectRgn
GetDIBits
CombineRgn
CreateBitmap
SetBkColor
SetTextColor
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetPixel
GetPixel
GetObjectA
PtVisible
CreateFontA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
OpenSCManagerA
CloseServiceHandle
DeleteService
OpenServiceA
ControlService
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSecurityDescriptor
AddAce
RegCloseKey
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
GetUserNameA
RegNotifyChangeKeyValue
RegQueryValueA
RegDeleteKeyA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHFileOperationA

comctl32

ord17
ImageList_Remove
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIcon

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear

msvcirt

?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
??_Dofstream@@QAEXXZ
??1ofstream@@UAE@XZ
?close@ofstream@@QAEXXZ
?endl@@YAAAVostream@@AAV1@@Z
??1ifstream@@UAE@XZ
??6ostream@@QAEAAV0@PBD@Z
?open@ofstream@@QAEXPBDHH@Z
??0ofstream@@QAE@XZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??6ostream@@QAEAAV0@E@Z
??_Difstream@@QAEXXZ

winmm

timeGetTime
PlaySoundA

wininet

InternetOpenA
InternetGetConnectedState
FindCloseUrlCache
DeleteUrlCacheEntry
InternetCloseHandle
FindFirstUrlCacheEntryA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
FindNextUrlCacheEntryA

shlwapi

SHDeleteKeyA

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

activedll

ActiveProduct

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/MainCon.ini
完美卸载/MyUpdate.exe
.exe windows:4 windows x86 arch:x86

095d00b9b914a8b11d935dbde1b74acd

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:e1:5d:9d:1e:8e:20:da:64:79:0e:14:09:ef:c6:1b:53:53:a8:ff
Signer

Actual PE Digest

5a:e1:5d:9d:1e:8e:20:da:64:79:0e:14:09:ef:c6:1b:53:53:a8:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState
InternetReadFile

winmm

timeGetTime
PlaySoundA

mfc42

ord536
ord2452
ord2753
ord1195
ord5440
ord6383
ord5450
ord6394
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord609
ord567
ord4275
ord2379
ord5053
ord4774
ord5981
ord6270
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord2818
ord5834
ord5265
ord5856
ord4710
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord4224
ord4673
ord1168
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord692
ord818
ord1768
ord6215
ord1651
ord801
ord6143
ord541
ord2621
ord1134
ord1199
ord1247
ord2725
ord1200
ord1105
ord348
ord2393
ord690
ord5207
ord389
ord4204
ord3584
ord543
ord803
ord6883
ord5953
ord2652
ord1669
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2135
ord2301
ord2302
ord2642
ord3092
ord6199
ord1576
ord470
ord6877
ord6334
ord4853
ord5861
ord1871
ord1949
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord4998
ord755

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_adjust_fdiv
__setusermatherr
_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
exit
strrchr
__p___argc
fflush
fclose
sprintf
fwrite
fopen
_mbsicmp
__p___argv
atol
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_controlfp

kernel32

lstrlenW
Process32Next
GetVersion
GetVersionExA
GetCPInfo
GetModuleHandleA
GetStartupInfoA
GetACP
LockResource
LoadResource
FindResourceA
lstrcmpiA
CloseHandle
Sleep
GetModuleFileNameA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateProcessA
TerminateProcess
OpenProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CopyFileA
WinExec
GetCurrentProcessId
GetProcAddress
LoadLibraryA
Module32Next
Module32First
GetPriorityClass
CreateToolhelp32Snapshot
Process32First
FreeLibrary
lstrlenA

user32

KillTimer
IsWindow
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
FindWindowA
PeekMessageA
PostQuitMessage
EnableWindow
GetClientRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
IsIconic
DrawIcon
SetWindowPos
SetTimer
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
LoadIconA
GetActiveWindow
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
MessageBoxA

gdi32

GetStockObject
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
GetDeviceCaps

advapi32

RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteExA

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw

skinplusplus

ord1
ord32

msvcirt

?endl@@YAAAVostream@@AAV1@@Z
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/Option.dat
完美卸载/Our.htm
完美卸载/Products.ini
完美卸载/Result.htm
.html
完美卸载/Ring.wav
完美卸载/RsScan.exe
.exe windows:4 windows x86 arch:x86

103df813fa995b59ccb81c15d6460fa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WorkCode\新版开发\电脑医生\SysExpert\木马扫描\rising_kit1.5\bin\RsScan.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
GetUserDefaultLCID
VirtualAlloc
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
VirtualProtect
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
GetVersion
GetTickCount
SetErrorMode
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetThreadLocale
GetOEMCP
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetFileTime
GetFileSize
GetFileAttributesA
CreateFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetCurrentThreadId
CloseHandle
GlobalLock
GlobalUnlock
MulDiv
CompareStringA
InterlockedExchange
CompareStringW
CreateThread
Sleep
DeleteFileA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
lstrcmpiA
FreeResource
SizeofResource
WideCharToMultiByte
LockResource
LoadResource
FindResourceA
GetACP
GetCPInfo
lstrlenW
MultiByteToWideChar
lstrlenA
GetVersionExA
EnumSystemLocalesA

user32

UnregisterClassA
SetCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
LoadCursorA
GetWindowThreadProcessId
CreateDialogIndirectParamA
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
IsWindowEnabled
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
CopyRect
GetSysColor
GetLastActivePopup
DrawEdge
SetRect
GetMenuItemInfoA
PeekMessageA
GetCursorPos
ValidateRect
IntersectRect
GetMenuStringA
DestroyMenu
IsWindow
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
CharUpperA
KillTimer
IsIconic
SetTimer
LoadIconA
EnableWindow
FrameRect
LoadImageA
DrawStateA
OffsetRect
GetClientRect
DrawFocusRect
InflateRect
SystemParametersInfoA
DrawIconEx
DestroyIcon
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
FillRect
GetSysColorBrush
LoadBitmapA
GetSubMenu
TabbedTextOutA
DrawTextExA
GrayStringA
DestroyCursor
GetWindowLongA
IsMenu
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
PostMessageA
SendMessageA

gdi32

CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateCompatibleBitmap
MoveToEx
LineTo
GetClipBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
SetBkColor
CreateBitmap
CreateFontA
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
SetPixel
GetPixel
GetObjectA
DeleteDC
DeleteObject
CreateSolidBrush
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateFontIndirectA
GetBkMode
CreatePen
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy

winmm

PlaySoundA

skinplusplus

ord32
ord1

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/Scan1.gif
.gif
完美卸载/ScanEngine.dll
.dll windows:4 windows x86 arch:x86

37728ba6a6fb26c7ca42185d43bac0dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord1979
ord5442
ord5186
ord1200
ord4204
ord939
ord941
ord6385
ord5773
ord3337
ord3811
ord4202
ord2725
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord1570
ord1197
ord6877
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord1253
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6883
ord6143
ord5861
ord801
ord541
ord6383
ord5440
ord6394
ord5450
ord5834
ord2818
ord2044
ord537
ord354
ord3790
ord665
ord860
ord6927
ord6929
ord2764
ord4129
ord5710
ord535
ord2448
ord858
ord540
ord800
ord3663
ord1168
ord1577
ord1182
ord342
ord1243
ord823
ord825
ord1575
ord1176
ord1116
ord3953

msvcrt

fclose
fprintf
fopen
_strlwr
sprintf
strrchr
_mbsicmp
fread
fseek
rename
fwrite
sscanf
free
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
strstr
_mbscmp
__CxxFrameHandler
??1type_info@@UAE@XZ

kernel32

GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
TerminateProcess
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
LocalFree
FreeLibrary
DeleteFileA
GetPriorityClass
Process32Next
GetVersionExA
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
ReadFile
GetFileSize
CopyFileA
GetTempPathA
SetFileAttributesA
FindClose
FindFirstFileA
SetFilePointer
Sleep
WinExec
GetShortPathNameA
MoveFileExA
GetCurrentProcessId
MoveFileA
CreateDirectoryA
LocalAlloc
Process32First
GetLastError

user32

wsprintfA
GetDesktopWindow

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SetEntriesInAclA
SetSecurityInfo
ControlService
OpenServiceA
DeleteService
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

msvcirt

?close@ifstream@@QAEXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
?openprot@filebuf@@2HB
??0ifstream@@QAE@XZ
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??_Difstream@@QAEXXZ

Exports

Exports

ActionScan
GetUpdateDate
GetVirusDate
HBDataLib
IfisTrojan
IfisVirus
IfisVirusII
LoadVirInfoDb
RemoveTrojan
RemoveVirus
SetQuickScan
SetSlowScan

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/SetupMonitor.exe
.exe windows:4 windows x86 arch:x86

d45e399a209c8d4beb3348063964c25e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

81:1e:ee:d0:de:bb:91:ff:10:e1:21:a8:62:af:38:76:f9:5c:6c:fc
Signer

Actual PE Digest

81:1e:ee:d0:de:bb:91:ff:10:e1:21:a8:62:af:38:76:f9:5c:6c:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA
Shell_NotifyIconA

mfc42

ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord5290
ord5277
ord3402
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord4160
ord6358
ord1088
ord283
ord5265
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord5789
ord801
ord641
ord541
ord324
ord2301
ord2302
ord4234
ord5953
ord6199
ord4710
ord4853
ord4376
ord6883
ord4204
ord2818
ord6143
ord4224
ord1168
ord665
ord1195
ord354
ord2448
ord5710
ord6929
ord6927
ord3790
ord2044
ord5834
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord818
ord2621
ord1134
ord2725
ord3584
ord543
ord803
ord1200
ord923
ord922
ord924
ord5861
ord2652
ord1105
ord1669
ord1622
ord2135
ord1768
ord1576
ord470
ord2642
ord6215
ord3721
ord795
ord2860
ord2754
ord1871
ord1949
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord2753
ord2452
ord536
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord616
ord755

msvcrt

__setusermatherr
_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
strncpy
strchr
sprintf
strrchr
exit
fclose
fopen
_getsystime
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_mkdir

kernel32

CreateEventA
ResetEvent
WaitForMultipleObjects
SetEvent
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
HeapFree
FindNextFileA
FindFirstFileA
FindClose
GetDriveTypeA
ExitProcess
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexA
GetLastError
GetModuleHandleA
GetModuleFileNameA
CreateFileA
CloseHandle
GetWindowsDirectoryA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

GetSysColor
CopyRect
SendMessageA
LoadMenuA
SetRect
GetMenuItemInfoA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
IsWindow
MessageBoxA
IsMenu
IsIconic
DrawIcon
GetSystemMenu
SetTimer
SetWindowPos
LoadIconA
KillTimer
SystemParametersInfoA
PostQuitMessage
RegisterHotKey
EnableWindow
FrameRect
LoadImageA
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
DestroyIcon
DrawIconEx
ReleaseDC
GetNextDlgTabItem
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
DrawEdge
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
FillRect
AppendMenuA

gdi32

SetPixel
GetPixel
GetObjectA
PtVisible
RectVisible
PatBlt
TextOutA
ExtTextOutA
Escape
CreateDIBSection
GetStockObject
CreateFontA
SetTextColor
SetBkColor
CreateBitmap
MaskBlt
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetDeviceCaps
GetBkMode

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA

comctl32

ImageList_GetImageCount
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetIcon

skinplusplus

ord27
ord1
ord32

winmm

PlaySoundA

msvcirt

_mtlock
_mtunlock
??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
?get@istream@@IAEAAV1@PADHH@Z

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/SetupMonitor.ini
完美卸载/Skin.ssk
.zip
Menu.bmp
Skin.uis
ϵͳť.bmp
״̬.bmp
ǩ.bmp
˵״̬.bmp
.bmp
ָ.bmp
ѡ.bmp
.bmp
.bmp
Ӽ.bmp
.bmp
б.bmp
ı.bmp
µİť.bmp
.bmp
Ͽ.bmp
完美卸载/SkinPlusPlus.dll
.dll windows:4 windows x86 arch:x86

598ae977394a6b93fbf9769d688859f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2725
ord3953
ord823
ord641
ord2513
ord293
ord800
ord537
ord665
ord1979
ord6385
ord353
ord3573
ord540
ord6194
ord6170
ord5781
ord2753
ord2567
ord3920
ord2713
ord2243
ord4129
ord2763
ord2919
ord2380
ord4023
ord809
ord556
ord5875
ord4297
ord4133
ord5787
ord5788
ord3693
ord2864
ord2860
ord1644
ord2455
ord2438
ord3654
ord2584
ord4220
ord1270
ord2859
ord3706
ord5590
ord3643
ord4185
ord696
ord394
ord909
ord5628
ord3435
ord2452
ord922
ord924
ord3790
ord939
ord5710
ord858
ord2044
ord5834
ord6394
ord6383
ord5440
ord5450
ord535
ord2714
ord3596
ord3663
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord941
ord860
ord5572
ord2915
ord3626
ord2764
ord5442
ord3619
ord1641
ord3571
ord640
ord2405
ord2754
ord5785
ord1640
ord323
ord4204
ord861
ord2450
ord2448
ord2841
ord2818
ord2107
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord2414

msvcrt

__CxxFrameHandler
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_EH_prolog
_CxxThrowException
getc
fputc
fflush
toupper
_except_handler3
fseek
ftell
fread
fopen
fwrite
realloc
strncpy
_mbsstr
_mbsnbcpy
gmtime
strstr
calloc
memchr
fclose
strchr
ceil
floor
malloc
free
sprintf
_purecall
atoi
memmove
_mbscmp
_mbsicmp
_ftol
__RTDynamicCast

kernel32

LocalAlloc
LocalFree
WaitForSingleObject
ReleaseMutex
CreateMutexA
FlushInstructionCache
VirtualProtect
SetLastError
UnmapViewOfFile
WriteFile
SetFileTime
CreateDirectoryA
lstrcpyA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
MulDiv
GetVersionExA
Sleep
ExitThread
TerminateThread
CloseHandle
CreateThread
lstrcmpA
lstrlenA
lstrcmpiA
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
GetVersion
GetProcAddress
FindFirstFileA
FindClose
DeleteFileA
GetTempPathA
GetModuleHandleA
GetModuleFileNameA
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalLock
LockResource
GlobalUnlock
GlobalFree
LoadLibraryA

user32

DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
EqualRect
RegisterClassExA
IsZoomed
IsIconic
GetWindowInfo
ShowWindow
SetActiveWindow
EnableWindow
DestroyWindow
SetWindowTextA
GetMenuState
GetMenuItemRect
MenuItemFromPoint
GetMenuDefaultItem
GetMenuCheckMarkDimensions
DestroyMenu
SystemParametersInfoA
UnionRect
GetForegroundWindow
GetSystemMenu
DestroyIcon
GetMessagePos
KillTimer
SetTimer
IntersectRect
MoveWindow
SetCursor
LoadCursorA
ReleaseCapture
GetFocus
SetFocus
SetCapture
GetAsyncKeyState
CreateIconIndirect
SetRect
SendMessageTimeoutA
DrawIconEx
IsMenu
CreatePopupMenu
GetMenuItemID
AppendMenuA
SetMenuItemInfoA
SetWindowRgn
UpdateWindow
IsWindowVisible
GetCapture
GetMenuStringA
SetWindowPos
ClientToScreen
MapWindowPoints
GetMenuItemCount
GetMenuItemInfoA
SetRectEmpty
LoadImageA
LoadCursorFromFileA
CallNextHookEx
GetWindowRect
IsWindowEnabled
GrayStringA
TabbedTextOutA
GetDlgCtrlID
InvalidateRect
IsRectEmpty
SetClassLongA
FindWindowExA
GetDlgItem
GetWindowTextA
PostMessageA
SetWindowsHookExA
UnhookWindowsHookEx
ScreenToClient
GetClientRect
RemovePropA
GetParent
ShowScrollBar
LockWindowUpdate
GetDesktopWindow
SetPropA
GetClassNameA
WindowFromDC
DrawStateA
DrawFocusRect
DefWindowProcA
GetCursorPos
IsWindow
GetPropA
PtInRect
InflateRect
LoadBitmapA
CallWindowProcA
EndPaint
BeginPaint
GetSubMenu
CheckMenuItem
DrawEdge
ModifyMenuW
ModifyMenuA
CreateWindowExA
ReleaseDC
GetWindowDC
GetDC
FillRect
SetMenu
GetMenu
DrawTextW
TrackPopupMenuEx
TrackPopupMenu
RemoveMenu
EnableMenuItem
InsertMenuW
InsertMenuA
InsertMenuItemW
InsertMenuItemA
DeleteMenu
DrawFrameControl
GetClassLongA
GetSysColor
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
SetWindowLongA
GetWindowLongA
GetScrollPos
GetScrollInfo
EnableScrollBar
CopyRect
OffsetRect
DrawTextA
MessageBoxA
SendMessageA
RedrawWindow
GetSystemMetrics
GetWindow

gdi32

ExtTextOutA
Rectangle
BitBlt
SetBkColor
CreatePen
PatBlt
CreateCompatibleDC
DeleteDC
ExcludeClipRect
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetPixel
GetClipBox
PtVisible
RectVisible
Escape
GetObjectA
GetStockObject
CombineRgn
GetTextExtentPointW
StretchBlt
SetStretchBltMode
CreateBitmap
SetPixelV
CreateDIBSection
ExtCreateRegion
GetDIBits
CreateICA
GetDeviceCaps
SetPixel
RoundRect
OffsetRgn
GetRegionData
CreateRectRgn
GetNearestColor
CreateDIBitmap
RealizePalette
SetDIBitsToDevice
ExtSelectClipRgn
StretchDIBits
RestoreDC
SelectClipRgn
SaveDC
GetCharWidthA
CreateFontA
SetRectRgn
PlgBlt
SetBoundsRect
GetCurrentObject
GetTextColor
GetBkMode
GetBkColor
GetTextExtentPointA
SetTextAlign
GetWindowOrgEx
GetTextExtentPoint32A
GetViewportOrgEx
SetViewportOrgEx
TextOutA
SetBkMode
CreateFontIndirectA
SetTextColor
CreateRectRgnIndirect
SelectObject

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ImageList_Duplicate
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetIconSize

msvcp60

??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0_Lockit@std@@QAE@XZ

winmm

sndPlaySoundA

Exports

Exports

sppColorize
sppDrawSkinBitmap
sppDrawSkinImage
sppExitSkin
sppGetDefaultSysColor
sppGetFreeWindowID
sppGetHookAPI
sppGetHookAPIStyle
sppGetSkinResFile
sppGetSkinSysColor
sppGetSystemMetrics
sppGetWindowResID
sppInitializeSkin
sppLoadSkin
sppLoadSkinFromRes
sppModifyHookAPIStyle
sppRemoveSkin
sppRemoveSkinHwnd
sppSelectSkin
sppSetButtonTooltip
sppSetCustSysBtnStatus
sppSetCustSysBtnVisible
sppSetCustomDraw
sppSetDialogBkClipRgn
sppSetDialogEraseBkgnd
sppSetFreeWindowID
sppSetHookAPI
sppSetHookMessage
sppSetListHeaderSortInfo
sppSetNoSkinHwnd
sppSetRedraw
sppSetRgnEnable
sppSetSkinHwnd
sppSetTabCtrlItemsStatus
sppSetTabCtrlPosition
sppSetWindowResID
sppTakeoutSysMenu
sppValidateDevTools

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/SmMgr.exe
.exe windows:4 windows x86 arch:x86

4359b9b393fd2e94e8b5b7b233d6d647

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

99:82:aa:35:2d:15:b2:5f:d0:0b:95:50:5c:f3:25:6f:d4:70:10:ae
Signer

Actual PE Digest

99:82:aa:35:2d:15:b2:5f:d0:0b:95:50:5c:f3:25:6f:d4:70:10:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinplusplus

ord1
ord27

mfc42

ord2860
ord470
ord2915
ord5710
ord6283
ord4204
ord1105
ord3790
ord1168
ord4278
ord6663
ord5861
ord6143
ord6883
ord924
ord922
ord923
ord2818
ord6648
ord6877
ord6282
ord541
ord801
ord6927
ord3721
ord6199
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord693
ord818
ord2514
ord2621
ord4202
ord2725
ord5265
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2135
ord2302
ord4234
ord6215
ord1768
ord4710
ord4376
ord4299
ord2086
ord4538
ord4402
ord755
ord4243
ord6675
ord2754
ord2862
ord3301
ord6762
ord6696
ord3797
ord6888
ord4853
ord2370
ord3996
ord6907
ord3998
ord6334
ord2642
ord3092
ord4224
ord3293
ord3754
ord2463
ord1651
ord2582
ord3370
ord6662
ord6874
ord926
ord3742
ord2152
ord1871
ord5953
ord1949
ord1270
ord1232
ord3089
ord2380
ord3920
ord3755
ord1920
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord3289
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord795
ord4407
ord1929
ord283
ord6197
ord4160
ord2122
ord289
ord6880
ord613
ord3874
ord6270
ord5981
ord4774
ord5053
ord2379
ord4284
ord4275
ord567
ord556
ord609
ord809
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord3402
ord5277
ord5290
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord536
ord3640
ord5856
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord1134
ord1576

msvcrt

__set_app_type
__p__fmode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
__p__commode
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strtoul
_mbsstr
rand
strstr
atoi
_mbsicmp
fprintf
strrchr
sprintf
fopen
fwrite
fclose
_mbsnbcpy
_mbscmp
memmove
_ftol
wcslen
wcscpy
__CxxFrameHandler
malloc
free
_strupr
_setmbcp
_XcptFilter

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LoadLibraryExA
FreeLibrary
GetDiskFreeSpaceExA
GetCurrentProcess
GetVolumeInformationA
CreateDirectoryA
CopyFileA
GetLongPathNameA
CreateMutexA
ReleaseMutex
WinExec
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
MoveFileExA
GetLastError
GetWindowsDirectoryA
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
FindFirstFileA
FindNextFileA
FindClose
GetDriveTypeA
SetCurrentDirectoryA
GetModuleFileNameA
Sleep
MulDiv
SizeofResource
MultiByteToWideChar
CreateFileA
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

GetCursorPos
SetForegroundWindow
IsWindowVisible
IsWindow
LoadCursorA
CopyIcon
ExitWindowsEx
PtInRect
GetFocus
GetCursor
RegisterWindowMessageA
IsIconic
DrawIcon
FindWindowA
ShowWindow
UpdateWindow
KillTimer
SetTimer
MessageBoxA
PeekMessageA
PostQuitMessage
LoadIconA
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
DefWindowProcA
GetClassInfoA
SetRectEmpty
ScreenToClient
EqualRect
SetWindowRgn
IsWindowEnabled
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
ChildWindowFromPoint
GetClassNameA
GetWindowTextA
IsRectEmpty
GetMenuItemInfoA
SetRect
DrawEdge
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect

gdi32

PatBlt
RectVisible
CreateRoundRectRgn
CreatePolygonRgn
OffsetRgn
FillRgn
SelectClipRgn
FrameRgn
MaskBlt
SetTextJustification
SetBkMode
GetTextMetricsA
MoveToEx
LineTo
StretchBlt
CreateRectRgn
CombineRgn
CreateBitmap
SetBkColor
SetTextColor
CreateFontA
GetStockObject
Escape
ExtTextOutA
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetPixel
GetPixel
GetObjectA
PtVisible
TextOutA

advapi32

RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
ShellExecuteA
SHGetMalloc
ShellExecuteExA

comctl32

ord17
ImageList_Remove
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw

winmm

PlaySoundA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/SoftData.dat
完美卸载/Start.htm
完美卸载/Stat1.htm
完美卸载/Stat2.htm
完美卸载/Stat3.htm
完美卸载/Stat4.htm
完美卸载/Support.gif
.gif
完美卸载/SysExpert.exe
.exe windows:4 windows x86 arch:x86

e28a13c2962d53785f075a3ca9f0dc24

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d2:30:43:ef:b2:04:1d:64:18:45:1b:68:90:ce:0b:f0
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

28/07/2009, 00:00

Not After

28/07/2010, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:f4:57:c7:4e:b7:96:6f:bc:2e:21:a4:dc:d0:c8:ce:c5:d3:cf:d6
Signer

Actual PE Digest

f7:f4:57:c7:4e:b7:96:6f:bc:2e:21:a4:dc:d0:c8:ce:c5:d3:cf:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1621
ord537
ord2764
ord4202
ord5856
ord536
ord5440
ord6383
ord5450
ord6394
ord6055
ord4078
ord1776
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord567
ord4275
ord2379
ord5053
ord4774
ord5981
ord6270
ord3698
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord641
ord765
ord2302
ord4234
ord4710
ord1768
ord6215
ord5953
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord2818
ord5834
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord818
ord2621
ord1134
ord2915
ord6877
ord1105
ord348
ord1168
ord2135
ord2688
ord2086
ord755
ord470
ord1572
ord801
ord6883
ord541
ord5861
ord1949
ord4034
ord858
ord2614
ord2414
ord4277
ord4129
ord2863
ord6142
ord823
ord939
ord2919
ord5572
ord1146
ord539
ord5860
ord2864
ord2405
ord324
ord3663
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord1576

msvcrt

_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_mbscmp
atoi
sprintf
strrchr
fwrite
setlocale
fclose
fread
fopen
strstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetSystemDirectoryA
CreatePipe
GetStartupInfoA
ReadFile
CreateProcessA
WaitForMultipleObjects
CloseHandle
SetEvent
WaitForSingleObject
DeleteFileA
GetModuleFileNameA
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetModuleHandleA

user32

GetSystemMetrics
GetMenuItemCount
ModifyMenuA
GetMenuState
IsIconic
DrawIcon
LoadIconA
EnableWindow
GetClientRect
GetSysColor
SetTimer
GetMenuStringA
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetSubMenu
GetMenuItemID

gdi32

GetStockObject

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

oleaut32

VariantClear

skinplusplus

ord1

winmm

PlaySoundA

msvcirt

?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
_mtlock
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/SysSec.exe
.exe windows:4 windows x86 arch:x86

9c92e378d3cecafc07f40e3ba37697af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
CloseServiceHandle
DeleteService
OpenServiceA
ControlService

checktrust

CheckFileTructEx

mfc42

ord554
ord1644
ord1146
ord5572
ord2919
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord537
ord2764
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord2120
ord6197
ord283
ord4402
ord3640
ord693
ord4243
ord6453
ord3293
ord6007
ord6907
ord3286
ord3754
ord3092
ord3797
ord3021
ord3301
ord2754
ord2818
ord801
ord6877
ord541
ord4204
ord6883
ord6143
ord4407
ord3721
ord795
ord2860
ord6199
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord5265
ord4376
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2301
ord4234
ord4853
ord6334
ord926
ord5861
ord3698
ord765
ord2302
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord1576
ord3738
ord561
ord815
ord818
ord2621
ord1134
ord2725
ord1168
ord4278
ord6663
ord2582
ord3370
ord2135
ord2086
ord1768
ord755
ord470
ord2862
ord3996
ord2642
ord1105
ord4224
ord3337
ord3811
ord6283
ord6282
ord3998
ord6648
ord924
ord922
ord6675
ord6215
ord4299
ord1949
ord4163
ord2012
ord2920
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord4622

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
strrchr
rename
sprintf
fclose
fprintf
fopen
_mbsicmp
__dllonexit
_onexit
_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetModuleHandleA
GetStartupInfoA
lstrcmpiA
CloseHandle
DeleteFileA
MoveFileExA
WinExec
GetWindowsDirectoryA
Sleep
GetSystemDirectoryA
GetShortPathNameA
GetCurrentProcessId
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetProcAddress
OpenProcess
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
GetPriorityClass
Process32First
LocalFree
GetLastError
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
TerminateProcess
SetFileAttributesA
GetDriveTypeA
CopyFileA

user32

DrawIcon
IsIconic
wsprintfA
KillTimer
GetCursorPos
UpdateWindow
RedrawWindow
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
SetWindowPos
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuItemInfoA
SetTimer
LoadIconA
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
PtInRect
ReleaseCapture
SetCapture
MessageBoxA
GetActiveWindow
ReleaseDC
DrawTextA
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC

gdi32

MaskBlt
SetBkColor
CreateFontA
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateBitmap
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
GetDeviceCaps

shell32

ExtractIconA
ShellExecuteA
ShellExecuteExA
SHGetFileInfoA
SHFileOperationA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount

skinplusplus

ord1
ord27

winmm

PlaySoundA

msvcirt

?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??_Difstream@@QAEXXZ
??0ifstream@@QAE@XZ

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/TheFolder.ico
完美卸载/Title.jpg
.jpg
完美卸载/Toolbar.ini
完美卸载/UnKill.exe
.exe windows:4 windows x86 arch:x86

39d191ebf9cb08cccd9c3712e67bb54a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2044
ord823
ord2818
ord5834
ord5450
ord6394
ord5440
ord6383
ord6883
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord765
ord2514
ord2621
ord1134
ord541
ord537
ord4204
ord5572
ord2915
ord939
ord6877
ord4202
ord5265
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord4710
ord2379
ord755
ord470
ord4376
ord5861
ord6143
ord354
ord3790
ord665
ord860
ord6927
ord6929
ord2764
ord4129
ord5710
ord535
ord2448
ord858
ord825
ord540
ord800
ord801
ord3663
ord1576

msvcrt

_setmbcp
fopen
__p___argv
__p___argc
__dllonexit
_onexit
_exit
_controlfp
_except_handler3
fclose
setlocale
fwrite
strrchr
sprintf
_mbscmp
__CxxFrameHandler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
fread
_XcptFilter

kernel32

GetStartupInfoA
GetModuleHandleA
Sleep
DeleteFileA
GetModuleFileNameA

user32

GetSystemMetrics
KillTimer
DrawIcon
SendMessageA
SetTimer
EnableWindow
GetClientRect
IsIconic
LoadIconA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

msvcirt

??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock

skinplusplus

ord1

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/UnTools.exe
.exe windows:4 windows x86 arch:x86

6d930db8262778cb368e4fea9e11ee09

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

be:f0:fb:b8:35:18:32:11:76:ba:38:f5:72:48:a8:f9:68:29:e3:60
Signer

Actual PE Digest

be:f0:fb:b8:35:18:32:11:76:ba:38:f5:72:48:a8:f9:68:29:e3:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord6197
ord283
ord1929
ord4407
ord795
ord755
ord2860
ord470
ord2915
ord5710
ord6283
ord2448
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord2818
ord5834
ord3721
ord6199
ord3706
ord3742
ord812
ord818
ord1270
ord1232
ord1168
ord559
ord6144
ord2152
ord6453
ord6215
ord3089
ord6605
ord2380
ord5781
ord6119
ord2754
ord3797
ord816
ord562
ord5862
ord541
ord801
ord5861
ord6143
ord3698
ord765
ord1768
ord2078
ord2108
ord2116
ord2920
ord2642
ord4299
ord924
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2302
ord4234
ord4710
ord6883
ord4465
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord693
ord2621
ord1134
ord2725
ord6877
ord4204
ord922
ord923
ord6648
ord3998
ord2652
ord1200
ord6907
ord2086
ord4224
ord1669
ord2582
ord4402
ord3370
ord3640
ord2135
ord2370
ord3092
ord5953
ord2862
ord1105
ord3302
ord3499
ord2515
ord355
ord1576
ord6334
ord807
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord3402
ord5277
ord5290
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord536
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord4673
ord2012
ord4129
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord1233
ord1949

msvcrt

_strlwr
_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
strrchr
strtoul
_mbsicmp
rand
vsprintf
sprintf
rename
strchr
strstr
exit
__p___argv
__p___argc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_except_handler3
_controlfp
__set_app_type

kernel32

GetModuleHandleA
GetLongPathNameA
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
HeapFree
lstrcpyA
GetCurrentProcessId
SetFileAttributesA
MoveFileExA
GetShortPathNameA
WinExec
Sleep
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
TerminateProcess
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
FreeLibrary
Process32First
GetPriorityClass
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
LoadLibraryA
GetProcAddress
MulDiv
GetModuleFileNameA
MultiByteToWideChar
GetLastError
LocalFree
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

SetRect
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
SendMessageA
GetMenuStringA
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
GrayStringA
GetSubMenu
DestroyCursor
GetWindowLongA
FindWindowExA
FindWindowA
IsIconic
DrawIcon
LoadIconA
GetFocus
PeekMessageA
DrawEdge
SetForegroundWindow
IsWindowVisible
PtInRect
IsRectEmpty
SetRectEmpty
ChildWindowFromPointEx
SetWindowRgn
GetCursorPos
ScreenToClient
IsWindow
GetClassInfoA
DefWindowProcA
LoadCursorA
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
UpdateWindow
KillTimer
SetTimer
RedrawWindow
EnableWindow
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
GetSystemMetrics
AppendMenuA
GetMenuItemCount
PostQuitMessage
ModifyMenuA
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetMenuItemInfoA

gdi32

FillRgn
OffsetRgn
CombineRgn
CreatePolygonRgn
FrameRgn
GetTextMetricsA
StretchBlt
GetTextColor
MaskBlt
CreateRectRgn
CreateBitmap
SetBkColor
CreateFontA
GetStockObject
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
CreateRoundRectRgn
GetDeviceCaps
GetBkMode

advapi32

OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
ControlService
OpenServiceA
DeleteService
CloseServiceHandle
RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken
GetTokenInformation

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteExA
SHFileOperationA
ShellExecuteA
SHGetMalloc
SHGetDesktopFolder

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

ole32

CoUninitialize
CoCreateInstance
CoInitialize

skinplusplus

ord1
ord27
ord32

winmm

PlaySoundA

msvcirt

??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ
??_Difstream@@QAEXXZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/UnTools.ini
完美卸载/UnZip.exe
.exe windows:4 windows x86 arch:x86

e791bd94ae9d9fa3ba03d79cea7f12fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord858
ord2621
ord1134
ord4698
ord1168
ord4234
ord2379
ord755
ord470
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord2818
ord535
ord800
ord4673
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
calloc
fclose
fseek
ftell
fwrite
fread
fopen
malloc
_strdup
free
_splitpath
sprintf
__CxxFrameHandler
strrchr
_setmbcp
_XcptFilter

kernel32

GetModuleFileNameA
GetFileAttributesA
lstrcmpiA
lstrlenA
CloseHandle
WriteFile
CreateFileA
lstrcatA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetModuleHandleA
GetStartupInfoA
lstrcpyA

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/UpFile.exe
.exe windows:4 windows x86 arch:x86

45a6f5ebdd0da6742eb7fb7ab08b7e38

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:7c:8d:15:44:83:b4:11:63:a7:df:21:65:96:87:03
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2009, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Network Department,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:f3:45:45:9b:91:16:a2:cd:1f:5a:f2:f6:7b:b5:7f:f7:2b:a9:31
Signer

Actual PE Digest

9b:f3:45:45:9b:91:16:a2:cd:1f:5a:f2:f6:7b:b5:7f:f7:2b:a9:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\UpFile.pdb

Imports

kernel32

GetLocalTime
lstrcpynA
WriteFile
SetFilePointer
MoveFileA
DeleteFileA
SetFileAttributesA
CloseHandle
GetFileSize
CreateFileA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetTickCount
UnmapViewOfFile
CreateMutexA
MapViewOfFile
GetLastError
CreateFileMappingA
CreateEventA
lstrcatA
lstrcpyA
SetEvent
LocalFree
CreateThread
LocalAlloc
Sleep
ReadFile
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
GetProcAddress
FreeLibrary
GetSystemTime
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
GetSystemTimeAsFileTime
GetPrivateProfileStringA
TlsGetValue
TlsAlloc
LockFileEx
AreFileApisANSI
GetFileAttributesA
GetFileAttributesW
DeleteFileW
GetTempPathA
GetTempPathW
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
LoadLibraryW
CreateFileW
RaiseException
DeleteCriticalSection
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetSystemDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
ExitProcess
HeapSize
HeapDestroy
QueryPerformanceCounter
GetPrivateProfileIntA
FlushViewOfFile
ReleaseMutex
WaitForSingleObject
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
TlsSetValue
InterlockedExchange

user32

IsWindow
wsprintfA
CharUpperA
SendMessageA
FindWindowA
wvsprintfA

advapi32

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLengthSid
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
AddAccessAllowedAce

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringLen
VariantClear
VariantInit
SysFreeString

msvcp71

?_Nomemory@std@@YAXXZ
?min@?$numeric_limits@E@std@@SAEXZ
?max@?$numeric_limits@E@std@@SAEXZ
?min@?$numeric_limits@G@std@@SAGXZ
?max@?$numeric_limits@G@std@@SAGXZ
?min@?$numeric_limits@I@std@@SAIXZ
?max@?$numeric_limits@I@std@@SAIXZ
?min@?$numeric_limits@D@std@@SADXZ
?max@?$numeric_limits@D@std@@SADXZ
?min@?$numeric_limits@F@std@@SAFXZ
?max@?$numeric_limits@F@std@@SAFXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@H@std@@SAHXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_XcptFilter
free
_CxxThrowException
??3@YAXPAX@Z
malloc
__CxxFrameHandler
atoi
sprintf
_mbschr
_mbsnbcat
_mbsnbcpy
_mbsrchr
_mbsstr
_mbsupr
sscanf
memmove
_vsnprintf
isdigit
isspace
realloc
isxdigit
localtime
strncmp
tolower
isalnum
strncpy
toupper
_except_handler3
??0exception@@QAE@ABV0@@Z
fclose
fread
ftell
fseek
fopen
fwrite
strrchr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vscprintf
vsprintf
_snprintf
_snscanf
rand
srand
time
_mbsicmp
_errno
strtol
strtoul
calloc
strchr
_itoa
_ultoa
_strlwr
_msize
_mbscmp
??_V@YAXPAX@Z
_purecall
wcsncmp
wcschr
wcslen
_gcvt
_fpclass
_i64toa
_ui64toa
_snwprintf
_strtoi64
_strtoui64
_HUGE
strtod
wcscmp
_wtoi
iswspace
memset
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
_c_exit
_exit

ws2_32

inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
getservbyport
ntohs
WSACleanup
WSACloseEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketA
gethostbyaddr

Sections

.text
Size: 376KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/UpLoadFile.db
完美卸载/UpdateUrl.ini
完美卸载/VLockDisk.exe
.exe windows:4 windows x86 arch:x86

ae550828efad96a8671fe02e87f17377

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/07/2010, 00:00

Not After

19/07/2011, 23:59

Subject

CN=Beijing Huyangfeng Information Technology Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=Beijing Huyangfeng Information Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:3d:5c:7b:27:19:36:17:f4:1e:4a:28:74:2e:86:46:d0:2a:66:89
Signer

Actual PE Digest

0c:3d:5c:7b:27:19:36:17:f4:1e:4a:28:74:2e:86:46:d0:2a:66:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord6197
ord283
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord5861
ord6143
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord801
ord541
ord616
ord2302
ord4224
ord5710
ord5860
ord2818
ord2370
ord2297
ord2363
ord6215
ord6334
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3499
ord2515
ord5290
ord6883
ord6877
ord5953
ord3742
ord3706
ord812
ord818
ord1270
ord1232
ord1168
ord559
ord6144
ord2152
ord6453
ord3089
ord6605
ord755
ord2380
ord470
ord5781
ord6119
ord2754
ord3797
ord816
ord562
ord5862
ord2860
ord3092
ord1200
ord3337
ord3811
ord6662
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord2725
ord1576
ord2301
ord1768
ord1949
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3619
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord858
ord2614
ord5788
ord2567
ord2414
ord5683
ord4277
ord2763
ord4129
ord5875
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord6394
ord5450
ord6383
ord5440
ord472
ord1195
ord2753
ord2452
ord536
ord5856
ord4202
ord2764
ord537
ord1621
ord4297
ord4133
ord5787
ord941
ord940
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord355
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord823
ord2438
ord3663
ord3654
ord2584
ord4220
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord860
ord535
ord800
ord1099
ord686
ord384
ord3790
ord2135

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_strupr
_setmbcp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
_ftol
_adjust_fdiv
__setusermatherr
memmove
strncpy
strrchr
strstr
sprintf
strtoul
_stricmp
rand
_splitpath
fclose
fwrite
fopen
_atoi64
fread
exit
__p___argv
__p___argc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_controlfp

kernel32

GetModuleHandleA
MultiByteToWideChar
DeleteFileA
GetSystemDirectoryA
CopyFileA
Sleep
GetCurrentProcess
WinExec
SetFileAttributesA
DefineDosDeviceA
LoadLibraryA
GetProcAddress
FreeLibrary
DeviceIoControl
GetLastError
GetCurrentDirectoryA
GetFileAttributesA
GetWindowsDirectoryA
LocalAlloc
LocalFree
MulDiv
FindFirstFileA
FindNextFileA
FindClose
GetVolumeInformationA
GetModuleFileNameA
GetDriveTypeA
CreateFileA
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
AppendMenuA
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
GetMenuItemCount
GetIconInfo
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
GrayStringA
GetSubMenu
IsIconic
DrawIcon
LoadIconA
ExitWindowsEx
MessageBoxA
RegisterHotKey
LoadMenuA
SetMenuDefaultItem
SetForegroundWindow
SetWindowLongA
SetWindowPos
PtInRect
IsRectEmpty
SetRectEmpty
ChildWindowFromPointEx
SetWindowRgn
KillTimer
GetCursorPos
SetTimer
ScreenToClient
IsWindow
GetClassInfoA
DefWindowProcA
LoadCursorA
DrawStateA
OffsetRect
GetClientRect
PostQuitMessage
EnableWindow
FrameRect
LoadImageA
GetSysColor
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyIcon
DestroyCursor

gdi32

CreateBitmap
CreateRectRgn
FrameRgn
FillRgn
OffsetRgn
SetBkColor
CreatePolygonRgn
CreateRoundRectRgn
GetTextMetricsA
StretchBlt
GetTextColor
CreateFontA
GetStockObject
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
CombineRgn
GetDeviceCaps
GetBkMode

advapi32

StartServiceA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceConfigA
QueryServiceStatus
ControlService
RegCloseKey
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenSCManagerA
RegEnumValueA

shell32

ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

ole32

CoUninitialize
CoCreateInstance
CoInitialize

skinplusplus

ord1
ord27

winmm

PlaySoundA

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/VirData.VLB
完美卸载/Vista.dat
完美卸载/WipeDisk.exe
.exe windows:4 windows x86 arch:x86

afed135aa209487b0b5db336a8101c25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord686
ord765
ord693
ord2514
ord2621
ord1134
ord541
ord801
ord5861
ord6143
ord5265
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord3402
ord3698
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5307
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3370
ord4627
ord3640
ord1146
ord1168
ord567
ord384
ord324
ord2302
ord4234
ord3996
ord2862
ord2096
ord4710
ord2379
ord755
ord470
ord800
ord5953
ord2818
ord540
ord2764
ord4202
ord858
ord2642
ord3092
ord4224
ord1105
ord6907
ord6883
ord3998
ord4376
ord5572
ord2915
ord6215
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5163
ord4673
ord1576

msvcrt

__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
fopen
fprintf
fclose
__CxxFrameHandler
_setmbcp
__p__fmode
sprintf
strrchr

kernel32

GetDriveTypeA
DeleteFileA
CloseHandle
WriteFile
Sleep
GetDiskFreeSpaceExA
GetVolumeInformationA
GetModuleHandleA
GetStartupInfoA
CreateFileA
GetModuleFileNameA

user32

IsIconic
KillTimer
SetTimer
PostQuitMessage
GetSystemMetrics
EnableWindow
GetClientRect
DrawIcon
LoadIconA
PeekMessageA
SendMessageA

shell32

ShellExecuteA

comctl32

ImageList_ReplaceIcon

skinplusplus

ord1

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
完美卸载/WipeShell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

39437cb5361f3a0d38900dac5826a2a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
ReadFile
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetShortPathNameA
CreateProcessA
CloseHandle
GetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
GetLastError
WriteFile
ExitProcess
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetProcAddress
LoadLibraryA
SetEndOfFile
RaiseException

user32

GetKeyState
InsertMenuA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

shell32

DragQueryFileA

ole32

ReleaseStgMedium
StringFromGUID2

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord21
ord16
ord15
ord18
ord57
ord32
ord58
ord30
ord23

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/WmKillDrv.sys
.sys windows:5 windows x86 arch:x86

1446b3743ce1bc70cd9dc2f605e92ff0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WorkCode\新版开发\ForceKill\Release\i386\WmKillDrv.pdb

Imports

ntoskrnl.exe

IoFreeIrp
KeSetEvent
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
KeGetCurrentThread
KeInitializeEvent
IoAllocateIrp
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
DbgPrint
ZwClose
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
IoFileObjectType
IoCreateFile

hal

KeGetCurrentIrql

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 674B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/WmVirualDisk.sys
.sys windows:5 windows x86 arch:x86

0ca07c72a67532e422657f8e04e406d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WorkCode\完美卸载26.11\正式版\NewVDisk\obj\i386\WmVirualDisk.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
ExFreePoolWithTag
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
KeGetCurrentThread
ExAllocatePoolWithTag
ZwClose
ZwQueryInformationFile
ZwSetInformationFile
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
ZwReadFile
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoCreateDevice
RtlInitUnicodeString
swprintf
ZwMakeTemporaryObject
ZwCreateDirectoryObject
RtlQueryRegistryValues
RtlAppendUnicodeToString
RtlCopyUnicodeString

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 287B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
完美卸载/kelmc.def
完美卸载/kelpe.def
完美卸载/kwlpe.wkl
完美卸载/msvcp60.dll
.dll windows:4 windows x86 arch:x86

c428a646f4c250be02cf420ab15d34b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp60.pdb

Imports

msvcrt

localeconv
_Gettnames
__mb_cur_max
fgetc
fgetwc
fputc
fputwc
ungetc
ungetwc
__CxxFrameHandler
setvbuf
fflush
??2@YAPAXI@Z
_CxxThrowException
fclose
fgetpos
fseek
sprintf
strcspn
strtol
_errno
fwrite
fsetpos
_Strftime
_Getdays
_Getmonths
strtoul
free
_iob
realloc
setlocale
malloc
__crtCompareStringA
__lc_collate_cp
_unlock
__lc_handle
_lock
__setlc_active
__unguarded_readlc_active
__crtLCMapStringA
__lc_codepage
towlower
towupper
strcmp
_pctype
_isctype
_ftol
strtod
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv
memset
memmove
memchr
memcpy
strlen
memcmp
wcslen
??4exception@@QAEAAV0@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
sqrt
sin
pow
log
ldexp
exp
cos
fopen
atan2

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
InterlockedExchange
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5DU?$char_traits@D@std@@M@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5DU?$char_traits@D@std@@N@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5DU?$char_traits@D@std@@O@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@M@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5GU?$char_traits@G@std@@N@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5GU?$char_traits@G@std@@O@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6DU?$char_traits@D@std@@M@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6DU?$char_traits@D@std@@N@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6DU?$char_traits@D@std@@O@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBF@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@M@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6GU?$char_traits@G@std@@N@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6GU?$char_traits@G@std@@O@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?XMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?XNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?XOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?YMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?YNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?YOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?ZMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?ZNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?ZOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?_0MM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?_0NN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?_0OO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@M@std@@QAE@ABM0@Z
??0?$_Complex_base@N@std@@QAE@ABN0@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locinfo@std@@QAE@ABV01@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_Winit@std@@QAE@XZ
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_exception@std@@QAE@ABV01@@Z
??0bad_exception@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0domain_error@std@@QAE@ABV01@@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
??0locale@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0messages_base@std@@QAE@I@Z
??0money_base@std@@QAE@I@Z
??0ostrstream@std@@QAE@PADHH@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0range_error@std@@QAE@ABV01@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0strstream@std@@QAE@PADHH@Z
??0time_base@std@@QAE@I@Z
??0underflow_error@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$_Mpunct@D@std@@UAE@XZ
??1?$_Mpunct@G@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
??1?$codecvt@GDH@std@@UAE@XZ
??1?$collate@D@std@@UAE@XZ
??1?$collate@G@std@@UAE@XZ
??1?$ctype@D@std@@UAE@XZ
??1?$ctype@G@std@@UAE@XZ
??1?$messages@D@std@@UAE@XZ
??1?$messages@G@std@@UAE@XZ
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??1?$moneypunct@G$00@std@@UAE@XZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??1?$numpunct@G@std@@UAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_alloc@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_exception@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1domain_error@std@@UAE@XZ
??1facet@locale@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1istrstream@std@@UAE@XZ

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
完美卸载/row.jpg
.jpg
完美卸载/user.ini

Sharing

General

Malware Config

Signatures

Files

36d19efdcb373fc81ccbd035dfec0258

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comctl32

skinplusplus

msvcirt

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 636B

.rsrc Size: 8KB - Virtual size: 5KB

d3787489724508598718fbfba4cb3a1d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

msvcirt

netapi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 1KB

4808eb2da524e99c7e821d4525f6d7dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1b:7c:8d:15:44:83:b4:11:63:a7:df:21:65:96:87:03Certificate

Extended Key Usages

Key Usages

6f:09:32:13:4f:d2:45:2b:57:af:22:c9:b6:f9:37:9a:ea:43:d4:dfSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

version

wininet

Exports

Exports

Sections

.text Size: 884KB - Virtual size: 881KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 48KB - Virtual size: 49KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 60KB - Virtual size: 58KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 636B

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1b:7c:8d:15:44:83:b4:11:63:a7:df:21:65:96:87:03
Certificate

6f:09:32:13:4f:d2:45:2b:57:af:22:c9:b6:f9:37:9a:ea:43:d4:df
Signer

.text
Size: 884KB - Virtual size: 881KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 48KB - Virtual size: 49KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 60KB - Virtual size: 58KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 68KB - Virtual size: 67KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 64KB - Virtual size: 62KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

b8:a7:8d:bc:b4:04:40:6b:6d:21:a2:a5:e6:96:3c:11
Certificate