35d8b196ab9ebc4733f1601bedeb15d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35d8b196ab9ebc4733f1601bedeb15d4_JaffaCakes118
Size

5.3MB
MD5

35d8b196ab9ebc4733f1601bedeb15d4
SHA1

4a18634dafa35f8bb9ffdda44d3e9c77e92f9fa9
SHA256

35979f9d209d53a93591bddc282e373804751e68fc98c3fdf6d2dd9af3ece0db
SHA512

5782d8ee922caf3048554cbd008d1b84d37a9840548c5514caf1abcc07f9a60a06483e8b2b90ae216e69af3342c19b6b5428f5f466724f4222ac67c296888a9d
SSDEEP

98304:yXNfLSz7zIr+3uJEiEUOyjQV575cZlJKkVMSttN8pqadjZlCUOHt51:y9f2z7QJElGMcZlDVMStpaRZwH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Fire_GetPinYin/FireCodeCreator.exe
unpack001/Fire_GetPinYin/Interop.ADODB.dll
unpack001/Fire_GetPinYin/Interop.ADODB64.dll
unpack001/Fire_GetPinYin/Interop.Office.DLL
unpack001/Fire_GetPinYin/Interop.VBIDE.DLL
unpack001/Fire_GetPinYin/Interop.Word.DLL
unpack001/Fire_GetPinYin/LiuNu.Words.dll
unpack001/Fire_GetPinYin/LiuNu.dll
unpack001/Fire_GetPinYin/MSO9.DLL
unpack001/Fire_GetPinYin/MSWORD9.OLB
unpack001/Fire_GetPinYin/VBE6EXT.OLB
unpack001/Fire_GetPinYin/msADOX.dll

Files

35d8b196ab9ebc4733f1601bedeb15d4_JaffaCakes118
.rar
Fire_GetPinYin/@无法运行说明.txt
Fire_GetPinYin/FireAsp.mdb
Fire_GetPinYin/FireCodeCreator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/Interop.ADODB.dll
.dll windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
GetModuleBase
MainDLL
_CorExeMain

Sections

.text
Size: 104KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Fire_GetPinYin/Interop.ADODB64.dll
.dll windows:4 windows x64 arch:x64

a8e1f3e4edacefb43c8a721a7de52ab1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

g:\MyProduct\MaxtoCode\MaxtoCode\SRC\MaxtoCode 3.10\AttickNew64\x64\Release\Attick64.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleInformation

iphlpapi

GetAdaptersInfo

kernel32

GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
FlsSetValue
GetCommandLineA
GetProcessHeap
RaiseException
RtlPcToFileHeader
GlobalReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetSystemTime
ResumeThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenThread
SuspendThread
WriteProcessMemory
VirtualProtectEx
SetFilePointer
ReadFile
GetVersionExA
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
TerminateProcess
GetModuleHandleA
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
ExitProcess

user32

ShowWindow
DestroyMenu
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
RegisterWindowMessageA
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
FindWindowA
SendMessageA
MessageBoxA
CharUpperA
LoadIconA
GetWindow
GetDC

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetCpuIDW
GetDiskID
GetDiskIDW
GetMacID
GetMacIDW
MainDLL

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/Interop.Office.DLL
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/Interop.VBIDE.DLL
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/Interop.Word.DLL
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/License.txt
Fire_GetPinYin/LiuNu.Page.dll
Fire_GetPinYin/LiuNu.Words.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/LiuNu.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/MSO9.DLL
.dll windows:4 windows x86 arch:x86

8ea2aab4c2b8eb351814d07038ac4abc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
GetUserNameA
GetUserNameW
SetFileSecurityW
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyA
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegQueryValueA
RegQueryValueW
RegEnumKeyA
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

gdi32

DeleteMetaFile
CloseMetaFile
StretchDIBits
SetWindowExtEx
SetWindowOrgEx
DeleteEnhMetaFile
CloseEnhMetaFile
GetDIBits
GetDeviceCaps
GetMetaFileBitsEx
SetMapMode
CreateMetaFileA
DPtoLP
SetStretchBltMode
SetICMMode
ExtEscape
LPtoDP
SetViewportExtEx
SetViewportOrgEx
RestoreDC
GetViewportOrgEx
GetWindowOrgEx
SaveDC
GetClipBox
DeleteObject
GetStockObject
CreateCompatibleDC
CreateSolidBrush
GetTextMetricsW
GetTextMetricsA
SelectObject
DeleteDC
SetTextColor
SetBkColor
CreateFontIndirectW
CreateFontIndirectA
GetObjectA
GetObjectW
CreateFontA
GetMapMode
SetBkMode
BitBlt
CreateCompatibleBitmap
PatBlt
GetTextColor
GetBkColor
GetCharacterPlacementW
SetTextAlign
GetTextAlign
RealizePalette
GetTextCharacterExtra
ExtCreatePen
CreatePen
Polygon
Polyline
LineTo
MoveToEx
SetROP2
StrokePath
EndPath
BeginPath
Ellipse
SetDIBitsToDevice
GetSystemPaletteEntries
GetPaletteEntries
GdiComment
CreatePatternBrush
CreateBitmap
SetBrushOrgEx
SetDIBits
GdiFlush
CreatePalette
SelectPalette
CreateDIBSection
GetObjectType
EnumFontFamiliesExA
DeleteColorSpace
SetColorSpace
GetColorSpace
Escape
GetViewportExtEx
GetWindowExtEx
GetCurrentObject
GetNearestPaletteIndex
SetColorAdjustment
GetColorAdjustment
SelectClipPath
SetRectRgn
Rectangle
SetPolyFillMode
FillPath
StrokeAndFillPath
ExtSelectClipRgn
CreateRectRgn
IntersectClipRect
GetClipRgn
SelectClipRgn
CreateDIBPatternBrushPt
StretchBlt
GetEnhMetaFileDescriptionW
GetEnhMetaFileDescriptionA
SetMetaFileBitsEx
GetWinMetaFileBits
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
SetWinMetaFileBits
EnumEnhMetaFile
CombineRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateEllipticRgn
PolyBezier
PolylineTo
PolyBezierTo
CloseFigure
GetKerningPairsA
GetBitmapBits
GetCharWidthA
GetGlyphOutlineA
GetGlyphOutlineW
GetCharABCWidthsA
EnumFontFamiliesA
CreateHalftonePalette
GetSystemPaletteUse
PolyPolygon
PlayEnhMetaFileRecord
EnumMetaFile
ScaleViewportExtEx
SetTextJustification
PlayMetaFileRecord
GetArcDirection
OffsetViewportOrgEx
GetTextCharset
RectVisible
GetROP2
GetBrushOrgEx
GetTextFaceA
GetEnhMetaFileBits
SetEnhMetaFileBits
GetNearestColor
CreateDIBitmap
UnrealizeObject
CreateBrushIndirect
CreateEnhMetaFileA
GetBkMode
OffsetRgn
PaintRgn
ExcludeClipRect
GetTextExtentPoint32A
CreateHatchBrush
ExtTextOutA
EqualRgn
GetRgnBox
CreateRectRgnIndirect
FillRgn
OffsetClipRgn
CopyEnhMetaFileA
CopyMetaFileA
LineDDA
GetTextExtentPointA
FrameRgn
CreateRoundRectRgn
GetOutlineTextMetricsA
GetDCOrgEx
GetFontData
GetTextCharsetInfo
GetTextFaceW
ExtTextOutW
GetCharWidthW
GetTextExtentPoint32W
GetTextExtentExPointA
TranslateCharsetInfo
GetTextExtentExPointW
CreateMetaFileW
CopyMetaFileW
GetMetaFileA
GetMetaFileW
CreateEnhMetaFileW
CopyEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileW
CreateColorSpaceA
CreateColorSpaceW
SetTextCharacterExtra
RectInRegion
EnumFontFamiliesExW
TextOutA
GetPixel
GetPolyFillMode

kernel32

LoadLibraryW
WriteFile
GetLastError
ReadFile
MulDiv
GetFileSize
GlobalMemoryStatus
SetFilePointer
FindClose
GetVersionExA
GetProcAddress
GetSystemDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
DosDateTimeToFileTime
LocalFileTimeToFileTime
_lclose
_lread
_llseek
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
_lopen
_lcreat
_lwrite
LocalFree
LocalUnlock
LocalLock
LocalAlloc
FreeLibrary
GlobalReAlloc
lstrcpyA
GlobalSize
SystemTimeToFileTime
GetVersionExW
GetTickCount
CloseHandle
GetSystemTime
Sleep
CreateProcessA
CreateMutexA
ReleaseMutex
WaitForSingleObject
LoadResource
FindResourceA
FreeResource
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
CompareStringW
CompareStringA
GetUserDefaultLCID
LoadLibraryA
SetErrorMode
IsBadReadPtr
FindFirstFileA
SetFileTime
WritePrivateProfileStringW
WritePrivateProfileStringA
SetFileAttributesW
GetFileAttributesW
CreateDirectoryExW
CreateDirectoryExA
GetDriveTypeW
GetDriveTypeA
GetLogicalDrives
OutputDebugStringW
GetWindowsDirectoryW
GetWindowsDirectoryA
TlsGetValue
FileTimeToDosDateTime
CompareFileTime
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetVersion
GetVolumeInformationA
lstrcatA
lstrcpynA
GetFileAttributesA
lstrlenA
IsDBCSLeadByte
lstrcmpiA
TlsFree
TlsAlloc
GetCurrentThreadId
CreateFileA
GetFileTime
TlsSetValue
ExitThread
CreateEventA
SetEvent
ResetEvent
PulseEvent
LCMapStringW
LCMapStringA
CreateThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetDateFormatW
GetDateFormatA
GetTimeFormatW
GetTimeFormatA
SetUnhandledExceptionFilter
GetCurrentThread
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
FindFirstChangeNotificationA
DeleteFileW
VirtualAlloc
TerminateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemInfo
GetCurrentProcessId
TerminateProcess
SetThreadPriority
OpenProcess
OpenFileMappingA
GetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
IsDBCSLeadByteEx
GetACP
lstrcmpA
DeviceIoControl
QueryDosDeviceA
GetPrivateProfileIntA
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
LockResource
SizeofResource
InterlockedExchange
DuplicateHandle
GetCurrentProcess
GetStringTypeExW
GetModuleFileNameA
OpenMutexA
GlobalFlags
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
VirtualFree
VirtualQuery
GetOEMCP
SetFileAttributesA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetVolumeInformationW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileIntW
GetComputerNameA
GetComputerNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
CreateDirectoryA
CreateDirectoryW
GetUserDefaultLangID
FindResourceW
FindFirstFileW
FindNextFileW
FindNextFileA
DeleteFileA
RemoveDirectoryW
RemoveDirectoryA
GetModuleHandleW
CopyFileA
CopyFileW
GetSystemDefaultLangID
CreateFileW
LoadLibraryExA
LoadLibraryExW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetShortPathNameA
GetShortPathNameW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
MoveFileA
MoveFileExW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
EnumTimeFormatsA
EnumDateFormatsA
EnumTimeFormatsW
EnumDateFormatsW
IsBadWritePtr
SetProcessWorkingSetSize
SetEndOfFile
MapViewOfFileEx
GetPrivateProfileSectionNamesA
GetProfileStringA
GetPrivateProfileSectionA
ExitProcess
CreateProcessW
IsValidLocale
GetProfileIntA
GetProfileIntW
GetProfileStringW
WriteProfileStringA
WriteProfileStringW
OpenFile
GetExitCodeThread
GetStartupInfoA
ResumeThread
SearchPathA
GetSystemDirectoryA
OutputDebugStringA
RtlUnwind
GetStringTypeA
GetStringTypeW
RaiseException

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
OleDraw
IIDFromString
OleGetIconOfClass
CoFileTimeNow
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
CLSIDFromProgID
OleSave
CLSIDFromString
ProgIDFromCLSID
OleSaveToStream
WriteClassStg
ReadClassStm
ReadClassStg
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StringFromCLSID
CoGetClassObject
CoFreeUnusedLibraries
GetRunningObjectTable
WriteClassStm
OleLoadFromStream
CoTaskMemAlloc
CoGetMalloc
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
StgCreateDocfile
CreateStreamOnHGlobal
CoCreateInstance
OleGetClipboard
GetHGlobalFromStream
ReleaseStgMedium
CoUninitialize
CreateFileMoniker
CoDisconnectObject
StgIsStorageFile
StgOpenStorage
CoTaskMemFree
CreateBindCtx
StringFromGUID2
CoInitialize
GetClassFile

user32

TranslateMessage
GetMessageA
GetMenuCheckMarkDimensions
SendNotifyMessageA
CopyRect
SetParent
EnableMenuItem
CopyIcon
ScrollWindowEx
GetMenuStringA
HiliteMenuItem
ReplyMessage
GetMenuItemRect
SetCursorPos
GetCaretBlinkTime
GetLastActivePopup
BeginDeferWindowPos
SetMenu
GetMenu
DrawMenuBar
SetMenuDefaultItem
VkKeyScanExA
IsCharAlphaNumericA
IsMenu
CreateMenu
CreateIconFromResourceEx
CreateIconIndirect
FindWindowA
PostThreadMessageA
MsgWaitForMultipleObjects
GetSubMenu
ModifyMenuA
IsDlgButtonChecked
CheckDlgButton
keybd_event
PostMessageW
GetMessageTime
IsRectEmpty
GetCursor
GetIconInfo
EndDeferWindowPos
DeferWindowPos
EnumChildWindows
IsIconic
GetWindowPlacement
GetWindowTextLengthA
VkKeyScanA
ToAscii
CallMsgFilterA
GetWindowDC
wsprintfA
ReleaseDC
GetDC
FillRect
GetSystemMetrics
IsWindow
EnableWindow
IsWindowEnabled
RegisterClassW
RegisterClassA
UnregisterClassW
UnregisterClassA
CreateWindowExW
CreateWindowExA
DefWindowProcW
DefWindowProcA
SetFocus
LoadCursorA
GetSysColor
SetClassLongA
GetWindow
SetCursor
MessageBoxW
DestroyWindow
GetClassNameW
GetClassNameA
DrawFocusRect
WindowFromDC
DestroyMenu
GetMenuItemCount
CreatePopupMenu
GetMessagePos
PeekMessageA
TrackPopupMenu
RemoveMenu
InsertMenuW
InsertMenuA
GetMenuItemID
GetMenuState
DeleteMenu
AppendMenuW
AppendMenuA
GetFocus
GetWindowRect
LoadIconA
DestroyIcon
GetClassLongA
InvalidateRect
DrawIcon
GrayStringW
GrayStringA
OffsetRect
InflateRect
CharLowerBuffA
SendDlgItemMessageA
UpdateWindow
ShowWindow
CreateDialogIndirectParamA
IsDialogMessageA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
SystemParametersInfoA
ClientToScreen
GetClientRect
SendMessageA
GetActiveWindow
PostMessageA
MessageBeep
GetKeyState
PtInRect
ScreenToClient
GetAsyncKeyState
LoadCursorW
DestroyCursor
DrawIconEx
DrawEdge
CharNextA
CharPrevA
SetTimer
KillTimer
wsprintfW
SystemParametersInfoW
GetClassInfoW
GetClassInfoA
RedrawWindow
GetUpdateRect
ReleaseCapture
SetWindowLongA
GetWindowLongA
MoveWindow
CallWindowProcW
CallWindowProcA
InvertRect
EndPaint
BeginPaint
SetScrollPos
SetScrollRange
DispatchMessageA
PeekMessageW
GetWindowTextA
GetKeyboardType
SetRect
GetQueueStatus
UnionRect
IntersectRect
EqualRect
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
GetClipboardOwner
InSendMessage
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatA
RegisterWindowMessageA
SendMessageTimeoutA
EnumWindows
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LoadImageA
GetParent
EndDialog
SetWindowTextA
GetDlgItem
GetDialogBaseUnits
SetCapture
GetCapture
GetCursorPos
DrawFrameControl
GetKeyboardLayout
SetActiveWindow
SetCaretPos
CreateCaret
EnumClipboardFormats
FrameRect
ClipCursor
EnableScrollBar
ShowCursor
WindowFromPoint
GetDoubleClickTime
GetClipboardData
IsClipboardFormatAvailable
GetOpenClipboardWindow
SetRectEmpty
DrawTextA
MapWindowPoints
MessageBoxA
LoadStringW
WaitMessage
IsWindowVisible
GetSystemMenu
GetTopWindow
GetDlgCtrlID
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowRgn
GetDesktopWindow
LockWindowUpdate
RegisterClassExA
DdeGetLastError
DdeDisconnect
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeClientTransaction
DdeFreeStringHandle
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
GetKeyboardLayoutList
LoadStringA
GetKeyboardState
SetWindowLongW
GetWindowLongW
DialogBoxIndirectParamA
DialogBoxIndirectParamW
CreateDialogIndirectParamW
SetWindowTextW
IsWindowUnicode
GetWindowTextW
WinHelpA
ExitWindowsEx
SetKeyboardState
SetScrollInfo
MapVirtualKeyA
WaitForInputIdle
SetForegroundWindow
SetWindowPos
GetScrollPos
ScrollWindow
LoadBitmapA
SendMessageW
EnumThreadWindows
DispatchMessageW
PostQuitMessage

Exports

Exports

??0StdExceptionLink@@QAE@XZ
??1CHeapStr@@QAE@XZ
??1CSdmDlg@@QAE@XZ
??1StdExceptionLink@@QAE@XZ
??2@YAPAXI@Z
??2@YAPAXIH@Z
??3@YAXPAX@Z
??8CFolderList@@UBEHABV0@@Z
?AccessGet@CFileFolder@@QBE?AW4ACCESS@CFSObj@@PAVIInterrupt@@PAH@Z
?AppendCFolder@CFolderList@@QAEHAAVCFolder@@HHIPAVIInterrupt@@@Z
?ArsAlert@@YG?AW4DM_ARS@@W4AID@@PBG11@Z
?CVolumeGet@CFileFolder@@QBEPBVCVolume@@XZ
?Cfft@CFile@@UBEHXZ
?Cfft@CFileFolder@@UBEHXZ
?Cfft@CFolder@@UBEHXZ
?Cleanup@CFileSystem@@SGXXZ
?Cleanup@CStatBar@@QAEXXZ
?CompareDesktopPidls@CFSObj@@SGHPBU_ITEMIDLIST@@0@Z
?ConvertMappingToUNCName@CFileFolder@@QAEXXZ
?ConvertUNCNameToMapping@CFileFolder@@QAEXXZ
?DestroyMonikers@CFileSpec@@QAEXXZ
?EndDlg@CSdmDlg@@QAEXI@Z
?ErCancelErr@CFSInterrupt@@UAEHAAUERRSTRUCT@@@Z
?FCheckSpecAllComponents@@YGHPBGPAKAAVCFileSpec@@AAVCFileTypeList@@AAVCFolderList@@PAVIInterrupt@@PAV2@PAV1@@Z
?FCreate@CStatBar@@QAEHPAU_rec@@PAUHWND__@@@Z
?FExists@CFileFolder@@QBEHPAVIInterrupt@@@Z
?FInCFolder@CFileFolder@@UBEHABVCFolder@@H@Z
?FInit@CFileSpec@@QAEHXZ
?FReadOnly@CFileFolder@@QBEHXZ
?FShowExtensions@CGlobals@@QAEHH@Z
?FSpecial@CFileFolder@@QBEHXZ
?FVolumeRoot@CFileFolder@@QBEHXZ
?GetCFileWz@CFolder@@QBEXAAVCFile@@PBG@Z
?GetIDList@CFileFolder@@QBEPBU_ITEMIDLIST@@XZ
?GetIDListRel@CFileFolder@@QBEPBU_ITEMIDLIST@@XZ
?GetShellFolderParent@CFileFolder@@QBEPAUIShellFolder@@XZ
?GetStatName@@YGXPAG@Z
?GetUNCNameWz@CFileFolder@@QBEJPAGPAH@Z
?GetWz@CDate@@QBEXPAGH@Z
?GetWzDisplayName@CFileFolder@@QBEXPAG@Z
?GetWzPathname@CFileFolder@@QBEXPAG@Z
?ILClone@@YGPAU_ITEMIDLIST@@PBU1@@Z
?ILFindLastID@@YGPAU_ITEMIDLIST@@PBU1@@Z
?IdsOfAid@@YG?AW4_ids@@W4AID@@@Z
?Init@CSdmDlg@@QAEXXZ
?InsertWzIntoIds@@YGXPBGW4_ids@@PAGIH@Z
?Invalidate@CStatBar@@QAEXXZ
?InvalidateCache@CFileFolder@@QAEXXZ
?Launch@CExternalApp@@QAEHHPBG@Z
?LcidGetLcidUsed@@YGKXZ
?MsoFMatchWzFName@@YGHPBG0@Z
?MsoIchFirstOfChInWz@@YGHPBGG@Z
?MsoIchLastOfChInWz@@YGHPBGG@Z
?MsoOperatorDelete@@YGXPAX@Z
?MsoOperatorNew@@YGPAXI@Z
?MsoWCollateWzPName@@YGHPBG0H@Z
?MsoWzCopy@@YGPAGPBGAAVCHeapStr@@@Z
?MsoWzToLower@@YGPAGPAG@Z
?MsoWzToUpper@@YGPAGPAG@Z
?OnContextHelp@CSdmDlg@@QAEHI@Z
?OnCount@CFileTypeListbox@@QAEII@Z
?OnFilterKey@CSdmDlg@@QAEHII@Z
?OnText@CFileTypeListbox@@QAEIPAGII@Z
?OnText@CSdmList@@UAEIPAGII@Z
?OutOfMemory@CGlobals@@QAEXXZ
?PGlobalsGet@@YGPAVCGlobals@@XZ
?PaintText@CStatBar@@QAEXPAUHDC__@@PAUtagRECT@@@Z
?SaveToGrwz@CFolderList@@QAEXPAPAGPAKGHHH@Z
?SaveToPidls@CFolderList@@QAEXPAPAPAU_ITEMIDLIST@@PAH@Z
?SetFDontChangeMouseCursor@IInterrupt@@SGXH@Z
?SetFromGrwz@CFolderList@@QAEXPBG@Z
?SetPathnameWz@CFileFolder@@UAEXPBG@Z
?SetText@CStatBar@@QAEXPBGK@Z
?SetupShellFolderFromPath@CFileFolder@@QAEHXZ
?StdCatchProc@@YGHI@Z
?StdProtect@@YGXPAUStdExceptionLink@@@Z
?StdThrow@@YGXPAVCException@@@Z
?StubMprWNetUseConnectionW@CGlobals@@QAEKPAUHWND__@@PAU_NETRESOURCEW@@PBG2KPAGPAK4@Z
?ThrowMemoryException@@YGXXZ
?TmcDoDlg@CSdmDlg@@QAEIIIHHPAUHWND__@@K@Z
?UpdateMappings@CFileSystem@@SGXXZ
?VoltypGet@CVolume@@QBE?AW4VOLTYP@CFSObj@@XZ
AddListBoxEntry
BeginListBoxUpdate
CaptureMouseTmc
CchGetListBoxEntry
CchGetTmc
CchGetTmcText
CentryListBoxTmc
ChangeColors
ClbeGetLbx
ClbeGetSelectedLbx
CompleteComboTmc
ContextHidOfDlg
ContextPosOfDlg
CselListBoxTmc
DeleteLbxLbe
DeleteListBoxEntry
DllCanUnloadNow
DllGetClassObject
DllGetLCID
DwDoFilterProc
EnableTmc
EndDlg
EndListBoxUpdate
EndSdm
EnsureVisibleDlgRec
FAddLbxLbe
FDlgShrunk
FEnabledTmc
FFreeDataDftLbx
FFreeDataLbx
FFreeDlg
FGetLbxLbe
FInitSdm
FIsDialogWindow
FIsDlgDying
FIsOfficeDlg
FIsVisibleTmc
FKillDlgFocus
FModalDlg
FRestoreDlg
FReturnDlgControl
FSendDlm
FSetCabRgb
FSetCabWt
FSetCabWz
FSetCursorLbx
FSetDlgHid
FSetDlgSab
FSetFirstLbx
FSetLbxClbe
FSetLbxLbe
FSetSelectedLbx
FSetTmcLargeVal
FSetupTabSwitcher
FShrinkRefEdit
FVisibleDlg
FreeCab
FreeNilLbe
FtmeIsSdmMessage
GetCabRgb
GetCabWt
GetCabWtz
GetCabWz
GetLbxLbg
GetListBoxEntry
GetProxyDllInfo
GetSelectedLbx
GetTmcLargeVal
GetTmcRec
GetTmcRecItsw
GetTmcSwitcherRec
GetTmcText
GrowDropTmc
HcabAlloc
HcabDupeCab
HcabFromDlg
HcabQueryCur
HdlgFromWindow
HdlgGetCur
HdlgGetFocus
HdlgQueryCur
HdlgSetCurDlg
HdlgSetFocusDlg
HdlgStartDlg
HidOfDlg
HlbxCreateLbg
HlbxFromTmc
IEntryFindListBox
IEntryListBoxCursorTmc
IdDoMsgBox
IlbeGetCursorLbx
IlbeGetFirstLbx
InitCab
InitCabWords
InsertListBoxEntry
InvalidateSwitcher
InvertCaret
IselGetSwitcher
ItswDirectlyAccel
LUserFromTmc
LimitTextTmc
LsAppendRunToCurrentSubline
LsCompressSubline
LsCreateContext
LsCreateLine
LsCreateSubline
LsDestroyContext
LsDestroyLine
LsDestroySubline
LsDisplayLine
LsDisplaySubline
LsEnumLine
LsEnumSubline
LsExpandSubline
LsFetchAppendToCurrentSubline
LsFinishCurrentSubline
LsGetLineDur
LsGetMinDurBreaks
LsGetReverseLsimethods
LsGetRubyLsimethods
LsGetSpecialEffectsSubline
LsGetTatenakayokoLsimethods
LsGetWarichuLsimethods
LsMatchPresSubline
LsModifyLineHeight
LsQueryFLineEmpty
LsQueryLineCpPpoint
LsQueryLineDup
LsQueryLinePointPcp
LsQueryPointPcpSubline
LsQueryTextCellDetails
LsResetRMInCurrentSubline
LsSetBreaking
LsSetCompression
LsSetDoc
LsSetExpansion
LsSetModWidthPairs
LsdnDistribute
LsdnFinishByPen
LsdnFinishRegular
LsdnFinishRegularAddAdvancePen
LsdnGetCurTabInfo
LsdnModifyParaEnding
LsdnQueryObjDimRange
LsdnQueryPenNode
LsdnResetObjDim
LsdnResetPenNode
LsdnResolvePrevTab
LsdnSetRigidDup
LsdnSubmitSublines
LssbFDonePresSubline
LssbGetDupSubline
LssbGetDurTrailInSubline
LssbGetObjDimSubline
LssbGetVisibleDcpInSubline
MoveDlg
MsoCchInsertSz
MsoCchInsertWz
MsoDrawAsstBtn
MsoGetLCID
MsoHrCreateAddInsXObject
MsoIMatchIrul
MsoMakeCustomItem
MsoMakeFindFile
MsoPact
MsoPactDtk
MsoPactDtkNq
MsoPactNq
MsoPactPca
MsoPactPcaNq
MsoVBADigSigCreateIndirectData
MsoVBADigSigGetSignedDataMsg
MsoVBADigSigIsMyTypeOfFile
MsoVBADigSigPutSignedDataMsg
MsoVBADigSigRemoveSignedDataMsg
MsoVBADigSigVerifyIndirectData
MsoWintrustFinalPolicy
NinchCab
OfficeSetHelpFilter
PaintDftLbx
PcabLockCab
PpvAllocLboxCb
PpvDemandLbxLbe
PpvGetLbxLbe
RedisplayTmc
ResizeDlg
ResizeDlgEx
SabGetDlg
SdmScaleRec
SetCEntryVisLbx
SetDefaultTmc
SetDlgCaption
SetFocusTmc
SetLbxLbePpv
SetLbxLbg
SetReadOnlyTmc
SetRgpfnIndexer
SetScrollPageTmc
SetSecretEditTmc
SetSwitcherIsel
SetTmcLUser
SetTmcRec
SetTmcText
SetTmcTxs
SetTmcVal
SetVisibleTmc
ShowDlg
StartListBoxUpdate
TmcDoDlgDli
TmcEndedDlg
TmcGetAccelerator
TmcGetDefault
TmcGetDropped
TmcGetFocus
TmtGetTmc
TxsGetTmc
UnlockCab
UpdateLbx
UpdateWindowDlg
ValGetTmc
VgxFunctions
WPicTabSwitcher
WPicTabSwitcherBorder
WRefQueryCur
WRenderPush
WRenderStaticText
WUser2Lbx
WindowFromDlg
WindowOfTmc
WindowSwapSdmParent
_BidiDropsToLeft@4
_CalcDropIconRecGccRec@8
_CdocidGet@4
_CidxGet@4
_CloseMorph@4
_FForceRectOnScreen@8
_FForceRectOnScreenCore@12
_FGetFirstRingEntry@12
_FGetLemma@12
_FGetNextRingElement@12
_FGetNextRingEntry@8
_FIsHttpUrl@4
_FLoadComctl32Lib@0
_FLoadDMIntlString@8
_FPropCacheGet@4
_FRestoreTmc@8
_FValidTmc@4
_FlbeLbxLbe@8
_GetGeoTextFromPreset@8
_GetHFontSdm@0
_GetOrientedFont@8
_GetScreenFromWindow@4
_GrwzHttpMappingGet@4
_GrwzWebFoldersGet@4
_HMsoinstGetFromSdm@0
_HashWzToInt@8
_HpalSelectAndRealizeIfNecessary@12
_IdxfGet@4
_IftGet@4
_LDoAlertTFC@56
_LDoAlertTFCEx@64
_LDoBalloonTFC@40
_LcbTotalGet@4
_ListView_GetItemW@8
_ListView_InsertColumnW@12
_ListView_InsertItemW@8
_ListView_SetItemTextW@16
_ListView_SetItemW@8
_LpfiAllocFi@16
_MakeCDocList@4
_MakeCIndexM@4
_MsoAbortCallback@4
_MsoAcbBalloon@4
_MsoActivateMSToolbarApp@4
_MsoAddVkToKevt@12
_MsoAdjustPRT@20
_MsoAlertIds@12
_MsoAlertIdsSz1@16
_MsoAlertSz@8
_MsoAlertWtz@12
_MsoAnchorBlip@8
_MsoAnsiCodePageLimited@4
_MsoAppendRultkFormat@16
_MsoAppendToPath@8
_MsoAttachScript@4
_MsoAutoClearIrul@4
_MsoAutoCorrectFEString@28
_MsoAutoCorrectListCount@4
_MsoBPaletteGray@4
_MsoBciBcacheRender@16
_MsoBeginBoot@0
_MsoBfilePurge@0
_MsoBuildLowPriorityPcssr@8
_MsoCacheDc@4
_MsoCacheTkText@12
_MsoCallWindowProc@20
_MsoCbChopHp@8
_MsoCbHeapUsed@0
_MsoCbRegGetBufferSizeCore@4
_MsoCbRegGetBufferSizeSz@4
_MsoCbRegGetBufferSizeWz@4
_MsoCbSizePpv@4
_MsoCbSizePv@4
_MsoCchCopyTextOfDtk@24
_MsoCchCpLoadSzFromPstt@24
_MsoCchDecodeURL@4
_MsoCchDtsFptToRgxchCore@32
_MsoCchGetLocaleInfo@16
_MsoCchGetUsersFilesFolder@4
_MsoCchLoadSz@16
_MsoCchLoadSzEx@16
_MsoCchLoadWz@16
_MsoCchLoadWzFromPstt@20
_MsoCchRegGetWz@12
_MsoCchSzLen@4
_MsoCchTokenText@12
_MsoCchWzFromColor@12
_MsoCchWzIndexRight@12
_MsoCchWzLen@4
_MsoCheckForBrowser@4
_MsoCheckFragmentationQuality@0
_MsoCheckHEVReg@0
_MsoChsFromCpg@4
_MsoChsFromLid@4
_MsoCidToFilename@8
_MsoCleanDc@4
_MsoCleanMFData@4
_MsoClearChangedEventsForRulevt@4
_MsoClearEventsForRulevts@20
_MsoClearRgvarg@8
_MsoClearRules@0
_MsoCloseCagInstances@0
_MsoCompareStringA@24
_MsoCompareStringW@24
_MsoConvert100nsToMin@4
_MsoConvertIndex@24
_MsoConvertMinTo100ns@4
_MsoConvertPictureSwitch@4
_MsoCopyFileW@12
_MsoCopyMetaFileW@8
_MsoCopyStream@8
_MsoCopyTkTextToCache@4
_MsoCpAutodetectGuess@4
_MsoCpCchSzLenFromWz@8
_MsoCpFromRgchContentType@8
_MsoCpLimOfDtk@8
_MsoCpRgchToRgwch@20
_MsoCpSzToWz@12
_MsoCpgBestForWzUrl@4
_MsoCpgFromChs@4
_MsoCpgFromFsCpg@4
_MsoCpgFromLid@4
_MsoCrFromTextColor@12
_MsoCrGetBackColorValue@8
_MsoCrGetTextureForeColor@4
_MsoCrSetBrightness@4
_MsoCreateColorSpaceW@4
_MsoCreateDirectoryW@8
_MsoCreateFileFromBlip@20
_MsoCreateFileW@28
_MsoCreateFontFromResource@8
_MsoCreateIOLDocFromMoniker@12
_MsoCreateIOLDocFromWzPersistentName@12
_MsoCreateIOLDocTempFromWzDisplayName@8
_MsoCreateMonitorWindow@0
_MsoCreateOwsIdleComp@8
_MsoCreateRenItem@8
_MsoCreateScripts@8
_MsoCreateShortcut@8
_MsoCwchGetAltChar@12
_MsoCwchNormFuzzy@16
_MsoDataObjectFromGrfcf@4
_MsoDcpCurrAdjustedLexs@4
_MsoDcpDoActs@24
_MsoDelayScheduleIrul@12
_MsoDelayScheduleIrulFrom@12
_MsoDeleteFileW@4
_MsoDeletePx@12
_MsoDestroyIPref@4
_MsoDestroyITFC@4
_MsoDestroyKevt@4
_MsoDestroyScripts@4
_MsoDestroyStartup@0
_MsoDestroyThumbnail@4
_MsoDialogFontNameLid@8
_MsoDigSigSaveBe@4
_MsoDisableTextOutForME@4
_MsoDispatchMessage@4
_MsoDisposeTextSplashWz@4
_MsoDoGhostingAlert@0
_MsoDontInitializeVisibles@0
_MsoDontMakeFindFile@0
_MsoDragQueryFileW@16
_MsoDrawOneBorder@16
_MsoDrawTextW@20
_MsoDrawingDownloadIdle@0
_MsoDtkFindPrevToken@12
_MsoDtkFindRgirul@20
_MsoDtkFromTokenDtki@8
_MsoDtkStartFromDcp@12
_MsoDtkiFromTokenDtk@8
_MsoDwGetShellSetting@4
_MsoDwGimmeUserInstallBehavior@8
_MsoDwMseValidateView@8
_MsoDwOFCCanPostDoc@0
_MsoDwOFCPostDoc@40
_MsoDwOfficeLoadIntProperties@20
_MsoDwOfficeLoadProperties@20
_MsoDwOfficeSaveProperties@20
_MsoDwRegGetDefaultDw@4
_MsoDwRegGetDw@4
_MsoDwUrlAttributes@8
_MsoEmptyPx@4
_MsoEndBoot@0
_MsoEndPRT@4
_MsoEnsureMinUIFontSize@4
_MsoEnumComponentQualifiersEx@28
_MsoEnumEditLcid@8

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/MSWORD9.OLB
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/ReadMe.txt
Fire_GetPinYin/RegSoft.txt
Fire_GetPinYin/VBE6EXT.OLB
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/config.ini
Fire_GetPinYin/fyp.ico
Fire_GetPinYin/help.chm
.chm
Fire_GetPinYin/msADOX.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7853305a8d36f561c76ecbd4b2f0ea2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msADOX.pdb

Imports

msvcrt

_adjust_fdiv
_except_handler3
wcscat
wcscpy
wcstod
wcschr
_wcsicmp
wcslen
_wcsnicmp
memmove
swprintf
sprintf
malloc
_onexit
__dllonexit
_purecall
_initterm
free

msdart

lstrcatI
RegEnumKeyExI
lstrlenI
RegSetValueExI
RegCreateKeyExI
RegQueryValueExI
RegDeleteKeyI
lstrcpyI
PostMessageI
RegOpenKeyExI
MpHeapAlloc
LoadStringI
GetWindowsDirectoryI
CharNextI
GetVersionExI
_LoadVersionedResourceEx@16
??1CReaderWriterLock3@@QAE@XZ
??0CReaderWriterLock3@@QAE@XZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
GetModuleHandleI
GetModuleFileNameI
UMSEnterCSWraper
LoadLibraryI
FXMemAttach
MpGetHeapHandle
MpHeapFree
MPInitializeCriticalSection
MPDeleteCriticalSection
FXMemDetach

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
EnterCriticalSection
CompareStringW
LCMapStringW
LCMapStringA
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetCurrentProcess
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
GetUserDefaultLCID
TlsFree
TlsAlloc
lstrlenW
GetCurrentThreadId
TlsGetValue
TlsSetValue
InterlockedExchange
LeaveCriticalSection
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA

advapi32

RegCloseKey

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SetErrorInfo
VariantChangeType
VariantClear
GetErrorInfo
LoadRegTypeLi
SysStringLen
SafeArrayPutElement
SafeArrayGetElement
VariantCopy
SysAllocString
LoadTypeLi
OaBuildVersion
SysAllocStringLen
CreateErrorInfo
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayCopy
RegisterTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fire_GetPinYin/tutorial.url
Fire_GetPinYin/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 792KB - Virtual size: 792KB

2eabe9054cad5152567f0699947a2c5b

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 228KB

.rsrc Size: 20KB - Virtual size: 17KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 644KB

.data Size: 468KB - Virtual size: 468KB

.data Size: 4KB - Virtual size: 4KB

a8e1f3e4edacefb43c8a721a7de52ab1

Headers

File Characteristics

PDB Paths

Imports

version

psapi

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 310KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 14KB - Virtual size: 47KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 4KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 140KB - Virtual size: 137KB

.rsrc Size: 4KB - Virtual size: 816B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 44KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 792KB - Virtual size: 792KB

.text
Size: 104KB - Virtual size: 228KB

.rsrc
Size: 20KB - Virtual size: 17KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 644KB

.data
Size: 468KB - Virtual size: 468KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 14KB - Virtual size: 47KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 140KB - Virtual size: 137KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 44KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 628KB - Virtual size: 627KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 216KB - Virtual size: 216KB

.sdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 180KB - Virtual size: 180KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 140KB - Virtual size: 165KB

.rsrc
Size: 408KB - Virtual size: 405KB

.reloc
Size: 152KB - Virtual size: 149KB

.rsrc
Size: 528KB - Virtual size: 525KB

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 144KB - Virtual size: 141KB

.data
Size: 4KB - Virtual size: 1KB

.sdbid
Size: 4KB - Virtual size: 468B