39dfa8d6e016ce626902b793d1423f65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39dfa8d6e016ce626902b793d1423f65_JaffaCakes118
Size

2.3MB
MD5

39dfa8d6e016ce626902b793d1423f65
SHA1

adb45014e56df9cc11c203b84ed044831cf07b4b
SHA256

9e0efbce1e9351802c8914ee3c6ffd543a259182a5ad8d720c42b7ca25f14d7b
SHA512

73d0d07815679449dad8cbaff60ef8c6865bb109dd3b3139938452d53700ff1d50b85e8bac9b24e851422925be80eb8d4c3e837f71862a03379b10c7ac2206fc
SSDEEP

49152:GeAUfbU4V3TIvyscobJcAhPlVau4bo34gLipmIJK4ACJrFEmmy+gUiXNeB:GeAUfg4VkahkcAhPlVa+3JipJ7ACgJya

Score

3^/10

Malware Config

Signatures

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

resource
unpack001/服务器安全狗安装程序V2.1.1.exe
unpack002/$PLUGINSDIR/IP.dll
unpack002/$PLUGINSDIR/Inetc.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/Registry.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$TEMP/CheckAuthorization.dll
unpack002/$TEMP/CheckAuthorizationUI.dll
unpack002/$TEMP/HideInstallNPD.dll
unpack002/$_11_/CheckAuthorization.dll
unpack002/$_11_/CheckAuthorizationUI.dll
unpack002/$_11_/License.dll
unpack002/$_11_/Update.exe
unpack002/$_11_/UpdateCenter.exe
unpack002/InstallNPD.exe
unpack002/SYS/SafedogNetDriver_03Server_x64.sys
unpack002/SYS/SafedogNetDriver_03Server_x86.sys
unpack002/SYS/SafedogNetDriver_2000_x86.sys
unpack002/SYS/SafedogNetDriver_XP_x86.sys
unpack002/SafedogServerUI.exe
unpack002/SkinPlusPlusU.dll
unpack002/sigtabd.dll
unpack002/snetcfg.exe
unpack002/snetcfg64.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/Inetc.dll
unpack003/$PLUGINSDIR/KillProcDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$TEMP/CheckAuthorization.dll
unpack003/$TEMP/CheckAuthorizationUI.dll
unpack003/$TEMP/HideInstallNPD.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/服务器安全狗安装程序V2.1.1.exe	nsis_installer_1
static1/unpack001/服务器安全狗安装程序V2.1.1.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

39dfa8d6e016ce626902b793d1423f65_JaffaCakes118
.rar
md5.txt
安全狗工作室.txt
新云软件.url
.url
服务器安全狗介绍.txt
服务器安全狗安装程序V2.1.1.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IP.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

get_ip

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Registry.dll
.dll windows:4 windows x86 arch:x86

bd56a0d89d7075f0813d42dcb60fdab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SearchPathA
GetShortPathNameA
WriteFile
GetStartupInfoA
CreateFileA
lstrcatA
CreateProcessA
FindFirstFileA
FindClose
lstrcpyA
lstrcmpA
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
CloseHandle

user32

CharUpperA
FindWindowExA
GetDlgItem
wsprintfA
SendMessageA

advapi32

RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA

Exports

Exports

Close
CreateKey
DeleteKey
DeleteValue
Find
HexToStr
Open
Read
RestoreKey
SaveKey
StrToHex
Write

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/CheckAuthorization.dll
.dll windows:4 windows x86 arch:x86

47943ed399a7137434a3bcd86aa9a1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorization.pdb

Imports

kernel32

ReadFile
SetPriorityClass
DeviceIoControl
GetTickCount
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
GetVolumeInformationA
GetModuleFileNameA
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
OutputDebugStringA
DeleteFileA
GetLocalTime
lstrcpynA
GetProcAddress
GetModuleHandleA
CreateFileA
GetVersionExA
GetCurrentProcess
GetProcessHeap
CompareStringW
CompareStringA
HeapFree
HeapAlloc
CloseHandle
lstrlenA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
WaitForSingleObject
LocalFree
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetThreadLocale
InitializeCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA

user32

MessageBoxA

advapi32

RegCreateKeyExA
ControlService
DeleteService
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA
AddAccessAllowedAceEx
AddAce
InitializeAcl
GetLengthSid
LookupAccountSidA
GetAce
GetAclInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegSetValueExA

ws2_32

closesocket
inet_addr
select
gethostbyname
setsockopt
socket
WSACleanup
WSAStartup
recv
send
__WSAFDIsSet
connect
htons

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

Exports

Exports

CheckLicense
DecryptCipher
DecryptInfo
DelProductInfo
DeleteUpdateCenterService
EncryptInfo
EncryptPlain
ExecuteBat
GetCDKeyFromLicense
GetCurTime
GetMachineCode
GetProductInfo
GetUpdateInsDirFromReg
HideRegInfo
IsNTFS
IsUpdateCenterExist
IsWriteAccess
OfflineRegAndValidate
SendRegInfo
SetDirAccessAtWin7
StartUpdateCenterService
WriteIniInfo
WriteRegInfo
WriteUpdateSelfInfo
_GetOSVer@8
_IsWow64@0

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CheckAuthorizationUI.dll
.dll windows:4 windows x86 arch:x86

3052c924c6f7b36ccf0eee50e8008a06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorizationUI.pdb

Imports

checkauthorization

ord3
ord2
ord1

kernel32

CreateFileA
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
RaiseException
HeapSize
GetACP
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
lstrcpynA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
lstrlenA
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
GetVersion
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
lstrcmpA
GlobalLock
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GetThreadLocale
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
SetLastError
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
FreeResource
InterlockedDecrement
GetModuleFileNameW
GetTickCount

user32

TabbedTextOutA
ClientToScreen
UnregisterClassA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
DrawTextA
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
DrawTextExA
GrayStringA
GetDC
ReleaseDC
DestroyMenu
LoadCursorA
GetSysColorBrush
EndPaint
GetClientRect
BeginPaint
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
SendMessageA
EndDialog
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
MessageBoxA
EnableWindow
SetParent
CallWindowProcA

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
OffsetViewportOrgEx
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

shlwapi

PathIsRelativeA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

select
send
closesocket
connect
htons
__WSAFDIsSet
setsockopt
socket
WSACleanup
WSAStartup
recv
gethostbyname

Exports

Exports

ChooseUpdateDirUI
OfflineRegUI
RegInfoUI
UninsServerSafeDlgReasonUI
UninsSiteSafeDogReasonUI

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/HideInstallNPD.dll
.dll windows:4 windows x86 arch:x86

a359656c4d38931f59de782a7559aa19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetVersionExA
OutputDebugStringA
CreateProcessA
WaitForSingleObject
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
HeapSize
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

HideInstallNPD
IsRightOS

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_11_/CheckAuthorization.dll
.dll windows:4 windows x86 arch:x86

47943ed399a7137434a3bcd86aa9a1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorization.pdb

Imports

kernel32

ReadFile
SetPriorityClass
DeviceIoControl
GetTickCount
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
GetVolumeInformationA
GetModuleFileNameA
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
OutputDebugStringA
DeleteFileA
GetLocalTime
lstrcpynA
GetProcAddress
GetModuleHandleA
CreateFileA
GetVersionExA
GetCurrentProcess
GetProcessHeap
CompareStringW
CompareStringA
HeapFree
HeapAlloc
CloseHandle
lstrlenA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
WaitForSingleObject
LocalFree
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetThreadLocale
InitializeCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA

user32

MessageBoxA

advapi32

RegCreateKeyExA
ControlService
DeleteService
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA
AddAccessAllowedAceEx
AddAce
InitializeAcl
GetLengthSid
LookupAccountSidA
GetAce
GetAclInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegSetValueExA

ws2_32

closesocket
inet_addr
select
gethostbyname
setsockopt
socket
WSACleanup
WSAStartup
recv
send
__WSAFDIsSet
connect
htons

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

Exports

Exports

CheckLicense
DecryptCipher
DecryptInfo
DelProductInfo
DeleteUpdateCenterService
EncryptInfo
EncryptPlain
ExecuteBat
GetCDKeyFromLicense
GetCurTime
GetMachineCode
GetProductInfo
GetUpdateInsDirFromReg
HideRegInfo
IsNTFS
IsUpdateCenterExist
IsWriteAccess
OfflineRegAndValidate
SendRegInfo
SetDirAccessAtWin7
StartUpdateCenterService
WriteIniInfo
WriteRegInfo
WriteUpdateSelfInfo
_GetOSVer@8
_IsWow64@0

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_11_/CheckAuthorizationUI.dll
.dll windows:4 windows x86 arch:x86

3052c924c6f7b36ccf0eee50e8008a06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorizationUI.pdb

Imports

checkauthorization

ord3
ord2
ord1

kernel32

CreateFileA
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
RaiseException
HeapSize
GetACP
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
lstrcpynA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
lstrlenA
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
GetVersion
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
lstrcmpA
GlobalLock
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GetThreadLocale
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
SetLastError
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
FreeResource
InterlockedDecrement
GetModuleFileNameW
GetTickCount

user32

TabbedTextOutA
ClientToScreen
UnregisterClassA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
DrawTextA
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
DrawTextExA
GrayStringA
GetDC
ReleaseDC
DestroyMenu
LoadCursorA
GetSysColorBrush
EndPaint
GetClientRect
BeginPaint
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
SendMessageA
EndDialog
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
MessageBoxA
EnableWindow
SetParent
CallWindowProcA

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
OffsetViewportOrgEx
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

shlwapi

PathIsRelativeA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

select
send
closesocket
connect
htons
__WSAFDIsSet
setsockopt
socket
WSACleanup
WSAStartup
recv
gethostbyname

Exports

Exports

ChooseUpdateDirUI
OfflineRegUI
RegInfoUI
UninsServerSafeDlgReasonUI
UninsSiteSafeDogReasonUI

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_11_/License.dll
.dll windows:4 windows x86 arch:x86

ea52319f990b9ee0f0edec3eb1630647

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\ProductTool\release\License.pdb

Imports

kernel32

GlobalFlags
CompareStringW
GetCurrentThreadId
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedExchange
CompareStringA
GetSystemTimeAsFileTime
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
GetCPInfo
lstrcmpW
GetOEMCP
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetVersion
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
LoadLibraryW
GetThreadLocale
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
SetFilePointer
FlushFileBuffers
LocalFree
GetLogicalDriveStringsA
FindResourceA
FreeResource
CreateEventA
ResetEvent
WaitForSingleObject
SearchPathA
GetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
CreateFileA
GetFileSize
Sleep
GetPrivateProfileStringW
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
lstrcpyW
WriteFile
ReadFile
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetACP
MultiByteToWideChar

user32

DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PostQuitMessage
DefWindowProcW
PtInRect
SetWindowTextW
GetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
wsprintfW
UnregisterClassA

gdi32

DeleteDC
CreateBitmap
GetStockObject
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shlwapi

PathFileExistsW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oleaut32

VariantInit
VariantChangeType
VarDateFromStr
VariantTimeToSystemTime
VariantClear

Exports

Exports

GetLicense
GetProductInfo
GetSN
SetLifeDay
SetMaxVersionAndExpireDate

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_11_/Update.exe
.exe windows:5 windows x86 arch:x86

f9f395fa2d51d4e3f22e2ea490337dc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetModuleHandleW
GetCPInfo
GetOEMCP
SetErrorMode
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateDirectoryA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
Sleep
ExitProcess
VirtualAlloc
HeapReAlloc
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
LocalAlloc
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
MulDiv
GlobalAddAtomA
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringA
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
SetLastError
OpenFileMappingA
UnmapViewOfFile
TerminateThread
GetFileAttributesExA
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
CreateEventA
GetVersionExA
FindClose
FindFirstFileA
GetFileSize
MapViewOfFile
CreateFileMappingA
GetCommandLineW
GetLocalTime
LocalFree
FormatMessageA
GetTickCount
GetModuleFileNameA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
MoveFileExA
SetFileAttributesA
GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DeleteFileA
GetPrivateProfileStringA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
CreateThread
lstrlenA
lstrcatA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CreateMutexA
HeapSize
lstrcmpiA

user32

LoadCursorA
CharUpperA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuItemID
GetMenuItemCount
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ReleaseDC
GetDC
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
UnregisterClassA
GetSysColorBrush
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetParent
GetWindowLongA
IsWindowEnabled
WaitMessage
DispatchMessageA
SendMessageTimeoutA
GetLastActivePopup
PeekMessageA
ExitWindowsEx
PostMessageA
FindWindowA
UpdateWindow
BringWindowToTop
SetActiveWindow
KillTimer
GetSubMenu
SetForegroundWindow
LoadMenuA
GetCursorPos
SetTimer
PostQuitMessage
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetWindowPos
SendMessageA
LoadIconA
EnableWindow
MessageBoxA
SetWindowLongA

gdi32

GetStockObject
DeleteDC
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetObjectA
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

CommandLineToArgvW
SHCreateDirectoryExA
Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathIsRootA

oleaut32

VariantClear
VariantChangeType
VariantInit

wsock32

socket
select
htonl
htons
ioctlsocket
bind
connect
sendto
WSAAsyncSelect
send
recv
WSASetLastError
WSAGetLastError
WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup
closesocket
recvfrom
accept

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCheckConnectionA
InternetOpenUrlA

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_11_/UpdateCenter.exe
.exe windows:5 windows x86 arch:x86

22411105c358ad1a4298bce1d8516be6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
CreateFileA
FormatMessageA
GetProcessHeap
SetEndOfFile
lstrcpyA
GetTempFileNameA
GetTempPathA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetLocalTime
GetExitCodeProcess
WaitForSingleObject
LoadLibraryA
GetProcAddress
ProcessIdToSessionId
Process32Next
CloseHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
TerminateThread
TerminateProcess
CreateThread
GetCurrentThreadId
GetLastError
SetConsoleCtrlHandler
lstrcmpiA
Sleep
GetModuleFileNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate

user32

DispatchMessageA
GetMessageA
MessageBoxA
PostThreadMessageA

advapi32

CreateProcessAsUserA
DuplicateTokenEx
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA

shell32

SHCreateDirectoryExA

userenv

CreateEnvironmentBlock

shlwapi

PathIsRootA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_11_/install.bat
$_11_/remove.bat
InstallNPD.exe
.exe windows:4 windows x86 arch:x86

3680e78fc7cb3679316fc766566aa179

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
WaitForSingleObject
Sleep
DeleteFileW
GetLastError
OutputDebugStringW
CopyFileW
LoadLibraryW
FreeLibrary
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
CloseHandle
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CreateFileA

user32

MessageBoxW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NetProtector.dat
SYS/SafedogNetDriver_03Server_x64.sys
.sys windows:5 windows x64 arch:x64

7118f569b57283a25a55cacfe8010a48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\serverprotector\code\netprotector\driver\trunk\netprotectordriver\objfre_wnet_AMD64\amd64\SafedogNetDriver_03Server_x64.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
ExQueryDepthSList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ZwCreateFile
ZwWriteFile
wcsrchr
ExSystemTimeToLocalTime
RtlTimeToTimeFields
PsCreateSystemThread
ZwClose
_vsnwprintf
_vsnprintf
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
DbgPrint
PsTerminateSystemThread
__C_specific_handler
IofCompleteRequest
ExInitializeNPagedLookasideList
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList
RtlInitUnicodeString
MmMapLockedPagesSpecifyCache
IoFreeMdl
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock

hal

KeStallExecutionProcessor

ndis.sys

NdisReleaseReadWriteLock
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisAcquireReadWriteLock
NdisAllocateBuffer
NdisDprFreePacket
NdisDeregisterProtocol
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisRegisterProtocol
NdisIMAssociateMiniport
NdisTerminateWrapper
NdisInitializeReadWriteLock
NdisAllocateMemoryWithTag
NdisIMDeregisterLayeredMiniport
NdisMDeregisterDevice
NdisMSleep
NdisDprAllocatePacket
NdisFreeMemory
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisRequest
NdisUnchainBufferAtFront
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisFreeBufferPool
NdisMRegisterDevice

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SYS/SafedogNetDriver_03Server_x86.sys
.sys windows:5 windows x86 arch:x86

72a971592d84b19bcf98c7e37fac6ae7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\serverprotector\code\netprotector\driver\trunk\netprotectordriver\objfre_wnet_x86\i386\SafedogNetDriver_03Server_x86.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_alldiv
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlInitUnicodeString
ZwCreateFile
ZwWriteFile
KeQuerySystemTime
wcsrchr
ExSystemTimeToLocalTime
RtlTimeToTimeFields
PsCreateSystemThread
ZwClose
_vsnwprintf
_vsnprintf
DbgPrint
memmove
PsTerminateSystemThread
InterlockedCompareExchange
_except_handler3
IofCompleteRequest
ExInitializeNPagedLookasideList
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList

hal

KeStallExecutionProcessor

ndis.sys

NdisDprReleaseSpinLock
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprAcquireSpinLock
NdisDprFreePacket
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisAllocateSpinLock
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisAllocateBuffer
NdisGetPoolFromPacket
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisSend
NdisIMGetCurrentPacketStack
NdisRequest
NdisFreeMemory
NdisFreeBuffer
NdisQueryBufferSafe
NdisUnchainBufferAtFront
NdisReturnPackets
NdisTransferData
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisFreeBufferPool
NdisMRegisterDevice
NdisInitUnicodeString
NdisMSleep
NdisMDeregisterDevice
NdisFreeSpinLock
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisInitializeReadWriteLock
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SYS/SafedogNetDriver_2000_x86.sys
.sys windows:5 windows x86 arch:x86

b32e3b9b0bf2f7222344672a6f66dcbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\serverprotector\code\netprotector\driver\trunk\netprotectordriver\objfre_w2K_x86\i386\SafedogNetDriver_2000_x86.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_alldiv
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
PsCreateSystemThread
DbgPrint
memmove
RtlInitUnicodeString
ZwCreateFile
ZwWriteFile
ZwClose
KeQuerySystemTime
wcsrchr
ExSystemTimeToLocalTime
RtlTimeToTimeFields
PsTerminateSystemThread
InterlockedCompareExchange
_except_handler3
IofCompleteRequest
ExInitializeNPagedLookasideList
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList
RtlUnicodeToMultiByteN
RtlAnsiCharToUnicodeChar

hal

KeStallExecutionProcessor

ndis.sys

NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisDprAcquireSpinLock
NdisDprReleaseSpinLock
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisGetReceivedPacket
NdisQueryBuffer
NdisAllocateBuffer
NdisDprFreePacket
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisAllocateSpinLock
NdisDprAllocatePacket
NdisCloseAdapter
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisSend
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisRequest
NdisFreeMemory
NdisFreeBuffer
NdisQueryBufferSafe
NdisUnchainBufferAtFront
NdisReturnPackets
NdisTransferData
NdisWaitEvent
NdisInitializeWrapper
NdisResetEvent
NdisFreePacketPool
NdisFreeBufferPool
NdisMRegisterDevice
NdisInitUnicodeString
NdisMSleep
NdisMDeregisterDevice
NdisFreeSpinLock
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisInitializeReadWriteLock
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SYS/SafedogNetDriver_XP_x86.sys
.sys windows:5 windows x86 arch:x86

72a971592d84b19bcf98c7e37fac6ae7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\serverprotector\code\netprotector\driver\trunk\netprotectordriver\objfre_wxp_x86\i386\SafedogNetDriver_XP_x86.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
_alldiv
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlInitUnicodeString
ZwCreateFile
ZwWriteFile
KeQuerySystemTime
wcsrchr
ExSystemTimeToLocalTime
RtlTimeToTimeFields
PsCreateSystemThread
ZwClose
_vsnwprintf
_vsnprintf
DbgPrint
memmove
PsTerminateSystemThread
InterlockedCompareExchange
_except_handler3
IofCompleteRequest
ExInitializeNPagedLookasideList
KeInitializeEvent
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
ExDeleteNPagedLookasideList

hal

KeStallExecutionProcessor

ndis.sys

NdisDprReleaseSpinLock
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisAcquireReadWriteLock
NdisReleaseReadWriteLock
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprAcquireSpinLock
NdisDprFreePacket
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisOpenAdapter
NdisIMInitializeDeviceInstanceEx
NdisCloseConfiguration
NdisAllocateSpinLock
NdisInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisAllocateBuffer
NdisGetPoolFromPacket
NdisSetEvent
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisSend
NdisIMGetCurrentPacketStack
NdisRequest
NdisFreeMemory
NdisFreeBuffer
NdisQueryBufferSafe
NdisUnchainBufferAtFront
NdisReturnPackets
NdisTransferData
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisFreeBufferPool
NdisMRegisterDevice
NdisInitUnicodeString
NdisMSleep
NdisMDeregisterDevice
NdisFreeSpinLock
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisInitializeReadWriteLock
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SafedogNetDriver.inf
SafedogNetDrivermp.inf
SafedogServerUI.exe
.exe windows:4 windows x86 arch:x86

fabcb3669f5af0985fa31dbbdfc3dcce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

skinplusplusu

ord27
ord3
ord8

kernel32

SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FindResourceExW
SetErrorMode
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetStartupInfoW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
RaiseException
ExitProcess
HeapSize
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
UnlockFile
WriteConsoleA
GetConsoleOutputCP
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
LockFile
SizeofResource
LockResource
LoadResource
FindResourceW
lstrcpyW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
MultiByteToWideChar
lstrcatW
lstrlenW
WinExec
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
GetLastError
CloseHandle
CreateDirectoryW
CreateFileW
GetExitCodeThread
WaitForSingleObject
GetCurrentDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
Sleep
GetCurrentProcess
GetVersionExW
GetProcAddress
GetModuleHandleW
FormatMessageW
GetSystemDirectoryW
LoadLibraryA
GetProcessHeap
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GlobalAlloc
GlobalFree
SetLastError
GetModuleFileNameW
GetTickCount
GetTempPathW
GetTempFileNameW
SetStdHandle
DeviceIoControl
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetVersion
lstrlenA
GetCPInfo
FreeResource
lstrcmpiW
lstrcpynW
DeleteFileW
GlobalUnlock
WritePrivateProfileStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetThreadLocale
GetCurrentProcessId
GlobalFlags
FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
FileTimeToSystemTime
VirtualProtect
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
MulDiv
GlobalLock

user32

InvalidateRgn
GetNextDlgGroupItem
UnregisterClassW
CharUpperW
GetDCEx
LockWindowUpdate
RegisterClipboardFormatW
SetParent
PostThreadMessageW
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
GetWindowThreadProcessId
SetRectEmpty
DestroyMenu
GetAsyncKeyState
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuStringW
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
SendMessageW
UnregisterClassA
MessageBoxW
EnableWindow
KillTimer
SetWindowLongW
EndDialog
RegisterWindowMessageW
FrameRect
LoadImageW
DrawStateW
OffsetRect
DrawFocusRect
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgTabItem
IsMenu
DestroyCursor
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadBitmapW
GetSysColorBrush
FillRect
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
GetMenuItemCount
DrawIconEx
SystemParametersInfoW
GetMenuItemInfoW
SetRect
DrawEdge
GetClientRect
MessageBeep
SetTimer
GetMessagePos
ScreenToClient
PtInRect
InvalidateRect
SetCursor
GetSysColor
IsWindow
GetWindowRect
GetParent
GetDC
ReleaseDC
InflateRect
LoadCursorW
CopyIcon
FindWindowW
LoadIconW
GetSystemMenu
AppendMenuW
GetDesktopWindow
IsIconic
GetSystemMetrics
DrawIcon
GetCursorPos
LoadMenuW
GetSubMenu
IsWindowVisible
ModifyMenuW
SetMenuDefaultItem
SetForegroundWindow
PostQuitMessage
PostMessageW
GetWindowLongW
SetLayeredWindowAttributes
CopyRect
DefWindowProcW
DestroyIcon
EnumChildWindows
RedrawWindow
CreateWindowExW

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
CreateRectRgn
GetPixel
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetCharWidthW
StretchDIBits
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
DeleteDC
DeleteObject
CreateSolidBrush
SelectObject
CreateDIBSection
Ellipse
GetBkMode
GetDeviceCaps
CreatePen
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
PatBlt
SetPixel
GetViewportExtEx
GetStockObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayDestroy
SysAllocString
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy

ws2_32

htons
inet_addr
WSAStartup
WSACleanup
htonl
ntohl
ntohs
gethostbyaddr

iphlpapi

GetUdpTable
GetAdaptersInfo
GetTcpTable
SendARP

psapi

GetModuleFileNameExW
EnumProcessModules

winmm

PlaySoundW

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ServerSafeDog.chm
.chm
SkinPlusPlusU.dll
.dll windows:4 windows x86 arch:x86

5f7f577ffb8f47eea95b15d6bc75a9c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord2854
ord1634
ord3614
ord2756
ord3785
ord5438
ord861
ord942
ord2910
ord5568
ord2406
ord3621
ord3568
ord540
ord323
ord353
ord6381
ord1971
ord665
ord800
ord538
ord1143
ord1637
ord2430
ord3658
ord5781
ord2576
ord4215
ord2447
ord293
ord2505
ord823
ord825
ord3948
ord2717
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord4269
ord3826
ord3825
ord2971
ord3076
ord2980
ord3566
ord2746
ord2397
ord6166
ord5777
ord2745
ord2705
ord2235
ord4124
ord2755
ord283
ord2914
ord6190
ord537
ord4292
ord4128
ord2559
ord4018
ord3915
ord2372
ord5871
ord2114
ord1088
ord6354
ord809
ord556
ord3215
ord2563
ord1226
ord1263
ord3701
ord5586
ord3638
ord4180
ord696
ord394
ord909
ord5624
ord3430
ord922
ord925
ord940
ord5706
ord354
ord5180
ord5783
ord3688
ord5784
ord2855
ord2859
ord2444
ord858
ord2036
ord6379
ord5436
ord2099
ord5830
ord2440
ord6390
ord5446
ord2836
ord535
ord2706
ord2810
ord2442
ord641
ord860
ord3257
ord3131
ord4459
ord3254
ord3142
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord342
ord1240
ord2977
ord1194
ord1563
ord1248
ord1250
ord6466
ord1571
ord600
ord826
ord269
ord4199
ord3649
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord1633

msvcrt

strtod
abort
sprintf
_CIpow
fprintf
_iob
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
__dllonexit
__CxxLongjmpUnwind
_setjmp3
longjmp
_CxxThrowException
acos
div
sqrt
log
_cabs
atan
rand
qsort
pow
abs
toupper
memcmp
_except_handler3
realloc
_tzset
strcat
mktime
_stricmp
strncpy
wcsstr
wcsncpy
gmtime
strcmp
strstr
calloc
strlen
strchr
_wsplitpath
getc
fputc
fflush
ftell
fseek
fwrite
fread
fopen
_wfopen
fclose
ceil
strcpy
floor
_purecall
_wtoi
malloc
free
memmove
wcscmp
_wcsicmp
memset
sin
cos
fabs
_ftol
atoi
_wtol
wcscpy
swprintf
wcscat
wcslen
__RTDynamicCast
memcpy
__CxxFrameHandler
_onexit

kernel32

LocalFree
WaitForSingleObject
ReleaseMutex
CreateMutexW
GetLastError
FlushInstructionCache
VirtualProtect
VirtualQuery
SetLastError
GetLocalTime
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
GetFileSize
FileTimeToDosDateTime
FileTimeToSystemTime
WriteFile
SetFileTime
CreateDirectoryW
lstrcpyA
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
GetCurrentProcess
DuplicateHandle
CreateFileW
GetFileType
SetFilePointer
GetWindowsDirectoryW
lstrcpyW
Sleep
ExitThread
TerminateThread
CloseHandle
lstrcmpW
MulDiv
GetVersionExW
lstrcmpiW
GetCurrentThreadId
MultiByteToWideChar
lstrlenA
GetVersion
CreateThread
LoadLibraryA
FreeLibrary
FindFirstFileW
FindClose
DeleteFileW
WideCharToMultiByte
GetTempPathW
lstrlenW
GetModuleFileNameW
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
FreeResource
GlobalLock
LockResource
GlobalFree
GlobalUnlock
LoadLibraryW
GetModuleHandleW
GetProcAddress
LocalAlloc

user32

GetMenuDefaultItem
MenuItemFromPoint
GetMenuItemRect
GetMenuState
EnableWindow
SetActiveWindow
GetWindowInfo
IsIconic
IsZoomed
EqualRect
GetMenuCheckMarkDimensions
DestroyMenu
UnionRect
GetForegroundWindow
GetSystemMenu
DestroyIcon
GetMessagePos
KillTimer
SetTimer
GetAsyncKeyState
IntersectRect
GetWindowRgn
GetFocus
SetFocus
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetCursor
DestroyCursor
SystemParametersInfoW
DestroyWindow
SetWindowTextW
SetCapture
ReleaseCapture
PeekMessageW
GetMessageW
DispatchMessageW
GetIconInfo
SetWindowRgn
IsWindowVisible
GetCapture
SetWindowPos
SetWindowLongA
ClientToScreen
MapWindowPoints
ShowWindow
MoveWindow
LoadCursorFromFileW
LoadImageW
LoadCursorW
RegisterClassExW
DrawStateW
CreateIconIndirect
SetRect
SendMessageTimeoutW
DrawIconEx
CreatePopupMenu
AppendMenuW
IsMenu
GetMenuItemInfoW
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuItemCount
GetMenuItemID
GetMenuStringW
WindowFromPoint
GetWindowRect
IsWindowEnabled
GetDlgCtrlID
IsRectEmpty
SetClassLongW
GetDlgItem
FindWindowExW
GetWindowTextW
PostMessageW
IsWindowUnicode
GetWindowLongA
CallNextHookEx
ScreenToClient
GetClientRect
RemovePropW
GetParent
GetClassNameW
WindowFromDC
MessageBoxA
AdjustWindowRectEx
GetClassInfoA
RegisterClassW
RegisterClassA
DrawStateA
CreateWindowExA
SendMessageA
DrawFocusRect
DefFrameProcW
DefFrameProcA
LockWindowUpdate
GetDesktopWindow
SetPropW
IsWindow
DefWindowProcW
GetCursorPos
PtInRect
InflateRect
LoadBitmapW
LoadBitmapA
CallWindowProcW
CallWindowProcA
EndPaint
BeginPaint
GetSubMenu
CheckMenuItem
InvalidateRect
GetPropW
DrawEdge
FrameRect
SetMenuItemInfoW
SetMenuItemInfoA
RemoveMenu
ModifyMenuW
ModifyMenuA
CreateWindowExW
ReleaseDC
GetWindowDC
GetDCEx
GetDC
SetWindowWord
FillRect
MessageBoxIndirectW
SetMenu
GetMenu
DrawTextA
TrackPopupMenuEx
TrackPopupMenu
EnableMenuItem
InsertMenuW
InsertMenuA
InsertMenuItemW
InsertMenuItemA
DeleteMenu
DrawFrameControl
GetClassLongW
GetSysColorBrush
GetSysColor
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
SetWindowLongW
GetWindowLongW
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
SetRectEmpty
GrayStringW
TabbedTextOutW
CopyRect
OffsetRect
DrawTextW
MessageBoxW
RedrawWindow
GetSystemMetrics
UpdateWindow
GetWindow
LoadMenuW
SendMessageW

gdi32

SetRectRgn
SetROP2
CreateFontW
GetCharWidthW
GetWindowOrgEx
GetCurrentObject
SetBoundsRect
GetTextColor
GetBkMode
GetBkColor
PlgBlt
SaveDC
SelectClipRgn
RestoreDC
PtInRegion
StretchDIBits
ExtSelectClipRgn
SetDIBitsToDevice
RealizePalette
CreateDIBitmap
GetNearestColor
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
GetRegionData
OffsetRgn
RoundRect
SetPixel
GetDeviceCaps
CreateBitmapIndirect
CreateICW
GetDIBits
ExtCreateRegion
CreateDCW
CreateDIBSection
SetPixelV
GetObjectW
CreateBitmap
SetStretchBltMode
StretchBlt
GetPixel
GetClipBox
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
ExcludeClipRect
DeleteDC
CreateCompatibleDC
FrameRgn
FillRgn
IntersectClipRect
CreateBrushIndirect
RectInRegion
SetDIBits
PatBlt
CreatePen
SetBkColor
TextOutA
BitBlt
FloodFill
PolyDraw
Polygon
Rectangle
PolyPolyline
MoveToEx
Polyline
ExtTextOutA
LineTo
GetTextExtentPointW
GetTextExtentPointA
Escape
ExtTextOutW
RectVisible
PtVisible
GetStockObject
SetTextAlign
GetTextExtentPoint32W
GetViewportOrgEx
SetViewportOrgEx
TextOutW
CreateFontIndirectW
SetBkMode
SelectObject
SetTextColor

comdlg32

GetOpenFileNameW
ChooseColorW
ChooseColorA

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_Duplicate
ImageList_GetIcon
ImageList_GetIconSize

ole32

CoCreateGuid

msvcp60

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

winmm

sndPlaySoundW

imagehlp

MakeSureDirectoryPathExists

Exports

Exports

sppAddLayoutID
sppColorize
sppCreateLayoutObj
sppDestroyLayoutObj
sppDrawSkinBitmap
sppDrawSkinImage
sppExitSkin
sppGetDefaultSysColor
sppGetFreeWindowID
sppGetHookAPI
sppGetHookAPIStyle
sppGetObjectImageSec
sppGetObjectPos
sppGetObjectSkinID
sppGetObjectSkinName
sppGetObjectTextStyle
sppGetSkinResFile
sppGetSkinSysColor
sppGetSystemMetrics
sppGetWindowResID
sppInitializeSkin
sppIsSkined
sppLoadMainSkin
sppLoadPartSkin
sppLoadSkin
sppLoadSkinBegin
sppLoadSkinEnd
sppLoadSkinFromRes
sppLoadSubSkin
sppModifyHookAPIStyle
sppRedrawControl
sppRemoveLayoutID
sppRemoveSkin
sppRemoveSkinHwnd
sppResizeControls
sppSelectSkin
sppSetButtonTooltip
sppSetCustSysBtnStatus
sppSetCustSysBtnVisible
sppSetCustomDraw
sppSetDialogBkClipRgn
sppSetDialogEraseBkgnd
sppSetDrawMenu
sppSetFreeResizable
sppSetFreeWindowID
sppSetFreeWindowMenu
sppSetHookAPI
sppSetHookMessage
sppSetListHeaderSortInfo
sppSetNoSkinHwnd
sppSetObjectImageSec
sppSetObjectPos
sppSetObjectSkinID
sppSetObjectSkinName
sppSetRedraw
sppSetRgnEnable
sppSetSkinHwnd
sppSetTabCtrlItemsStatus
sppSetTabCtrlPosition
sppSetWindowResID
sppSupportMultiThreadSkin
sppTakeoutSysMenu
sppValidateDevTools

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipfilter.xml
.xml
sigtabd.dll
.dll windows:5 windows x86 arch:x86

82c1793abc2612bb23804f2833bdc813

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sigtab.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
DisableThreadLibraryCalls
GetCurrentThreadId

user32

WinHelpW
GetWindowLongW
ChildWindowFromPoint
ScreenToClient
SendMessageW
GetParent
ShowWindow
DialogBoxParamW
IsDlgButtonChecked
GetDlgItem
IsWindowEnabled
CheckRadioButton
EndDialog
CheckDlgButton
EnableWindow

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

advapi32

RegCloseKey
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
FreeSid

shell32

ShellExecuteW

setupapi

pSetupGetRealSystemTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DriverSigningDialog

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
snetcfg.exe
.exe windows:5 windows x86 arch:x86

80cf19b6716c2abec817607e6636da91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\winddk\2600\src\network\config\netcfg\objchk_wxp_x86\i386\snetcfg.pdb

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_controlfp
_initterm
__wgetmainargs
__winitenv
_cexit
_XcptFilter
_exit
_c_exit
vwprintf
_iob
fflush
wcslen
wcschr
wprintf
iswprint
tolower
wcscpy
_except_handler3
exit

kernel32

UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
TerminateProcess

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupCopyOEMInfW

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zwt
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
snetcfg64.exe
.exe windows:6 windows x64 arch:x64

10153c3f01a89c5a3a84c8fd16fbee4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\winddk\6001.18001\src\network\config\netcfg\objfre_wnet_amd64\amd64\snetcfg.pdb

Imports

kernel32

GetLastError
Sleep
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter

msvcrt

_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
memset
?terminate@@YAXXZ
_exit
iswprint
tolower
exit
wprintf
wcschr
_XcptFilter
__C_specific_handler
__wgetmainargs
__iob_func
fflush
vwprintf

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CheckAuthorization.dll
.dll windows:4 windows x86 arch:x86

47943ed399a7137434a3bcd86aa9a1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorization.pdb

Imports

kernel32

ReadFile
SetPriorityClass
DeviceIoControl
GetTickCount
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
GetVolumeInformationA
GetModuleFileNameA
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
OutputDebugStringA
DeleteFileA
GetLocalTime
lstrcpynA
GetProcAddress
GetModuleHandleA
CreateFileA
GetVersionExA
GetCurrentProcess
GetProcessHeap
CompareStringW
CompareStringA
HeapFree
HeapAlloc
CloseHandle
lstrlenA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
WaitForSingleObject
LocalFree
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetThreadLocale
InitializeCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA

user32

MessageBoxA

advapi32

RegCreateKeyExA
ControlService
DeleteService
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA
AddAccessAllowedAceEx
AddAce
InitializeAcl
GetLengthSid
LookupAccountSidA
GetAce
GetAclInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
RegSetValueExA

ws2_32

closesocket
inet_addr
select
gethostbyname
setsockopt
socket
WSACleanup
WSAStartup
recv
send
__WSAFDIsSet
connect
htons

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

Exports

Exports

CheckLicense
DecryptCipher
DecryptInfo
DelProductInfo
DeleteUpdateCenterService
EncryptInfo
EncryptPlain
ExecuteBat
GetCDKeyFromLicense
GetCurTime
GetMachineCode
GetProductInfo
GetUpdateInsDirFromReg
HideRegInfo
IsNTFS
IsUpdateCenterExist
IsWriteAccess
OfflineRegAndValidate
SendRegInfo
SetDirAccessAtWin7
StartUpdateCenterService
WriteIniInfo
WriteRegInfo
WriteUpdateSelfInfo
_GetOSVer@8
_IsWow64@0

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CheckAuthorizationUI.dll
.dll windows:4 windows x86 arch:x86

3052c924c6f7b36ccf0eee50e8008a06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

k:\UpdateCenter\code\CheckAuthorization\release\CheckAuthorizationUI.pdb

Imports

checkauthorization

ord3
ord2
ord1

kernel32

CreateFileA
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
RaiseException
HeapSize
GetACP
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
lstrcpynA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
lstrlenA
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
GetVersion
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
lstrcmpA
GlobalLock
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GetThreadLocale
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
SetLastError
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
FreeResource
InterlockedDecrement
GetModuleFileNameW
GetTickCount

user32

TabbedTextOutA
ClientToScreen
UnregisterClassA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
DrawTextA
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
DrawTextExA
GrayStringA
GetDC
ReleaseDC
DestroyMenu
LoadCursorA
GetSysColorBrush
EndPaint
GetClientRect
BeginPaint
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
SendMessageA
EndDialog
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
MessageBoxA
EnableWindow
SetParent
CallWindowProcA

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
OffsetViewportOrgEx
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

shlwapi

PathIsRelativeA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

select
send
closesocket
connect
htons
__WSAFDIsSet
setsockopt
socket
WSACleanup
WSAStartup
recv
gethostbyname

Exports

Exports

ChooseUpdateDirUI
OfflineRegUI
RegInfoUI
UninsServerSafeDlgReasonUI
UninsSiteSafeDogReasonUI

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/HideInstallNPD.dll
.dll windows:4 windows x86 arch:x86

a359656c4d38931f59de782a7559aa19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetVersionExA
OutputDebugStringA
CreateProcessA
WaitForSingleObject
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
HeapSize
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

HideInstallNPD
IsRightOS

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ȫ.txt
ȫ.txt
ȫ֤.txt

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 26KB - Virtual size: 26KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 192B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 856B

.rsrc Size: 512B - Virtual size: 512B

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

bd56a0d89d7075f0813d42dcb60fdab9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 26KB - Virtual size: 26KB

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 192B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 856B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 132KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 11KB