38b4608a52a1a63e89f595c1b9bcb79e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38b4608a52a1a63e89f595c1b9bcb79e_JaffaCakes118
Size

2.7MB
MD5

38b4608a52a1a63e89f595c1b9bcb79e
SHA1

c96df09fe1c474d7af117cb7822c35ec3c3b0bbc
SHA256

c158886439214b855aa6beeeb264a3e1711890630f116f64787327372d905b91
SHA512

0cacb3c9ba3d58bc38098b956ff0ed29378f840f1ea4e8247e5cf8734e843b735f643463d0985712f319d54b2e0edeaee93ca2c17605c78bec4482971f6d8113
SSDEEP

49152:v2P/0x4hmqrZfWRMBnb+djImZ7mW+9p4gWsd0Vr2+9kKE9kWFjMqY9/B1OOzLtcC:+E6hwMBnE3J+QgWsWVrjkx2Mj+t8VGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
38b4608a52a1a63e89f595c1b9bcb79e_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$SYSDIR/OLEAUT32.DLL
unpack001/$SYSDIR/OLEPRO32.DLL
unpack001/$SYSDIR/SHELLLNK.DLL
unpack001/$SYSDIR/TABCTCHT.DLL
unpack001/$SYSDIR/URLMON.DLL
unpack001/$SYSDIR/VB5DB.DLL
unpack001/$SYSDIR/VB6CHT.DLL
unpack001/$SYSDIR/VB6STKIT.DLL
unpack001/$SYSDIR/VBAJET32.DLL
unpack001/$SYSDIR/WINSKCHT.DLL
unpack001/Cutmail.exe
unpack001/DELHTTP.EXE
unpack001/Play_FLV.exe
unpack001/Px3-db.exe
unpack001/Px3.exe
unpack001/cutnet.exe
unpack001/patch.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

38b4608a52a1a63e89f595c1b9bcb79e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/OLEAUT32.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 544KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OLEPRO32.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

f5ccf8bf224eb9ec83fbb805c335d308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
InitializeCriticalSection
GetModuleHandleA
GlobalAddAtomA
DeleteCriticalSection
lstrlenW
GlobalHandle
GlobalDeleteAtom
GlobalReAlloc
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
MulDiv
LeaveCriticalSection
GetProcAddress
GetVersion
GetLocaleInfoA
GetStringTypeW
GetLocaleInfoW
GetStringTypeA
VirtualAlloc
LCMapStringA
LCMapStringW
InterlockedIncrement
GetLastError
WriteFile
VirtualFree
IsDBCSLeadByte
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
HeapDestroy
GetEnvironmentStringsW
HeapCreate
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetCPInfo
GetOEMCP
GetStartupInfoA
GetFileType
GetModuleFileNameA
SetHandleCount
GetStdHandle
TlsFree
TlsAlloc
TlsGetValue
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
ExitProcess
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
RaiseException
WideCharToMultiByte
LoadLibraryA
HeapAlloc
RtlUnwind
HeapFree
TerminateProcess
GetCommandLineA
InterlockedDecrement

user32

RegisterClipboardFormatA
GetKeyState
ReleaseDC
IsWindowUnicode
GetWindowLongA
GetSysColor
SetWindowLongA
SetActiveWindow
DestroyWindow
SetFocus
PostMessageA
GetActiveWindow
PostQuitMessage
TranslateMessage
DispatchMessageA
DispatchMessageW
SendMessageA
GetMessageW
GetMessageA
IsWindow
EnableWindow
GetParent
GetWindowTextA
GetFocus
CharNextA
GetDlgItem
CharLowerA
SendMessageW
GetClientRect
GetDialogBaseUnits
GetDC
wsprintfA
GetTopWindow
WinHelpW
CreateIcon
wsprintfW
DestroyIcon
GetSystemMetrics
CreateCursor
DrawIcon
CopyImage
GetIconInfo
CopyIcon

gdi32

SetViewportOrgEx
SetBkColor
SetStretchBltMode
GetBitmapBits
DeleteEnhMetaFile
SetEnhMetaFileBits
GetTextExtentPointA
GetPaletteEntries
DeleteMetaFile
CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetTextFaceW
GetTextMetricsA
GetTextFaceA
SelectObject
GetDeviceCaps
GetTextMetricsW
CreateBitmap
SetMetaFileBitsEx
PatBlt
GetBitmapDimensionEx
GetObjectA
GetEnhMetaFileHeader
GetDIBits
StretchBlt
StretchDIBits
SelectPalette
GetStockObject
CreateHalftonePalette
CreateDIBitmap
CreateDIBSection
Escape
SetBitmapBits
SetDIBits
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SaveDC
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
SetWindowExtEx
SetTextColor
SetMapMode
SetWindowOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType

ole32

CoCreateInstance
CoGetMalloc
StringFromGUID2
StgCreateDocfile
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium

advapi32

RegFlushKey
RegQueryValueW
RegCloseKey
RegSetValueA
RegCreateKeyA
RegOpenKeyW
RegOpenKeyA

oleaut32

VariantChangeType
SysAllocString
VariantClear
LoadTypeLi
SysFreeString
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Play_FLV.DLL
$SYSDIR/SHELLLNK.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

0301b7ebf2bccb3797a459b49a3fa0fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
_adj_fdiv_m64
ord622
ord516
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaAryConstruct
_adj_fpatan
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
ord616
_CIatan
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/TABCTCHT.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/TabCtl32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aa8b0ec5b7d56e08d6614ae243221096

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
HeapReAlloc
lstrcmpA
GetProcessHeap
InitializeCriticalSection
lstrcatA

user32

SetFocus
MoveWindow
GetWindow
ShowWindow
IsWindowEnabled
PtInRect
IsWindowVisible
GetParent
SetWindowRgn
GetSysColor
CopyRect
DrawFocusRect
DestroyWindow
GetWindowDC
GetWindowRect
CreateWindowExA
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetRectEmpty
SetWindowPos
OffsetRect
WinHelpA
GetNextDlgTabItem
CharNextA
GetClipboardFormatNameA
ScreenToClient
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
InvalidateRect
ReleaseCapture
CreateDialogIndirectParamA
IsChild
SetParent
EndPaint
IsDialogMessageA
FillRect
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetSystemMetrics
ClientToScreen
GetClientRect
BeginPaint
IntersectRect

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
SysStringLen
OleTranslateColor
GetErrorInfo
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
OleCreatePictureIndirect
SysAllocString
SysFreeString

gdi32

LPtoDP
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
SetMapMode
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
CreateICA
GetPaletteEntries

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/URLMON.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

8cc12a6b2cb9bef31f2ece4ba443e3b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoGetClassObject
StringFromCLSID
CreateGenericComposite
StgOpenStorageOnILockBytes
GetClassFile
CoTaskMemFree
CoTaskMemAlloc
MonikerRelativePathTo
ReleaseStgMedium
CreateILockBytesOnHGlobal
OleGetAutoConvert
CoGetMarshalSizeMax
CoMarshalInterface
CoUnmarshalInterface
StgOpenStorage
CoRegisterMessageFilter
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CreateBindCtx
MkParseDisplayName

rpcrt4

RpcRaiseException
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported

shlwapi

ord306
ord80
ord97
ord154
StrCpyW
StrCmpNIW
ord215
StrCpyNW
ord431
ord378
ord107
ord395
StrStrIA
StrCatW
StrNCatA
ord436
ord2
SHRegGetUSValueA
ord24
PathFindExtensionW
StrRChrW
ord59
ord94
ord141
ord143
StrDupW
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueW
SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegEnumUSKeyW
ord29
SHRegWriteUSValueW
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegCreateUSKeyW
SHRegCloseUSKey
ord125
ord76
ord457
PathIsPrefixW
ord309
SHRegGetUSValueW
ord138
ord335
StrCmpNA
PathFindExtensionA
PathFindFileNameW
ord441
StrCatBuffW
wnsprintfA
SHQueryValueExA
StrCatBuffA
PathFileExistsA
StrToIntW
PathUndecorateA
ord435
SHRegGetBoolUSValueA
ord52
ord75
ord65
PathIsUNCServerA
UrlGetPartA
StrToIntA
PathFindFileNameA
UrlCombineA
UrlGetLocationA
PathCreateFromUrlA
StrDupA
UrlUnescapeA
ord1
StrStrA
UrlGetPartW
ord158
ord155
ord151
ord153
StrStrW
StrCmpIW
wnsprintfW
StrChrW
StrCmpNIA
UrlCanonicalizeW
UrlUnescapeW
UrlEscapeW
PathCreateFromUrlW
UrlCreateFromPathW
UrlGetLocationW
StrNCatW
ord124
ord128
StrChrA
UrlCompareW
UrlCombineW
StrCmpW
ord83

user32

RegisterClipboardFormatA
LoadStringA
wsprintfA
CharNextA
CharPrevA
DestroyWindow
PostMessageA
SetWindowLongA
DefWindowProcA
PostQuitMessage
PeekMessageA
DispatchMessageA
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjects
UnregisterClassA
RegisterClassA
CreateWindowExA
GetClipboardFormatNameA
FindWindowA
DialogBoxParamA
GetActiveWindow
GetLastActivePopup
GetParent
SendNotifyMessageA
OemToCharBuffA
KillTimer
SetTimer
CharUpperBuffA
SendMessageA
GetDlgItem
SetDlgItemTextA
MessageBoxW
ShowWindow
EndDialog
SetWindowPos
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
IsDlgButtonChecked
CheckDlgButton
SetForegroundWindow
CharLowerA
GetWindowLongA
SendDlgItemMessageA
SetFocus
EnableWindow
GetWindowRect
GetDC

gdi32

GetDeviceCaps
GetObjectType
CreatePalette
GetPaletteEntries
SetEnhMetaFileBits
GetEnhMetaFileBits
CreateBitmap
GetObjectA
GetBitmapBits
SetMetaFileBitsEx
GetMetaFileBitsEx

advapi32

RegSetValueExA
GetUserNameA
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegDeleteKeyA

kernel32

FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetDriveTypeA
GetTimeFormatA
GetLocaleInfoA
FileTimeToSystemTime
GetCurrentProcess
LocalAlloc
GetLocalTime
RemoveDirectoryA
FindNextFileA
CompareFileTime
SearchPathA
SystemTimeToFileTime
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteAtom
GetSystemTime
CreateThread
TerminateThread
TerminateProcess
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
ExitThread
GetSystemTimeAsFileTime
CopyFileA
GetSystemDirectoryA
LoadLibraryExA
GetUserDefaultLCID
GetSystemDefaultLCID
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
FindFirstFileA
GetFullPathNameA
SetLastError
CompareStringA
GetShortPathNameA
GetThreadLocale
GetWindowsDirectoryA
lstrcatA
GetEnvironmentStrings
CreateDirectoryA
WriteFile
DeleteFileA
GetTempPathA
GlobalLock
GlobalSize
GlobalUnlock
CreateFileA
GetFileSize
GetFileTime
SetFilePointer
ReadFile
FindClose
GetACP
FindAtomA
AddAtomA
CloseHandle
GetLastError
GetCurrentProcessId
LocalFree
LoadLibraryA
GlobalAlloc
GlobalFree
GetProcessHeap
TlsAlloc
TlsFree
TlsGetValue
HeapAlloc
TlsSetValue
HeapFree
GetCurrentThreadId
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcmpA
lstrcmpiA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
GetSystemInfo
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
IsBadWritePtr
IsBadReadPtr
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
RtlUnwind
GetOEMCP
GetCPInfo
VirtualAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
VirtualQuery
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetTickCount
RaiseException
InterlockedExchange
GetFileAttributesA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CDLGetLongPathNameA
CDLGetLongPathNameW
CoGetClassObjectFromURL
CoInstall
CoInternetCombineUrl
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSession
CoInternetParseUrl
CoInternetQueryInfo
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateURLMoniker
CreateURLMonikerEx
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetMarkOfTheWeb
GetSoftwareUpdateInfo
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
IsAsyncMoniker
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
ReleaseBindInfo
RevokeBindStatusCallback
RevokeFormatEnumerator
SetSoftwareUpdateAdvertisementState
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
WriteHitLogging
ZonesReInit

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VB5DB.DLL
.dll windows:4 windows x86 arch:x86

2824fcddda9a05ec563c0e7037537798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
GetLastError
OpenFile
_llseek
GetTempFileNameA
GetTempPathA
_lwrite
_lread
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
_lclose
LeaveCriticalSection
HeapAlloc
HeapFree
VirtualAlloc
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

ole32

CoGetMalloc

oleaut32

SysAllocString
SysAllocStringByteLen
SysFreeString
SafeArrayDestroy
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
CreateErrorInfo
SysStringLen
VariantChangeType
SysAllocStringLen
VariantCopy
SafeArrayCreate
SetErrorInfo

Exports

Exports

DnaNewCRCRecordset

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VB6CHT.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VB6STKIT.DLL
.dll windows:4 windows x86 arch:x86

9f4b76d42cbc350286ec870347345155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

TranslateMessage
CharNextA
wsprintfA
CharPrevA
LoadStringA
PeekMessageA
MessageBoxA
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize

oleaut32

RegisterTypeLi
LoadTypeLi

kernel32

GetFileAttributesA
CompareStringW
GetStringTypeW
DeleteFileA
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
LCMapStringW
GetEnvironmentStringsW
LCMapStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
GetCPInfo
HeapReAlloc
GetLocaleInfoW
FlushFileBuffers
SetEnvironmentVariableA
GetOEMCP
GetVersion
GetLastError
lstrcatA
lstrcpyA
lstrcmpiA
lstrlenA
CopyFileA
OpenFile
Sleep
lstrcpynA
WriteFile
CloseHandle
SetFilePointer
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetErrorMode
LocalFree
LocalUnlock
LocalLock
LocalAlloc
SetFileTime
GetFileTime
GetWindowsDirectoryA
MultiByteToWideChar
CompareStringA
WideCharToMultiByte
GetModuleFileNameA
VirtualAlloc
HeapCreate
VirtualFree
TlsSetValue
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindFirstFileA
GetFileType
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
ReadFile
GetCommandLineA
GetCurrentThreadId
DeleteCriticalSection
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
GetFullPathNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
InterlockedDecrement
InterlockedIncrement
HeapDestroy

Exports

Exports

AbortAction
AddActionNote
ChangeActionKey
CommitAction
DLLSelfRegister
DisableLogging
EnableLogging
ExtractFileFromCab
GetClsidFromActXFile
LogConfig
LogError
LogNote
LogWarning
NewAction
RegisterTLB
SyncShell
_SetTime@8
fCreateShellLink
fRemoveShellLink
fWithinAction

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBAJET32.DLL
.dll windows:4 windows x86 arch:x86

8e4cca56f88f6d206aa5a20cdaf1a0c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer

Exports

Exports

LoadExprSrvDll
VBAGetExprSrv

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WINSKCHT.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALLMAIL.TXT
BIRDHDAY.PX3
CutNet.ini
CutNet2.ini
Cutmail.exe
.exe windows:4 windows x86 arch:x86

6e91ae98bc42f165330b1d36b539a929

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord620
__vbaLineInputVar
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord553
ord661
__vbaSetSystemError
ord662
__vbaHresultCheckObj
__vbaNameFile
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
__vbaBoolStr
ord593
__vbaVarForInit
__vbaExitProc
ord594
__vbaOnError
ord595
__vbaObjSet
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord520
__vbaBoolVar
__vbaFpR8
__vbaVarTstLt
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord631
ord709
__vbaErase
__vbaVargVarMove
ord525
__vbaVarZero
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaR4Str
ord560
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaRedimVar
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
ord607
ord608
ord531
ord609
ord716
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaNew2
ord570
__vbaInStr
__vbaR8Str
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
ord611
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord612
__vbaVerifyVarObj
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
__vbaFpI4
__vbaR8IntI2
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaStrMove
ord619
__vbaStrVarCopy
ord542
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord547
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DELHTTP.EXE
.exe windows:4 windows x86 arch:x86

7d71947d9bda7fda3a968c19c4b1e1eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGenerateBoundsError
DllFunctionCall
_adj_fpatan
_CIsqrt
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaStrToAnsi
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DELLIST.TXT
DM1.HTM
.html
EMAIL1.TXT
INSTALL.INI
LOVE.PX3
NEWYEAR.PX3
PX3.INI
Play_FLV.exe
.exe windows:4 windows x86 arch:x86

4eb7adef0d3079bed6031714e2bfbf57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
ord669
__vbaLateMemSt
__vbaExitProc
ord593
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
_CIsin
ord631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaPutOwner3
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
ord319
__vbaUbound
__vbaVarCat
ord535
ord536
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVar2Vec
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaLateMemCall
ord320
__vbaStrToAnsi
ord321
__vbaFpI4
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Px3-db.exe
.exe windows:4 windows x86 arch:x86

c5162d6d7b22141b3c72c13ee71b9d8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
ord620
ord516
ord518
ord552
ord553
ord662
Zombie_GetTypeInfo
ord593
ord595
ord596
ord598
ord520
ord522
ord631
ord709
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord560
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord607
ord608
ord319
ProcCallEngine
ord535
ord536
ord537
ord645
ord648
ord570
ord571
ord573
ord576
ord578
ord100
ord610
ord611
ord320
ord612
ord321
ord613
ord617
ord619
ord542
ord543
ord544
ord545
ord546
ord547
ord581

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Px3.exe
.exe windows:4 windows x86 arch:x86

c5162d6d7b22141b3c72c13ee71b9d8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
ord620
ord516
ord518
ord552
ord553
ord662
Zombie_GetTypeInfo
ord593
ord595
ord596
ord598
ord520
ord522
ord631
ord709
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord560
DllFunctionCall
Zombie_GetTypeInfoCount
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord607
ord608
ord319
ProcCallEngine
ord535
ord536
ord537
ord645
ord648
ord570
ord571
ord573
ord576
ord578
ord100
ord610
ord611
ord320
ord612
ord321
ord613
ord617
ord619
ord542
ord543
ord544
ord545
ord546
ord547
ord581

Sections

.text
Size: 544KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
REACH.ICO
Readme.pdf
USER.HTM
.html
XMAS.PX3
commercial1.px3
commercial10.px3
.html
commercial11.px3
commercial12.px3
.html
commercial13.px3
.html
commercial14.px3
.html
commercial15.px3
.html
commercial16.px3
commercial17.px3
.html
commercial18.px3
.html
commercial19.px3
commercial2.px3
.js
commercial20.px3
.html
commercial21.px3
.html
commercial22.px3
.js
commercial23.px3
.js
commercial24.px3
.html
commercial25.px3
.html
commercial26.px3
.html
commercial27.px3
.html
commercial28.px3
.html
commercial29.px3
.html
commercial3.px3
.html
commercial30.px3
.js
commercial31.px3
.html
commercial32.px3
.html
commercial33.px3
.html
commercial34.px3
.html
commercial35.px3
.html
commercial36.px3
.html
commercial37.px3
.html
commercial38.px3
.html
commercial39.px3
.html
commercial4.px3
commercial40.px3
.html
commercial5.px3
commercial6.px3
commercial7.px3
commercial8.px3
.html
commercial9.px3
.html
cuthelp.htm
.html
cutnet-help.htm
.html
cutnet.exe
.exe windows:4 windows x86 arch:x86

75255c24aac4f27ed192ef68a74d9226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaVarCmpNe
ord553
__vbaLsetFixstr
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaNameFile
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaVarTstLe
ord666
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
__vbaErase
ord632
__vbaVarCmpGt
__vbaVargVarMove
__vbaVarZero
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
ord529
__vbaGet3
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaStr2Vec
__vbaExceptHandler
ord712
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
__vbaVarDiv
ord608
ord531
__vbaVarCmpLe
ord609
ord716
__vbaFPException
__vbaInStrVar
ord532
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord536
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
ord648
__vbaVarLateMemCallLdRf
__vbaR8Str
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
__vbaVarNot
__vbaVarCmpLt
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
ord611
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaUnkVar
ord617
__vbaR8IntI2
_CIatan
__vbaStrMove
ord619
__vbaStrVarCopy
__vbaForEachVar
ord542
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaUI1Var
ord547
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cutnet10.gif
.gif
cutnet11.gif
.gif
local.ini
logo.ico
patch.exe
.exe windows:4 windows x86 arch:x86

cf268c659f855e08e4e1c06cd6c3838c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
__vbaBoolVarNull
_CIsin
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
DllFunctionCall
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
ord534
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
ord612
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
ord617
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
patch.ini
pithtree.lum
.js
px3help.htm
.html
temp1.dat
temp2.dat
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 290KB

.ndata Size: - Virtual size: 296KB

.rsrc Size: 3KB - Virtual size: 4KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

Headers

File Characteristics

Sections

.text Size: 544KB - Virtual size: 541KB

.data Size: 24KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 676B

.reloc Size: 32KB - Virtual size: 29KB

f5ccf8bf224eb9ec83fbb805c335d308

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.data Size: 20KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 7KB

0301b7ebf2bccb3797a459b49a3fa0fb

Headers

File Characteristics

Imports

msvbvm50

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 912B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 794B

Headers

File Characteristics

Sections

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 290KB

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 544KB - Virtual size: 541KB

.data
Size: 24KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 676B

.reloc
Size: 32KB - Virtual size: 29KB

.text
Size: 108KB - Virtual size: 106KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 912B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 794B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 358KB - Virtual size: 358KB

.orpc
Size: 4KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 46KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 21KB - Virtual size: 21KB

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 112B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 512B - Virtual size: 12B