38942e83d64940129e0b9c970385a8c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

38942e83d64940129e0b9c970385a8c5_JaffaCakes118
Size

2.1MB
MD5

38942e83d64940129e0b9c970385a8c5
SHA1

6b4e1fe7e5324ae86c297eb28555fe39a6858dac
SHA256

8be410717226b5e873c61a30d92a767c6c6492ce6358cd79b2a41cb23dba05cd
SHA512

a5bbb220be8df199426167bf409f9b37ac0809e19462a70e72197091cc608d99d8c2d391464a65b40724dbfe8af20d1dda24b3caf916602b6c49e4af10c8f780
SSDEEP

49152:vXdq9BbkmdhSi783eRRi+CT1s4E6pdfXHZHoLhdkZ2Ed9Y6RI7:v49B90i4OfFCxumd8/+47

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PersonMgrV108A/AdoRegister.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PROGRAM_FILES_COMMON/Microsoft Shared/DAO/Dao350.dll
unpack002/$SYSDIR/MSCAL.OCX
unpack002/$SYSDIR/MSJET35.DLL
unpack002/$SYSDIR/mfc42.dll
unpack002/$SYSDIR/msvcrt.dll
unpack001/PersonMgrV108A/DspJpgDll.dll
unpack001/PersonMgrV108A/GetIDESN.dll
unpack001/PersonMgrV108A/PersonMgr.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/PersonMgrV108A/AdoRegister.exe	nsis_installer_1

Files

38942e83d64940129e0b9c970385a8c5_JaffaCakes118
.rar
PersonMgrV108A/@注意事项@.txt
PersonMgrV108A/AdoRegister.exe
.exe windows:4 windows x86 arch:x86

4f2145f489d9c324280558d2e08c717d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PROGRAM_FILES_COMMON/Microsoft Shared/DAO/Dao350.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d249124e9bb3cd7ad1eff43913414080

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt40

atol
_stricmp
atoi
_ultoa
wcslen
malloc
free
strncmp
wcscpy
??3@YAXPAX@Z
_ftol
_purecall
strtod
_strnicmp
??2@YAPAXI@Z
memmove
toupper
sprintf

kernel32

DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
lstrcmpW
lstrlenA
GlobalUnlock
lstrcpynA
GlobalReAlloc
GlobalFree
GlobalLock
IsDBCSLeadByte
Sleep
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
TlsFree
TlsAlloc
WideCharToMultiByte
GlobalAlloc
lstrcatA
lstrcpyA
CompareStringA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcessId
CompareStringW
TlsSetValue

user32

GetWindow
DispatchMessageA
PeekMessageA
GetWindowLongA
GetWindowThreadProcessId
IsWindowVisible
wsprintfA
GetDesktopWindow
TranslateMessage

advapi32

RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantClear
DispGetParam
SafeArrayGetElement
SafeArrayPutElement
CreateErrorInfo
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke
SysStringByteLen
VariantInit
SetErrorInfo
GetErrorInfo
VariantChangeTypeEx
SafeArrayUnaccessData
SysFreeString
SysAllocStringByteLen
VariantCopy
VariantChangeType
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim

ole32

CoInitialize
CoGetClassObject
CoGetMalloc
CoUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/MSCAL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

477e318c71b23a3694590b04947b255e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

LoadTypeLi
VariantClear
SysStringLen
VariantChangeType
SysAllocString
VarDateFromStr
VariantInit
SysAllocStringLen
LoadRegTypeLi

kernel32

GlobalUnlock
InterlockedIncrement
GetSystemDefaultLangID
GlobalAlloc
GlobalLock
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
OpenFile
GetModuleFileNameA
lstrcatA
GetProcessHeap
GetVersion
InitializeCriticalSection
MulDiv
DisableThreadLibraryCalls
DeleteCriticalSection
lstrlenW
lstrcpyA
lstrcpynA
GetProcAddress
WideCharToMultiByte
LoadLibraryA
lstrlenA
FreeLibrary
HeapAlloc
HeapFree
MultiByteToWideChar
GetLocaleInfoA
InterlockedDecrement
GetVersionExA
GetLastError
GetLocalTime
HeapReAlloc

user32

CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextA
WinHelpA
DestroyWindow
UnregisterClassA
SendDlgItemMessageA
GetActiveWindow
GetSystemMetrics
MapWindowPoints
SetWindowLongA
EqualRect
SetWindowRgn
GetWindowLongA
IsWindowVisible
DefWindowProcA
CharNextA
GetDlgItem
GetWindow
CallWindowProcA
GetCapture
ScrollWindowEx
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
CreateDialogParamA
SetFocus
TranslateAcceleratorA
SendMessageA
InvalidateRect
ReleaseCapture
PtInRect
SetCapture
GetClientRect
FrameRect
UpdateWindow
ShowWindow
GetWindowRect
LoadAcceleratorsA
BeginPaint
EndPaint
DrawFocusRect
GetWindowDC
CopyRect
FillRect
GetDC
ReleaseDC
IntersectRect
InflateRect
OffsetRect
GetFocus
GetSysColor
GetParent
SetParent
SetWindowPos
LoadCursorA
RegisterClassA
EndDialog
wsprintfA
LoadStringA
MessageBeep
CreateWindowExA
MoveWindow
GetKeyState
IsWindow
DialogBoxParamA

ole32

CreateOleAdviseHolder
CreateDataAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
OleSetAutoConvert
CoCreateInstance

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

gdi32

CreateEnhMetaFileA
SetWindowOrgEx
SetWindowExtEx
CreateMetaFileA
CreateRectRgnIndirect
CreateDCA
SetViewportExtEx
LPtoDP
SetViewportOrgEx
SaveDC
RestoreDC
DeleteDC
SetMapMode
CreateCompatibleDC
DeleteObject
GetDeviceCaps
SetTextColor
SetTextAlign
ExtTextOutA
MoveToEx
SelectObject
LineTo
SetBkMode
CreateSolidBrush
GetStockObject
Polygon
DPtoLP
CreatePen
CreateFontIndirectA
CloseMetaFile
GetTextExtentPoint32A
CloseEnhMetaFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$SYSDIR/MSJET35.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

fafbf34557833c1916cdad807ab2b231

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetLastError
CloseHandle
CreateFileA
GetTempPathA
DeleteFileA
GetVersionExA
Sleep
GetComputerNameA
FindClose
FindFirstFileA
GetShortPathNameA
lstrcpyA
GetFullPathNameA
lstrlenA
IsBadStringPtrA
GetDriveTypeA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
ReadFile
SetFilePointer
WriteFile
FlushFileBuffers
GetFileSize
SetEndOfFile
GetFileType
LockFile
UnlockFile
GetFileInformationByHandle
CompareStringA
LCMapStringA
GetSystemInfo
GlobalMemoryStatus
SetThreadPriority
GetTempFileNameA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetProcAddress
SetEvent
ResetEvent
WaitForSingleObject
GetCurrentThreadId
CreateThread
lstrcmpiA
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetStringTypeW
HeapCreate
HeapDestroy
LCMapStringW
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
GetUserDefaultLCID
GetLocaleInfoA
VirtualFree
VirtualQuery
VirtualAlloc
GetModuleFileNameA
DisableThreadLibraryCalls
IsDBCSLeadByte
GetSystemDefaultLangID
CreateEventA
ResumeThread
GetStringTypeA

user32

IsCharAlphaA
CharUpperA
wvsprintfA
wsprintfA
CharPrevA
IsCharAlphaNumericA

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA

ole32

CoCreateGuid

oleaut32

LHashValOfNameSys
VariantChangeType
SysFreeString
VarI2FromStr
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarBstrFromDate
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromR8
VarBstrFromR4
VarBstrFromI4
VarBstrFromI2

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/mfc42.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f9a6d48b4db89541699313524a5cdd4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsnbicmp
wcsncpy
wcscpy
_ltoa
_ultoa
swprintf
_itoa
modf
ceil
fabs
floor
labs
_ftol
_splitpath
_fullpath
atol
__p___argc
__CxxFrameHandler
memcpy
__p___argv
_beginthreadex
_endthreadex
_strdup
_mbsdec
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
localtime
time
mktime
_ismbcspace
atoi
_ismbcdigit
_mbsnbcmp
sprintf
strlen
_mbclen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
wcslen
_mbscmp
realloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
_mbsinc
abort
free
malloc
memcmp
memmove
gmtime
_CxxThrowException
strcpy
strcmp

kernel32

lstrcpyA
FindFirstFileA
GetVolumeInformationA
MultiByteToWideChar
FindClose
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
CreateSemaphoreA
DeleteFileA
LoadLibraryA
ReleaseMutex
CreateEventA
InterlockedExchange
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
FreeLibrary
MulDiv
GetProfileIntA
VirtualProtect
FindResourceExA
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
LocalLock
GetTempPathA
SearchPathA
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
lstrlenW
CopyFileA
lstrcpyW
GetUserDefaultLCID
IsDBCSLeadByte
GetSystemDirectoryA
GetProcAddress
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
lstrlenA
lstrcmpA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
ReleaseSemaphore
SetLastError
CreateMutexA
GetFullPathNameA
GetStringTypeExA
WaitForMultipleObjects
RaiseException

gdi32

CreatePen
CreatePatternBrush
GetPolyFillMode
EnumFontFamiliesA
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileA
CopyMetaFileA
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
TextOutA
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetROP2
GetBkMode
GetNearestColor
GetBkColor
GetTextColor
SaveDC
GetStockObject
RestoreDC
GetCharWidthA
DeleteObject
CreateFontA
StretchDIBits
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32A
ExtTextOutA
CreateSolidBrush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetTextMetricsA
GetObjectA
SelectObject
SetTextColor
GetClipBox
SetBkColor
GetStretchBltMode
GetTextAlign

user32

SetCapture
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SendMessageA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetKeyState
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
EnableWindow
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
CharToOemA
OemToCharA
GetSystemMetrics
GetCursorPos
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
LoadBitmapA
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
GrayStringA
UnionRect
DrawFocusRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
wvsprintfA
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutA
GetSysColorBrush
GetClassNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
GetMenuStringA
RegisterClipboardFormatA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringA
LoadCursorA
WaitMessage
CharUpperA
wsprintfA

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 624KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msvcrt.dll
.dll windows:4 windows x86 arch:x86

b0d3278f6dd8a1a715873c57aae39d31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumSystemLocalesA
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
ResumeThread
CreateThread
ExitThread
CloseHandle
TlsSetValue
TlsGetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
TlsAlloc
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
RaiseException
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctime64
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stat64
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_time64
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_utime64
_vsnprintf
_vsnwprintf
_waccess

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PersonMgrV108A/DspJpgDll.dll
.dll windows:4 windows x86 arch:x86

c6a36748137604d930c3894932a2f0b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3953
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5199
ord2396
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5714
ord1089
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3318
ord5186
ord665
ord800
ord2764
ord4204
ord4274
ord540
ord354
ord6467
ord4486
ord6375
ord3922
ord5731
ord2512
ord2554
ord3831
ord3830
ord860
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord269
ord1116
ord600
ord1578
ord826

msvcrt

_initterm
__CxxFrameHandler
_ftol
_CxxThrowException
_EH_prolog
??2@YAPAXI@Z
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_adjust_fdiv
malloc

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc

gdi32

GetDeviceCaps

ole32

CreateStreamOnHGlobal

olepro32

ord251

Exports

Exports

DspJPGPicture

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PersonMgrV108A/GetIDESN.dll
.dll windows:4 windows x86 arch:x86

27dcc902cc72e7b2bfc4c4c50808d8f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4486
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord2554
ord2512
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord4274
ord6467
ord800
ord535
ord5572
ord2915
ord540
ord6375
ord2985
ord3262
ord2818
ord826
ord600
ord1176
ord1575
ord1116
ord1577
ord1182
ord1168
ord1243
ord1197
ord342
ord1253
ord269
ord1255
ord1578
ord1570

msvcrt

_i64toa
_EH_prolog
__CxxFrameHandler
atoi
_adjust_fdiv
??1type_info@@UAE@XZ
free
malloc
_initterm
??2@YAPAXI@Z
_onexit
__dllonexit

kernel32

GetVolumeInformationA
LocalFree
LocalAlloc

Exports

Exports

?GetIDESerial@@YGHAAVCString@@@Z
?GetRegisterCode@@YG?AVCString@@V1@@Z

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PersonMgrV108A/Person2.mdb
PersonMgrV108A/PersonMgr.exe
.exe windows:4 windows x86 arch:x86

b17c49fc10b9855c7b242d30a2bf7fe6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3573
ord800
ord860
ord540
ord825
ord3597
ord641
ord3663
ord3626
ord2414
ord858
ord2370
ord2302
ord1641
ord6199
ord535
ord3874
ord3092
ord6334
ord6197
ord6380
ord1768
ord2820
ord1175
ord2864
ord3811
ord4710
ord4376
ord3089
ord5875
ord6055
ord1776
ord4396
ord5290
ord4424
ord3574
ord567
ord609
ord4275
ord2859
ord2379
ord2754
ord2380
ord3402
ord823
ord2135
ord818
ord1949
ord4034
ord4243
ord4271
ord2614
ord3571
ord939
ord2818
ord4224
ord2688
ord324
ord4234
ord4299
ord6605
ord2574
ord3572
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord3721
ord692
ord795
ord5981
ord913
ord4189
ord4148
ord537
ord3803
ord2642
ord6215
ord4204
ord2764
ord4476
ord3499
ord2515
ord355
ord3610
ord656
ord5572
ord2915
ord4277
ord2763
ord941
ord4129
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2299
ord3439
ord924
ord1200
ord1842
ord4242
ord4627
ord4425
ord3059
ord5100
ord5103
ord4303
ord2390
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord398
ord366
ord700
ord1146
ord1168
ord4160
ord2863
ord6067
ord2011
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord5852
ord3481
ord3916
ord2252
ord4413
ord5054
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord4337
ord859
ord6283
ord6282
ord940
ord5442
ord3318
ord665
ord5186
ord5594
ord354
ord812
ord384
ord559
ord686
ord5862
ord3289
ord6615
ord2862
ord4133
ord4297
ord5788
ord472
ord2567
ord926
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord6241
ord1825
ord4238
ord4696
ord3058
ord3065
ord2723
ord3350
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord3825
ord4080
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord801
ord652
ord541
ord338
ord2393
ord3543
ord3542
ord6883
ord3800
ord3799
ord310
ord304
ord4823
ord4420
ord633
ord628
ord3489
ord1572
ord3488
ord3155
ord3150
ord5175
ord3159
ord3152
ord5179
ord309
ord5265
ord4295
ord4061
ord4293
ord5632
ord4202
ord6072
ord3758
ord3408
ord3227
ord3337
ord835
ord6069
ord2847
ord6143
ord2848
ord6144
ord3693
ord1849
ord4532
ord4723
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord303
ord813
ord4244
ord6696
ord4464
ord6027
ord3157
ord3783
ord3301
ord2860
ord1841
ord4533
ord4340
ord4347
ord4889
ord4963
ord4960
ord6054
ord5281
ord1725
ord5260
ord2091
ord364
ord784
ord4241
ord4720
ord6120
ord1945
ord560
ord4273
ord3619
ord2243
ord2086
ord4614
ord4613
ord1942
ord4272
ord5259
ord2535
ord2453
ord2097
ord3303
ord4278
ord1979
ord603
ord273
ord275
ord816
ord3908
ord562
ord2298
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord5477
ord2259
ord4836
ord4440
ord3720
ord527
ord794
ord4264
ord283
ord2452
ord4541
ord1930
ord4265
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord796
ord529
ord4454
ord5683
ord2814
ord2811
ord829
ord551
ord6158
ord5933
ord845
ord5215
ord4284
ord2297
ord2363
ord3295
ord4366
ord5086
ord1710
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4268
ord755
ord4873
ord470
ord2922
ord5063
ord5787
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord3079
ord2976
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord5277
ord3147
ord2982
ord2399
ord2124
ord4387
ord6336
ord2510
ord315
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_setmbcp
_controlfp
atof
__CxxFrameHandler
rand
srand
time
_mbscmp
_mbsicmp
atoi
isdigit
atol
_ftol
_mbsicoll
_adjust_fdiv
strncpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr

kernel32

GlobalAlloc
GlobalUnlock
GetPrivateProfileStringA
GlobalLock
GetCurrentDirectoryA
GetCurrentProcess
WritePrivateProfileStringA
GetVersion
GetProcAddress
Beep
GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetModuleFileNameA

user32

LoadBitmapA
SetClipboardData
EmptyClipboard
GetClientRect
SetRect
UpdateWindow
ClientToScreen
CloseClipboard
ReleaseCapture
GetWindowRect
SetCapture
DrawFocusRect
IsWindow
EnableWindow
GetSubMenu
IsIconic
InflateRect
GetMenuItemCount
AppendMenuA
ExitWindowsEx
GetMenu
LoadIconA
GetParent
PostMessageA
RedrawWindow
LoadCursorA
SetCursor
GetDC
ReleaseDC
PtInRect
SendMessageA
KillTimer
SetTimer
GetMenuStringA
ModifyMenuA
InvalidateRect
GetCursorPos
ScreenToClient
CopyRect
GetSysColor
GetMenuItemID
CreatePopupMenu
GetDesktopWindow
FrameRect
OpenClipboard
FillRect

gdi32

CreatePatternBrush
GetTextMetricsA
GetCurrentObject
GetDeviceCaps
CreatePen
GetTextExtentPoint32A
Rectangle
RoundRect
CreateSolidBrush
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageCount

olepro32

ord251

oleaut32

VariantClear

winmm

sndPlaySoundA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PersonMgrV108A/PersonMgr.ini
PersonMgrV108A/PersonMgrHelp.chm
.chm
PersonMgrV108A/Title.jpg
.jpg
PersonMgrV108A/board.jpg
.jpg
PersonMgrV108A/login.jpg
.jpg
PersonMgrV108A/phrase.dat
PersonMgrV108A/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

4f2145f489d9c324280558d2e08c717d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 305KB

.ndata Size: - Virtual size: 264KB

.rsrc Size: 16KB - Virtual size: 16KB

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

d249124e9bb3cd7ad1eff43913414080

Headers

File Characteristics

Imports

msvcrt40

kernel32

user32

advapi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 457KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 20KB - Virtual size: 20KB

477e318c71b23a3694590b04947b255e

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

ole32

advapi32

gdi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 24KB

fafbf34557833c1916cdad807ab2b231

Headers

File Characteristics

Imports

kernel32

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 305KB

.ndata
Size: - Virtual size: 264KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 458KB - Virtual size: 457KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 24KB

.text
Size: 980KB - Virtual size: 980KB

.data
Size: 16KB - Virtual size: 215KB

.rsrc
Size: 1024B - Virtual size: 908B

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 624KB - Virtual size: 620KB

.rdata
Size: 224KB - Virtual size: 221KB

.data
Size: 28KB - Virtual size: 38KB

.rsrc
Size: 44KB - Virtual size: 40KB

.reloc
Size: 68KB - Virtual size: 67KB

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 526B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB