3a8e2ec61d4c52dd53b3b097b80c0a50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a8e2ec61d4c52dd53b3b097b80c0a50_JaffaCakes118
Size

1.1MB
MD5

3a8e2ec61d4c52dd53b3b097b80c0a50
SHA1

8c8135fd25ee4699664eb82d520ccfed0a1493e1
SHA256

57ab197312eb940ee2c4038a331b577cc4777f59ca7c669811485bdd8520ed54
SHA512

c94a456a44fec524022537e12aede5acebeb6b1c0af8ea92996f7ea905d86428b27ab3bdbe5dcce214099e3650af8a3049e2c36b5c229d068dec838d1d3b987b
SSDEEP

12288:JtmKlhPQ+Yzg5rloFRNX5Y2IOxU3V8SNXPZjJbeXciR/2Z3QgK27g8bDvPKtJA3Z:zPgirGJlIPxv6XjR/IX2XhQdCh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
3a8e2ec61d4c52dd53b3b097b80c0a50_JaffaCakes118
unpack001/CTTBasic.exe
unpack001/DesktopFixer.exe
unpack001/FProtMod.sys
unpack001/FProtect.exe
unpack001/FileBackup.exe
unpack001/FixedWall.exe
unpack001/InstSvc.exe
unpack001/MemRes.exe
unpack001/PrgFlt.dll
unpack001/ProgFilter.exe
unpack001/RsvAgent.exe
unpack001/SMFDApp.exe
unpack001/SMFDDrv.Sys
unpack001/TrafficLogger.exe
unpack001/UnInstaller.exe
unpack001/UnRegDll.exe
unpack001/UserPassManager.exe
unpack001/WebInterception.new
unpack001/cdproc.dll
unpack001/clsdesk.exe
unpack001/iefence.exe
unpack001/pollock.exe
unpack001/rodexec.dll
unpack001/shrestart.exe
unpack001/trans.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

3a8e2ec61d4c52dd53b3b097b80c0a50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CTTBasic.exe
.exe windows:4 windows x86 arch:x86

6cb1b25b8d596ad92e2b9c3587a5e1fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetSystemTime
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetTimeZoneInformation
GetFileType
SetStdHandle
CloseHandle
ExitThread
CreateThread
RaiseException
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
ExitProcess
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetProcessVersion
GetFileTime
FileTimeToLocalFileTime
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
FormatMessageA
CreateEventA
SetThreadPriority
SetEvent
GetModuleFileNameA
lstrcmpA
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
SetLastError
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcpynA
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
GetLocalTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
HeapCreate
HeapReAlloc
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
GetLogicalDrives
Thread32First
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleA
LocalAlloc
LocalFree
WideCharToMultiByte
GlobalMemoryStatus
GetPrivateProfileStringA
CopyFileA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetCurrentProcess
GetLastError
HeapAlloc
GetVersionExA
GetFileSize
SetFilePointer
GetProcessHeap
HeapFree
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
GetDriveTypeA
MulDiv
FindResourceA
LoadResource
LockResource
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
CreateDirectoryA
GlobalAlloc
lstrcpyA
CreateProcessA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
WinExec
FindFirstFileA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetFileAttributesA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
WriteFile
FreeEnvironmentStringsW

user32

CharUpperA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
ValidateRect
PostQuitMessage
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
MoveWindow
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
GetTopWindow
TrackPopupMenu
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
wsprintfA
GetMenuItemCount
GetSubMenu
GetMenuItemID
SetActiveWindow
WinHelpA
GetMenu
GetClassInfoA
DestroyMenu
SetFocus
GetWindow
CharNextA
GetSysColorBrush
IsWindowEnabled
GetDlgCtrlID
IsIconic
GetFocus
IsChild
AdjustWindowRectEx
RegisterWindowMessageA
SetWindowLongA
ShowWindow
SetWindowPos
GetClassNameA
UpdateWindow
GetDlgItem
GetWindowDC
SetRect
SetCursorPos
GetAsyncKeyState
mouse_event
keybd_event
UnhookWindowsHookEx
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetSystemMetrics
LockWindowUpdate
IsWindow
CreatePopupMenu
AppendMenuA
GetCursorPos
KillTimer
SetTimer
DefWindowProcA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
RegisterClipboardFormatA
LoadCursorA
RegisterClassA
FindWindowA
PtInRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetDC
ReleaseDC
EnumWindows
GetWindowTextLengthA
GetDesktopWindow
GetWindowTextA
ScreenToClient
PostMessageA
LoadIconA
MessageBoxA
IsWindowVisible
GetParent
GetWindowRect
SetCursor
GetWindowLongA
SendMessageA
GetClientRect
CopyRect
FrameRect
InflateRect
FillRect
GetSysColor
OffsetRect
DrawStateA
DrawFocusRect
GetActiveWindow
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
InvalidateRect
GetIconInfo
RedrawWindow
LoadImageA
DestroyIcon
DestroyCursor
EnableWindow
LoadBitmapA
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
LPtoDP
GetBkColor
GetTextColor
DPtoLP
GetMapMode
Escape
ExtTextOutA
TextOutA
ScaleViewportExtEx
RectVisible
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
LineTo
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
BitBlt
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
Rectangle
Ellipse
GetPixel
FloodFill
CreateFontIndirectA
GetDIBits
SetDIBits
GetDeviceCaps
CreatePen
GetTextExtentPoint32A
DeleteDC
GetStockObject
SelectObject
DeleteObject
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
ChangeServiceConfigA
LookupAccountNameA
GetAce
RegEnumValueA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyA
AllocateAndInitializeSid
InitializeAcl
AddAce
FreeSid
RegGetKeySecurity

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitialize

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
VariantCopy
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

wininet

InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA

shlwapi

SHDeleteKeyA

url

InetIsOffline

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CTTBasic.kor
DesktopFixer.exe
.exe windows:4 windows x86 arch:x86

32e007993337156be530cc14770085b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2781
ord2770
ord924
ord356
ord941
ord5710
ord6877
ord2818
ord858
ord922
ord3181
ord860
ord926
ord4058
ord772
ord6142
ord500
ord4277
ord5860
ord1576
ord3178
ord6883
ord668
ord1168
ord537
ord541
ord6143
ord535
ord801
ord1105
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord800
ord540
ord4673
ord825
ord5861
ord823

msvcrt

_controlfp
_except_handler3
__set_app_type
__CxxFrameHandler
_setmbcp
_mbscmp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strchr
calloc
free

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
Sleep
CloseHandle
GetLastError
GetModuleHandleA
GetStartupInfoA
FindNextChangeNotification
GetCurrentProcess
SetProcessWorkingSetSize
WaitForSingleObject
FindFirstChangeNotificationA
DeleteFileA
CopyFileA
GetFileAttributesA
FindClose
FindNextFileA
RemoveDirectoryA
SetFileAttributesA
FindFirstFileA
CreateDirectoryA
GetWindowsDirectoryA
OutputDebugStringA
GetVersionExA
LocalFree
LocalAlloc
ExitProcess
LoadLibraryA
GetProcAddress

advapi32

RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FProtBg.bmp
FProtMod.sys
.sys windows:4 windows x86 arch:x86

ce1b937842a80b7e2abedcead10ee9fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

ExAcquireFastMutex
KeGetCurrentIrql
ExReleaseFastMutex

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
InterlockedIncrement
sprintf
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
strncpy
ExAcquireResourceSharedLite
IoFreeIrp
KeSetEvent
KeWaitForSingleObject
IofCallDriver
RtlAssert
KeGetCurrentThread
IoAllocateIrp
KeInitializeEvent
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strncmp
IoGetCurrentProcess
IoQueryVolumeInformation
ZwClose
ObfDereferenceObject
IoAttachDeviceByPointer
IoCreateDevice
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
ZwCreateFile
RtlInitUnicodeString
DbgPrint
ProbeForWrite
_except_handler3
IoDeleteDevice
IoDetachDevice
IofCompleteRequest
IoReleaseCancelSpinLock
wcsncpy
KeClearEvent
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
IoCancelIrp
InterlockedExchange
MmMapLockedPages
ExDeleteResourceLite
ExDeleteNPagedLookasideList
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
ExInitializeResourceLite
IoCreateSymbolicLink

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FProtect.exe
.exe windows:4 windows x86 arch:x86

f5bd5c8eb3d1b2b53e07fab577866cef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5683
ord4129
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord609
ord686
ord5214
ord296
ord860
ord2621
ord1200
ord2575
ord4396
ord3574
ord1146
ord1168
ord384
ord755
ord470
ord6905
ord2408
ord2862
ord3081
ord6215
ord6885
ord924
ord6886
ord2642
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord3663
ord926
ord6883
ord6143
ord6142
ord500
ord5860
ord6696
ord2096
ord3499
ord2515
ord355
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord6140
ord5861
ord5858
ord1105
ord4277
ord858
ord823
ord541
ord341
ord801
ord654
ord3301
ord3998
ord6907
ord2379
ord535
ord4243
ord693
ord3640
ord4402
ord2582
ord3874
ord4853
ord4224
ord537
ord6199
ord4234
ord2302
ord800
ord825
ord324
ord567
ord540
ord641
ord656
ord3610
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord772
ord2976
ord4425
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4376
ord6453
ord5265
ord1576

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
_mbscmp
exit
strchr
sprintf
__p___argv
ftell
fseek
fopen
fclose
fwrite
fread
free
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetVersionExA
lstrcpynA
CreateMutexA
ReleaseMutex
GetDriveTypeA
GetLogicalDrives
CreateFileA
GetLastError
GetCurrentDirectoryA
lstrlenA
FindFirstFileA
SearchPathA
FindClose
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
CopyFileA
LoadLibraryA
GetProcAddress
GetTickCount
DeviceIoControl
Sleep
CloseHandle
TerminateThread
GetVersion
GetFileAttributesA
GetStartupInfoA

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
FindWindowA
wsprintfA
MessageBoxA
GetCursorPos
CreatePopupMenu
SetForegroundWindow
AppendMenuA
SendMessageA
IsWindowVisible

advapi32

RegSetValueExA
InitializeAcl
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
GetAce
RegDeleteValueA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

comctl32

ord17

ole32

CoInitialize

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileBackup.exe
.exe windows:4 windows x86 arch:x86

d760c006db8fb6098a480ab8cdf0489e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord772
ord819
ord801
ord2514
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord568
ord500
ord541
ord324
ord4234
ord4287
ord3262
ord4710
ord1105
ord800
ord823
ord535
ord654
ord5863
ord5860
ord6883
ord341
ord4129
ord5683
ord922
ord4277
ord858
ord540
ord5608
ord2065
ord668
ord1980
ord5858
ord3319
ord3310
ord3181
ord4058
ord2781
ord2770
ord924
ord356
ord2818
ord537
ord2379
ord4376
ord5710
ord755
ord470
ord860
ord1576
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord6197
ord4673
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__CxxFrameHandler
_setmbcp
_mbscmp
_controlfp
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit

kernel32

GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
DeleteFileA
CopyFileA
FindFirstChangeNotificationA
GetCurrentProcess
SetProcessWorkingSetSize
WaitForMultipleObjects
ExitProcess
GetStartupInfoA
FindNextChangeNotification
GetLastError

user32

EnableWindow

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FixedWall.exe
.exe windows:4 windows x86 arch:x86

9ed1239ec86e78c4d19fbe92836533a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3147
ord561
ord825
ord815
ord823
ord617
ord800
ord540
ord4160
ord4204
ord537
ord5214
ord296
ord1576
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3738
ord4673
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_mbscmp
_controlfp
_setmbcp
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_stricmp

kernel32

SetFileAttributesA
GetWindowsDirectoryA
WideCharToMultiByte
GetVersionExA
Sleep
DeleteFileA
SetProcessWorkingSetSize
lstrlenA
GetModuleHandleA
GetStartupInfoA
ReleaseMutex
GetLastError
CreateMutexA
GetCurrentProcess
CopyFileA
MultiByteToWideChar

user32

MessageBoxA
SystemParametersInfoA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IEFence.eng
IEFence.kor
InstSvc.exe
.exe windows:4 windows x86 arch:x86

3218ca356b982c600e0b567fd9df27a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860
ord500
ord922
ord4277
ord5860
ord1567
ord690
ord1988
ord5207
ord6142
ord268
ord939
ord2393
ord940
ord5856
ord6143
ord772
ord5861
ord296
ord5214
ord617
ord561
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord1576
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord356
ord541
ord2770
ord2781
ord4058
ord3181
ord6883
ord1980
ord801
ord668
ord5683
ord4129
ord533
ord5194
ord6407
ord1997
ord798
ord2818
ord1168
ord941
ord535
ord926
ord823
ord537
ord924
ord825
ord540
ord858
ord389
ord800

msvcrt

_controlfp
_setmbcp
_stricmp
__CxxFrameHandler
strcpy
strlen
strcat
sprintf
_mbscmp
__p___argv
memset
free
calloc
strchr
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__dllonexit
atol
_onexit

kernel32

CloseHandle
OpenProcess
TerminateProcess
Process32Next
Process32First
DeleteFileA
MoveFileA
GetStartupInfoA
CreateToolhelp32Snapshot
CreateDirectoryA
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
FindNextFileA
LoadLibraryA
RemoveDirectoryA
FindClose
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
WinExec
GetWindowsDirectoryA
WritePrivateProfileStringA
CopyFileA
OutputDebugStringA
GetVersionExA
LocalFree
LocalAlloc
GetLastError
GetModuleHandleA
Sleep
WideCharToMultiByte

user32

PeekMessageA
GetMessageA
TranslateMessage
FindWindowA
SendMessageA
SendMessageTimeoutA
EnumWindows
DispatchMessageA

advapi32

FreeSid
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MemRes.exe
.exe windows:4 windows x86 arch:x86

91933f0a94df0352f39ad2fa8a8b4d5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
GlobalMemoryStatus
ReleaseMutex
GetLastError
CreateMutexA
LCMapStringA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringW

user32

SendMessageA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PrgFlt.dll
.dll windows:4 windows x86 arch:x86

11814fcb09c5ccabf9ce9f630eae2eef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetCurrentProcessId
CloseHandle
TerminateProcess
GetCurrentProcess
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SetWindowsHookExA
EnumWindows
CallNextHookEx
SendMessageA
SendMessageTimeoutA
UnhookWindowsHookEx

Exports

Exports

StartHook
StopHook

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProgFilter.exe
.exe windows:4 windows x86 arch:x86

a8f9b6c1f64730dcdf72a7946f2069a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord815
ord540
ord800
ord641
ord801
ord2514
ord858
ord4129
ord5683
ord537
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord825
ord5277
ord4627
ord4425
ord3597
ord6143
ord541
ord324
ord4234
ord2818
ord924
ord6199
ord4710
ord6215
ord535
ord4202
ord4277
ord6374
ord6453
ord6883
ord536
ord2379
ord823
ord5861
ord772
ord6142
ord860
ord500
ord5860
ord1576
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2124
ord4673
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
__p___argv
_setmbcp
_stricmp
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strchr
calloc
free
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
GetLastError
LocalAlloc
LocalFree
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
Process32Next
CloseHandle
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA

user32

EnableWindow
KillTimer
IsWindowVisible
FindWindowA
SendMessageA
SetTimer

advapi32

RegQueryValueExA
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegCreateKeyA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegCleaner.els
RsvAgent.exe
.exe windows:4 windows x86 arch:x86

9f4c70be04cf4d1c904e4ffe27959ed0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6140
ord500
ord541
ord341
ord5861
ord4277
ord2982
ord5860
ord5858
ord1576
ord6143
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord1168
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord535
ord537
ord858
ord860
ord941
ord940
ord6142
ord654
ord801
ord772
ord2818
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord5714
ord3147
ord823
ord540
ord800
ord825

msvcrt

calloc
__CxxFrameHandler
_setmbcp
_mbsicmp
_mbscmp
sprintf
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strchr
free
fopen
fprintf
fclose

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
HeapAlloc
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
HeapFree
GetProcessHeap
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
GetStartupInfoA

advapi32

GetUserNameA
GetLengthSid
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegCloseKey
RegGetKeySecurity
RegOpenKeyExA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
RegCreateKeyExA
RegQueryValueExA
GetAce
AddAccessAllowedAce
LookupAccountNameA
CopySid

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

wininet

FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA

shlwapi

SHDeleteKeyA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SMFDApp.exe
.exe windows:4 windows x86 arch:x86

c0c5545138b61dad6d57fee87139e092

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord324
ord825
ord801
ord2302
ord4234
ord6197
ord4710
ord537
ord535
ord858
ord4129
ord800
ord5710
ord2818
ord540
ord6199
ord6907
ord3998
ord924
ord4853
ord6883
ord922
ord3301
ord6675
ord3874
ord6143
ord939
ord941
ord2065
ord654
ord341
ord823
ord4277
ord1200
ord5858
ord5861
ord6140
ord1105
ord5683
ord798
ord1997
ord926
ord5465
ord860
ord5194
ord533
ord6407
ord6877
ord4202
ord2764
ord4673
ord567
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord609
ord5214
ord296
ord6696
ord2575
ord4396
ord3574
ord1146
ord1168
ord2379
ord755
ord470
ord3663
ord4220
ord2584
ord3654
ord6215
ord2438
ord6270
ord1644
ord3876
ord4224
ord772
ord6142
ord500
ord5860
ord541
ord641
ord656
ord693
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3610
ord3402
ord4407
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4376
ord4274
ord5265
ord1576

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
_mbscmp
atoi
exit
sprintf
strchr
__p___argv
free
calloc
__dllonexit
_onexit
_exit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_controlfp

kernel32

DeleteFileA
CloseHandle
LocalFree
FormatMessageA
GetLastError
Sleep
DeviceIoControl
GetTickCount
GetProcAddress
LoadLibraryA
CopyFileA
SetFileAttributesA
GetEnvironmentVariableA
FindClose
SearchPathA
FindFirstFileA
lstrlenA
GetCurrentDirectoryA
GetVersion
CreateFileA
CreateDirectoryA
GetFileAttributesA
ReleaseMutex
CreateMutexA
lstrcpynA
GetVersionExA
GetStartupInfoA
GetModuleHandleA
LocalAlloc

user32

GetWindowRect
GetCursorPos
CreatePopupMenu
AppendMenuA
SetForegroundWindow
IsWindowVisible
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
wsprintfA
MessageBoxA
IsIconic
EnableWindow
SendMessageA

advapi32

RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle

shell32

Shell_NotifyIconA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SMFDDrv.Sys
.sys windows:4 windows x86 arch:x86

562bfa8e993b5ea7324bf03293bd6aef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hal

ExAcquireFastMutex
KeGetCurrentIrql
ExReleaseFastMutex

ntoskrnl.exe

ExFreePool
ZwClose
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ExAllocatePoolWithTag
ZwOpenFile
ZwDeleteFile
sprintf
toupper
ZwQueryVolumeInformationFile
RtlInitUnicodeString
strncmp
IoGetCurrentProcess
strncpy
ExGetPreviousMode
KeGetCurrentThread
_except_handler3
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeServiceDescriptorTable
ZwSetInformationFile
IofCompleteRequest
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
RtlAssert
DbgPrint
MmMapLockedPagesSpecifyCache
IoDeleteDevice
IoDeleteSymbolicLink
ExInitializeResourceLite
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 576B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TrafficLogger.exe
.exe windows:4 windows x86 arch:x86

f1e9449537a1d453eee499c44ab6fa8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5858
ord858
ord2818
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord654
ord772
ord3337
ord924
ord3811
ord939
ord6140
ord4129
ord5683
ord537
ord341
ord500
ord1576
ord540
ord860
ord800
ord3259
ord825
ord1168

msvcrt

__p___argv
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fclose
fopen
__CxxFrameHandler
_setmbcp
fprintf

kernel32

Sleep
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
SetProcessWorkingSetSize

iphlpapi

GetIcmpStatistics
GetTcpStatistics
GetUdpStatistics

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnInstaller.exe
.exe windows:4 windows x86 arch:x86

cf73e9d09e7f506dc9517c5191e0c2a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord617
ord5214
ord296
ord3830
ord1200
ord5683
ord4129
ord1576
ord1168
ord535
ord823
ord537
ord924
ord825
ord540
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord858
ord800

msvcrt

_setmbcp
_stricmp
__CxxFrameHandler
_mbscmp
__p___argv
__dllonexit
_onexit
_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter

kernel32

GetModuleHandleA
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
FindClose
RemoveDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
CloseHandle
Process32Next
Sleep
DeleteFileA
GetStartupInfoA

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnRegDll.exe
.exe windows:4 windows x86 arch:x86

9d463227e661023572ea41de8d4f9155

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord5731
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord926
ord2818
ord540
ord535
ord537
ord1576
ord2512
ord2554
ord4486
ord6375
ord4274
ord3081
ord4673
ord1168

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argc
__p___argv
__CxxFrameHandler
_setmbcp
_acmdln

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
OutputDebugStringA

ole32

CoInitialize

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPassManager.eng
UserPassManager.exe
.exe windows:4 windows x86 arch:x86

d0489fe2d90212e50c8e30fe6c39bc55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
GetACP
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetFileType
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
RaiseException
GetCommandLineA
GetStartupInfoA
ExitProcess
RtlUnwind
SetErrorMode
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
lstrcpynA
MulDiv
SetLastError
WaitForSingleObject
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrlenA
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
WideCharToMultiByte
GetCurrentProcess
FreeLibrary
GetModuleHandleA
TerminateProcess
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
MultiByteToWideChar
GetModuleFileNameA
GetSystemDefaultLangID
GetPrivateProfileStringA
GetLastError
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
LCMapStringA

user32

DrawTextA
GrayStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
PostQuitMessage
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
PostMessageA
UpdateWindow
TabbedTextOutA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
BeginPaint
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SendDlgItemMessageA
EndPaint
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
RegisterWindowMessageA
GetWindowRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
PeekMessageA
GetMessageA
ClientToScreen
GetDC
ReleaseDC
ValidateRect
GetCursorPos
SetCursor
TranslateMessage
DispatchMessageA
EnableWindow
SendMessageA
wsprintfA
UnregisterClassA

gdi32

GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectA
SelectObject
DeleteObject
DeleteDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

InitializeAcl
LogonUserA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegGetKeySecurity
RegSetKeySecurity
GetLengthSid
InitializeSecurityDescriptor
LookupAccountNameA
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA

comctl32

ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserPassManager.kor
WebInterception.new
.dll regsvr32 windows:4 windows x86 arch:x86

2c8d43c05c2a1ec9bad3e697a6ed8d6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrlenA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
MultiByteToWideChar
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenW
lstrcmpiA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adfilter.dat
cdproc.dll
.dll windows:4 windows x86 arch:x86

67e2350fe9ed16db63ac087f557e2946

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExA
FindWindowA
FindWindowExA
CallNextHookEx
SendMessageA
PostMessageA

kernel32

VirtualFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

RemoveHook
SetHook

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clsdesk.exe
.exe windows:4 windows x86 arch:x86

8b6bf94260fb6887b494e0bed9a269ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord1089
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3262
ord4673
ord1168

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
__p__commode

kernel32

ReleaseMutex
CreateMutexA
Sleep
GetModuleHandleA
GetStartupInfoA
GetLastError

cdproc

ord2

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iefence.exe
.exe windows:4 windows x86 arch:x86

db749f541c129bbf129c80a490fa723e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2567
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2514
ord860
ord858
ord4129
ord5683
ord537
ord1134
ord641
ord795
ord693
ord801
ord3619
ord3721
ord5265
ord4998
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord1168
ord324
ord2302
ord4234
ord4710
ord755
ord470
ord6215
ord2086
ord6199
ord4376
ord1200
ord535
ord4278
ord3574
ord2827
ord6877
ord922
ord924
ord823
ord5861
ord2818
ord2582
ord4402
ord3370
ord3640
ord6143
ord541
ord6888
ord6907
ord3998
ord3301
ord472
ord4224
ord926
ord6453
ord3089
ord4476
ord2860
ord6883
ord772
ord6142
ord500
ord4277
ord5860
ord6696
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord5788
ord4297
ord4133
ord283
ord2122
ord1146
ord289
ord6880
ord1640
ord1641
ord613
ord2859
ord5875
ord540
ord3874
ord800
ord2864
ord5981
ord5053
ord2405
ord2379
ord4284
ord4275
ord5785
ord2414
ord3663
ord3626
ord825
ord567
ord556
ord323
ord609
ord809
ord6675
ord640
ord3571
ord3402
ord5277
ord5290
ord5710
ord2575
ord1576

msvcrt

_setmbcp
memset
__CxxFrameHandler
strlen
_ftol
_mbsnbcpy
strcpy
atoi
_mbscmp
__p___argv
free
calloc
strchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
WinExec
OutputDebugStringA
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
LocalAlloc
LocalFree
GetVersionExA
GetSystemDefaultLangID
GetPrivateProfileStringA
GetModuleFileNameA
GetStartupInfoA

user32

DestroyMenu
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
IsIconic
GetSystemMetrics
DrawIcon
LoadIconA
EnableWindow
FrameRect
LoadImageA
DestroyCursor
CreateIconIndirect
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
DestroyIcon
GetWindowLongA
SendMessageA
GetNextDlgTabItem
WindowFromPoint
GetActiveWindow
SetCursor
InvalidateRect
GetIconInfo
GetParent

gdi32

CreateFontIndirectA
CreateFontA
GetObjectA
SetPixel
GetPixel
CreateBitmap
SelectObject
SetBkColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject

advapi32

RegQueryValueExA
RegCreateKeyA
AllocateAndInitializeSid
FreeSid
RegDeleteKeyA
RegGetKeySecurity
RegSetKeySecurity
LookupAccountNameA
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetAce
SetSecurityDescriptorDacl
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoInitialize

winmm

PlaySoundA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pollock.exe
.exe windows:4 windows x86 arch:x86

7ff8689a563d23f666efb52992981033

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord1089
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1105
ord541
ord801
ord341
ord654
ord800
ord5858
ord6883
ord2818
ord540
ord858
ord6140
ord6143
ord535
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3079
ord4673
ord1168

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_mbscmp
_setmbcp
__setusermatherr

kernel32

ReleaseMutex
CreateMutexA
Sleep
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsWindowVisible
SendMessageA
IsWindow
GetParent
GetClassNameA
EnumWindows
MessageBoxA
GetDesktopWindow
GetWindowTextA
GetWindowTextLengthA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rodexec.dll
.dll regsvr32 windows:4 windows x86 arch:x86

120219ccfd1fb5a1013aad505ec7427d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\Project\CTTBasic\rodexec\export\rodexec.pdb

Imports

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
FlushFileBuffers
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
GetACP
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedCompareExchange
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GlobalFree
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
LockResource
GetThreadLocale
SetThreadLocale
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
ExitProcess
IsProcessorFeaturePresent

user32

RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetSysColor
GrayStringA
DrawTextExA
DrawTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
GetWindowTextA
SetWindowTextA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
CharNextA
DestroyWindow
DefWindowProcA
SetWindowLongA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
PeekMessageA
GetCursorPos
GetSysColorBrush
DestroyMenu
IsIconic
ShowWindow
GetClassInfoExA
LoadCursorA
ReleaseDC
GetDC
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
CallWindowProcA
PtInRect
UnionRect
SetFocus
IsChild
GetFocus
GetParent
IsWindow
InvalidateRect
GetKeyState
RegisterClassExA
CreateWindowExA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
CharUpperA
TabbedTextOutA

gdi32

ScaleWindowExtEx
GetStockObject
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SelectObject
Escape
ExtTextOutA
RectVisible
PtVisible
GetClipBox
SetTextColor
SetBkColor
DeleteObject
CreateBitmap
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
GetClipRgn

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
OleLoadFromStream
CoInitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleRegGetMiscStatus

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shrestart.exe
.exe windows:4 windows x86 arch:x86

db92b0187bb7a3953650526d0ecaf582

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord1089
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord801
ord654
ord800
ord4129
ord341
ord541
ord5858
ord5861
ord6140
ord6143
ord535
ord1576
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3831
ord4673
ord1168

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
_stricmp
_adjust_fdiv

kernel32

CloseHandle
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetStartupInfoA
TerminateProcess

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smfdopt.ini
smfdset.ini
trans.exe
.exe windows:4 windows x86 arch:x86

a18e3afb68e1af257179f97ddaab9c26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord5199
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1105
ord1576
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord2985
ord4274
ord1168

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
__p__commode

kernel32

ReleaseMutex
CreateMutexA
Sleep
GetCurrentProcess
SetProcessWorkingSetSize
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

SendMessageA
InvalidateRect
FindWindowA
FindWindowExA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 9KB - Virtual size: 9KB

6cb1b25b8d596ad92e2b9c3587a5e1fb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

shlwapi

url

Sections

.text Size: 492KB - Virtual size: 491KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 56KB - Virtual size: 69KB

.rsrc Size: 584KB - Virtual size: 581KB

32e007993337156be530cc14770085b0

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 696B

.rsrc Size: 4KB - Virtual size: 1KB

ce1b937842a80b7e2abedcead10ee9fc

Headers

File Characteristics

Imports

hal

ntoskrnl.exe

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 5KB

PAGE Size: 5KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

f5bd5c8eb3d1b2b53e07fab577866cef

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 492KB - Virtual size: 491KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 56KB - Virtual size: 69KB

.rsrc
Size: 584KB - Virtual size: 581KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 696B

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 5KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 164KB - Virtual size: 162KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 424B

.rsrc
Size: 4KB - Virtual size: 168B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB