4005ef8093d18af16858f1eda47f26de_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4005ef8093d18af16858f1eda47f26de_JaffaCakes118
Size

2.3MB
MD5

4005ef8093d18af16858f1eda47f26de
SHA1

7690a3185a328aaf4e6268b98ac9c3018135038c
SHA256

c8a753d2388077a63150af1997003a44ee60a370a0caad5b6c3838261629a27a
SHA512

27301d2fa21fd11908c7167a17f48e305608aa7f7c684587eb0f2ba8009ac3afe12d8a89026b6689270391b8efaecfa9c59c2de7afd5e79b161746eb684b3815
SSDEEP

49152:sr53uszRdIUZQ36PBwrnO2fnRJ/nkM8C+8:sr537z9aKPBknV/kWr

Score

9^/10

upx

Malware Config

Signatures

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack004/out.upx	Nirsoft
static1/unpack005/out.upx	Nirsoft

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx
static1/unpack001/$TEMP/xcmd.exe	upx
static1/unpack001/$_48_/$APPDATA/xcmd.exe	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
4005ef8093d18af16858f1eda47f26de_JaffaCakes118
unpack001/$PLUGINSDIR/MakeDll.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/registry.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/KillProcDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/inetc.dll
unpack003/$_10_/CCPMachineInfo.dll
unpack003/$_10_/Coopen.scr
unpack003/$_10_/CoopenActiveControl110.dll
unpack003/$_10_/CoopenLottery.cop
unpack003/$_10_/CoopenMainManager.dll
unpack001/$TEMP/xcmd.exe
unpack004/out.upx
unpack001/$_48_/$APPDATA/xcmd.exe
unpack005/out.upx
unpack001/Uninstall.exe

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/coopen_setup_100030.exe	nsis_installer_1
static1/unpack001/$TEMP/coopen_setup_100030.exe	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

4005ef8093d18af16858f1eda47f26de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MakeDll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllMain

Sections

CODE
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

cd53277eaa7bbb8fb5b2b678274dcb4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
SearchPathA
CloseHandle
CreateFileA
lstrcpynA
lstrcatA
FindFirstFileA
FindClose
lstrlenA
lstrcmpiA
lstrcpyA
GlobalFree
GlobalAlloc
WriteFile

user32

SendMessageA
FindWindowExA
GetDlgItem
wsprintfA
CharUpperA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStr
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHex
_Unload
_Write
_WriteExtra

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/coopen_setup_100030.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2a:22:5d:6d:d7
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

30-07-2010 07:33

Not After

30-07-2011 07:33

Subject

CN=北京首都在线网络技术有限公司,O=北京首都在线网络技术有限公司,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:2f:76:ab:a4:76:cc:11:a7:d3:95:d1:0d:12:f3:46:0b:b7:3a:c2
Signer

Actual PE Digest

cc:2f:76:ab:a4:76:cc:11:a7:d3:95:d1:0d:12:f3:46:0b:b7:3a:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PartnerDlg.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/install.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$_10_/$_10_/HttpDownloader.exe
.exe windows:4 windows x86 arch:x86

4095847f15924fd0fef7c9ebf1826f51

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16-12-2003 13:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05-02-2007 09:00

Not After

27-01-2014 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:23:5a:e0:e4:3b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

27-08-2009 07:10

Not After

27-08-2010 07:10

Subject

CN=Beijing Capital Online Network Technology Co.Ltd.,O=Beijing Capital Online Network Technology Co.Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:74:fe:a8:e1:18:3a:a1:0a:ac:b8:99:08:b9:e8:ce:89:45:99:6f
Signer

Actual PE Digest

c3:74:fe:a8:e1:18:3a:a1:0a:ac:b8:99:08:b9:e8:ce:89:45:99:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord858
ord924
ord800
ord5710
ord5683
ord860
ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord641
ord609
ord795
ord765
ord2514
ord2621
ord1134
ord665
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord4396
ord3574
ord3721
ord6055
ord1776
ord5290
ord3402
ord3698
ord823
ord1146
ord1168
ord567
ord2302
ord537
ord4160
ord2863
ord2379
ord755
ord470
ord2642
ord3092
ord5953
ord2645
ord4224
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord5265
ord5651
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
sprintf
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_XcptFilter
_setmbcp

kernel32

GetTempFileNameA
WideCharToMultiByte
GetCommandLineW
WaitForSingleObject
CreateProcessA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
LoadIconA
IsIconic
ShowWindow
EnableWindow
GetSystemMetrics
SendMessageA
SetDlgItemTextA
PostMessageA

shell32

CommandLineToArgvW

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_10_/$_10_/uninst.exe.nsis
$_10_/CCPMachineInfo.dll
.dll windows:4 windows x86 arch:x86

22abd1238fcf6f0b3b1549f2db91446e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord924
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord4204
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord860
ord922
ord540
ord2818
ord939
ord800
ord4202
ord3262
ord535
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit

kernel32

LocalFree
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
LocalAlloc

user32

wsprintfA
MessageBoxW
IsCharAlphaNumericA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetUserInfo

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_10_/Coopen.scr
.exe windows:4 windows x86 arch:x86

275692bec0100c18fbd1963bea45a23d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
ReadFile
GetFileSize
GetCommandLineA
SetThreadPriority
GetCurrentThread
FreeLibrary
GlobalLock
LoadLibraryA
GetModuleFileNameA
WritePrivateProfileStringA
GetStartupInfoA
GetModuleHandleA
GlobalUnlock
MultiByteToWideChar
GlobalFree
GetTickCount
Sleep
CreateThread
SetEvent
WideCharToMultiByte
OutputDebugStringA
GetPrivateProfileIntA
CreateFileA
FindFirstFileA
FindClose
FindNextFileA
WaitForSingleObject
GetVersionExA
CloseHandle
CreateEventA
GetSystemDirectoryA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetProcAddress

user32

wsprintfA
GetClientRect
FillRect
BeginPaint
GetWindowRect
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
RegisterClassA
LoadIconA
LoadCursorA
SystemParametersInfoA
PostQuitMessage
PostMessageA
GetSystemMetrics
CreateWindowExA
AdjustWindowRect
SetTimer
KillTimer
SetCursor
DefWindowProcA
EndPaint

gdi32

GetDeviceCaps
CreateDCA
StretchBlt
SetStretchBltMode
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SelectPalette
RealizePalette
GetDIBits
DeleteObject
SelectObject
DeleteDC
TextOutA

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegCloseKey
RegCreateKeyExA

ole32

StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

OleLoadPicture

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcrt

_onexit
__dllonexit
free
atoi
isdigit
atol
memmove
_except_handler3
_exit
srand
rand
_mbscmp
_strnicmp
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
time

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_10_/CoopenActiveControl110.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6aa21ccdbbbb0d1fd90240b162f05b98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
CreateFileW
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LocalFree

user32

IsChild
UnionRect
SetFocus
GetKeyState
PtInRect
GetFocus
GetClientRect
FindWindowW
SendMessageW
wsprintfW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
BeginPaint
DefWindowProcW
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
DestroyWindow
GetParent
ShowWindow

gdi32

GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
TextOutW
SetTextAlign
Rectangle
CreateRectRgnIndirect
CloseMetaFile
DeleteMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
DeleteDC

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemFree
CreateOleAdviseHolder
CoTaskMemAlloc
OleRegGetUserType
OleRegEnumVerbs

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame

atl

ord30
ord45
ord31
ord27
ord26
ord58
ord50
ord44
ord43
ord16
ord21
ord32
ord57
ord15
ord51
ord23
ord18

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

msvcrt

wcslen
wcscpy
fclose
malloc
realloc
memset
memcmp
??2@YAPAXI@Z
memcpy
??1type_info@@UAE@XZ
_adjust_fdiv
_purecall
_initterm
_CxxThrowException
free
wcscat
fgetws
_wfopen
swprintf
fwprintf
_wtoi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_10_/CoopenAir.exe
.exe windows:4 windows x86 arch:x86

7811f517d961bce7675eefabcb7f4606

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2a:22:5d:6d:d7
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

30-07-2010 07:33

Not After

30-07-2011 07:33

Subject

CN=北京首都在线网络技术有限公司,O=北京首都在线网络技术有限公司,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:f7:47:29:51:54:d9:c2:86:5f:93:16:b3:a5:5a:be:e4:6e:89:89
Signer

Actual PE Digest

27:f7:47:29:51:54:d9:c2:86:5f:93:16:b3:a5:5a:be:e4:6e:89:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
GetStartupInfoW
ExitProcess
RtlUnwind
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
GetACP
GetOEMCP
SetEnvironmentVariableA
FindResourceA
GlobalAddAtomA
GetProfileStringA
GetFileTime
GetFileSize
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
SizeofResource
GetProcessVersion
WritePrivateProfileStringW
GlobalFlags
lstrcmpiW
GetThreadLocale
MulDiv
SetLastError
lstrcpynW
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
GlobalUnlock
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrlenA
MultiByteToWideChar
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
GlobalFree
GetModuleFileNameW
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
lstrlenW
WideCharToMultiByte
GetCurrentThread
GetCurrentThreadId
CompareStringW
OutputDebugStringW
InterlockedIncrement
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReleaseMutex
CloseHandle
CreateMutexW
GetLastError
CreateEventW
GetVersionExA
ResetEvent

user32

GetSysColorBrush
RegisterClipboardFormatW
InvalidateRect
CharUpperW
PostThreadMessageW
SetFocus
AdjustWindowRectEx
ScreenToClient
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextW
GetDlgCtrlID
DestroyWindow
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetWindowLongW
RegisterWindowMessageW
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
SetWindowContextHelpId
IsDialogMessageW
MessageBeep
GetNextDlgGroupItem
GetWindow
GetTopWindow
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
PostMessageW
GetDesktopWindow
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
SetForegroundWindow
CopyRect
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
RegisterHotKey
PtInRect
GetClassNameW
OffsetRect
SetTimer
LoadIconW
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
FindWindowW
PostQuitMessage
IsWindow
LoadCursorW
InflateRect
CharNextW
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
LoadStringW
ShowWindow
MoveWindow
SetMenuItemBitmaps
SetWindowTextW
GetDC
SetActiveWindow
SetRect
CopyAcceleratorTableW
EndDialog
CreateDialogIndirectParamW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
IsChild
GetSysColor
ReleaseDC

gdi32

SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetStockObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
BitBlt
CreateCompatibleDC
GetTextColor
GetBkColor
GetMapMode
PatBlt
SelectObject
RestoreDC
SaveDC
DeleteDC
SetMapMode
LPtoDP
DPtoLP
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

comctl32

ord17

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantCopy
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
SysStringLen

urlmon

CoInternetSetFeatureEnabled

wininet

InternetGetConnectedState
InternetCheckConnectionW

winmm

timeGetTime

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_10_/CoopenLottery.Config
$_10_/CoopenLottery.cop
.dll windows:4 windows x86 arch:x86

d2100ef740f57bc1437c03b2d4968029

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
RaiseException
GetTimeZoneInformation
HeapSize
HeapReAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
SetEnvironmentVariableA
GetFileTime
GetFileSize
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
GetProcessVersion
GetLastError
GlobalFlags
lstrcmpiW
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
MulDiv
SetLastError
FormatMessageW
GetModuleHandleA
LoadLibraryA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
GetModuleHandleW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
lstrcpynW
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
LockResource
CloseHandle
lstrcmpW
GlobalDeleteAtom
lstrlenW
WideCharToMultiByte
GetCurrentThread
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
ExpandEnvironmentStringsW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
CompareStringW
InterlockedIncrement
GetPrivateProfileIntW
GetStartupInfoA
WritePrivateProfileStringW

user32

DestroyMenu
CharUpperW
PostThreadMessageW
LoadCursorW
GetClassNameW
UnregisterClassW
CharNextW
GrayStringW
DrawTextW
TabbedTextOutW
GetWindowDC
ClientToScreen
WindowFromPoint
LoadIconW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
SetPropW
GetPropW
CallWindowProcW
RegisterClipboardFormatW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
MoveWindow
GetDlgCtrlID
GetWindowTextW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
GetClientRect
SetFocus
SetRect
CopyAcceleratorTableW
OffsetRect
CopyRect
MapDialogRect
SetWindowContextHelpId
MessageBeep
IsWindow
IsChild
GetNextDlgGroupItem
GetWindow
GetTopWindow
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
PeekMessageW
LoadStringW
RemovePropW
GetSysColorBrush
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SetTimer
MessageBoxW
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
BringWindowToTop
PostMessageW
ShowWindow
SystemParametersInfoW
GetCursorPos
PtInRect
KillTimer
GetDC
GetWindowLongW
SetWindowLongW
ReleaseDC
UpdateWindow
SetWindowPos
EnableWindow
SetCursor
InvalidateRect
GetParent
GetWindowRect
CreateWindowExW
SendMessageW
GetSystemMetrics
DestroyWindow
GetDesktopWindow

gdi32

GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextColor
GetBkColor
ScaleWindowExtEx
GetMapMode
DeleteDC
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
SetMapMode
LPtoDP
DPtoLP
CreateBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
StretchBlt
DeleteObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

comctl32

_TrackMouseEvent
ord17

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleFlushClipboard
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
OleIsCurrentClipboard
CoRegisterMessageFilter

olepro32

ord253

oleaut32

SysStringLen
VariantChangeType
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
VariantInit

gdiplus

GdipFree
GdipCloneBrush
GdipAlloc
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateSolidFill
GdipDrawString
GdipDeleteBrush
GdipDeleteFont
GdipDrawImageI
GdipSetTextRenderingHint
GdipDrawImageRectI
GdipReleaseDC
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImagePointRectI
GdipDeleteGraphics
GdiplusStartup
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDeleteFontFamily
GdipCloneImage
GdipDisposeImage

wininet

InternetSetCookieW

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
CreatePlugInInstance
DestroyPlugInInstance

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_10_/CoopenMainManager.dll
.dll windows:4 windows x86 arch:x86

c46dbef156038cf8343e2004d38045a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GlobalFlags
SetLastError
GetModuleHandleA
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GetProcessVersion
RtlUnwind
CreateThread
ExitThread
GetCommandLineA
TerminateProcess
HeapAlloc
HeapFree
RaiseException
HeapSize
HeapReAlloc
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
lstrcpynW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetStringTypeA
GetStringTypeW
lstrcpyW
lstrcatW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrlenA
InterlockedIncrement
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetExitCodeThread
TerminateThread
OpenEventW
OpenProcess
lstrcmpW
ResetEvent
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetFileType
GetDriveTypeW
LocalFree
FormatMessageW
GetTempPathW
MulDiv
GetVersion
InterlockedDecrement
GetLastError
GetLocalTime
DuplicateHandle
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
SetCurrentDirectoryW
SetEndOfFile
GetFileSize
SetFilePointer
FlushFileBuffers
ReadFile
CopyFileW
DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
WriteFile
CreateFileW
GetModuleHandleW
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
SetPriorityClass
CreateFileA
DeviceIoControl
SetEvent
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
GetVersionExW
lstrlenW
GetModuleFileNameW
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
FreeLibrary
GetTickCount
LoadLibraryW
GetProcAddress
GetModuleFileNameA
GetSystemDirectoryW

user32

GetMessagePos
GetMessageTime
RemovePropW
GetPropW
SetPropW
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassW
GetClassInfoW
WinHelpW
GetTopWindow
CopyRect
AdjustWindowRectEx
LoadStringW
DestroyMenu
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageW
SetWindowsHookExW
GetLastActivePopup
PostThreadMessageW
DrawTextExW
FillRect
GetDesktopWindow
GetForegroundWindow
GetAncestor
GetWindowTextW
GetWindowThreadProcessId
RegisterWindowMessageW
SetWindowTextW
TrackMouseEvent
FindWindowExW
SetClassLongW
CreateDialogParamW
IsWindowEnabled
LoadBitmapW
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
CheckDlgButton
SetDlgItemInt
CheckRadioButton
GetDlgItemInt
IsDlgButtonChecked
DrawFocusRect
CallWindowProcW
GetCapture
MapWindowPoints
GetWindow
SetFocus
GetDlgItem
GetActiveWindow
SetActiveWindow
EnableWindow
IsWindow
GetDoubleClickTime
PostQuitMessage
SetForegroundWindow
GetSysColorBrush
UpdateWindow
DrawFrameControl
GetFocus
InvalidateRect
GetSysColor
DrawEdge
DrawStateW
SetRect
PostMessageW
EqualRect
GetParent
GetWindowDC
wsprintfW
InflateRect
ScreenToClient
IsWindowVisible
ClientToScreen
SetParent
GetWindowLongW
LoadIconW
SetWindowLongW
GetDC
SetCapture
MessageBoxW
FindWindowW
IsIconic
GetWindowPlacement
GetClassNameW
ReleaseCapture
SetWindowPos
ReleaseDC
SetTimer
LoadCursorW
SetCursor
KillTimer
GetCursorPos
PtInRect
GetWindowRect
GetSystemMetrics
GrayStringW
TabbedTextOutW
GetMenuItemCount
GetDlgCtrlID
UnregisterClassW
WindowFromPoint
UnhookWindowsHookEx
SystemParametersInfoW
OffsetRect
DestroyWindow
LoadImageW
DestroyIcon
ShowWindow
RegisterClassExW
CloseWindow
MoveWindow
DefWindowProcW
CreateWindowExW
SendMessageW
IsCharAlphaNumericW
wsprintfA
EndPaint
DrawTextW
GetClientRect
BeginPaint
SetMenuItemBitmaps

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetMapMode
PtVisible
RectVisible
Escape
RestoreDC
SaveDC
CreateBitmap
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateFontW
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetTextExtentPointW
GetNearestColor
SetBkMode
SetTextColor
ExtCreatePen
GetStockObject
TextOutW
GetDeviceCaps
GetPixel
BitBlt
CreateDIBSection
GetObjectA
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
PatBlt
DeleteDC
DeleteObject
GetObjectW

comdlg32

ChooseColorW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

ImageList_Destroy
ImageList_GetIcon
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ord17
ImageList_ReplaceIcon
PropertySheetW
ImageList_GetImageInfo
ImageList_Add

iphlpapi

GetAdaptersInfo

gdiplus

GdipGetStringFormatFlags
GdipGetFontHeight
GdipGetFontSize
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipSetSmoothingMode
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipCreateFromHDC
GdipDrawImageI
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateSolidFill
GdipCreateFontFromLogfontW
GdipSetStringFormatFlags
GdipCreateLineBrushFromRectI
GdipDrawImagePointsRectI
GdipGetLogFontW
GdipDeleteFontFamily
GdipReleaseDC
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeletePath
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateRegionPath
GdipAddPathPolygon
GdipCreatePath
GdipDrawPolygon
GdipFillRegion
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureString
GdipGetDC
GdipCloneBrush
GdipCreateStringFormat
GdipCreateFontFromLogfontA
GdipDrawImagePointsI
GdipCreateFontFromDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipDrawString
GdipGetImageHeight
GdipDrawImageRectRectI
GdipCreatePen1
GdipDrawRectangleI
GdipDeletePen
GdipAlloc
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipDeleteFont
GdipDeleteStringFormat
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateFont
GdipGetImageWidth

ole32

OleRun
CreateStreamOnHGlobal
OleInitialize
CoTaskMemFree
CoCreateInstance
OleDraw
OleCreate
OleSetContainedObject
CoUninitialize
CoInitialize
OleUninitialize

oleaut32

SysAllocString
OleLoadPicture
VariantClear
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SysFreeString

wininet

HttpQueryInfoW
InternetReadFile
InternetGetLastResponseInfoW
InternetGetConnectedState
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
HttpSendRequestW

shlwapi

PathFileExistsW
PathFindExtensionW
StrCmpIW
StrToIntW

psapi

EnumProcessModules
GetModuleBaseNameW

Exports

Exports

CreatePlugInInstance
DestroyPlugInInstance
MainPreTranslateMessage
MainRun

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_10_/Resource/Plugins/CoopenLottery.png
.png
$_10_/Resource/Plugins/CoopenNotepad.png
.png
$_10_/Resource/Plugins/CoopenSearchTool.png
.png
$_10_/Resource/Plugins/CoopenWeather.png
.png
$_10_/Resource/Plugins/border.png
.png
$_10_/Resource/Plugins/hover.png
.png
$_10_/Resource/Plugins/running.png
.png
$_10_/Resource/Plugins/tip.png
.png
$_10_/Resource/SkinFormal/Background.png
.png
$_10_/Resource/SkinFormal/Button_Channel.png
.png
$_10_/Resource/SkinFormal/Button_Close.png
.png
$_10_/Resource/SkinFormal/Button_Commit.png
.png
$_10_/Resource/SkinFormal/Button_Next.png
.png
$_10_/Resource/SkinFormal/Button_Pause.png
.png
$_10_/Resource/SkinFormal/Button_Play.png
.png
$_10_/Resource/SkinFormal/Button_Prev.png
.png
$_10_/Resource/SkinFormal/Button_Widget.png
.png
$_10_/Resource/SkinFormal/CheckC.png
.png
$_10_/Resource/SkinFormal/CheckU.png
.png
$_10_/Resource/SkinFormal/Indicator1.png
.png
$_10_/Resource/SkinFormal/Indicator2.png
.png
$_10_/Resource/SkinFormal/MainIcon.png
.png
$_10_/Resource/SkinFormal/Message.png
.png
$_10_/Resource/SkinFormal/Notify.png
.png
$_10_/Resource/SkinFormal/Progress.png
.png
$_10_/Resource/SkinFormal/Push_Cancel.png
.png
$_10_/Resource/SkinFormal/Push_Config.png
.png
$_10_/Resource/SkinFormal/Push_Confirm.png
.png
$_10_/Resource/SkinFormal/Push_Folder.png
.png
$_10_/Resource/SkinFormal/RadioC.png
.png
$_10_/Resource/SkinFormal/RadioU.png
.png
$_10_/Resource/SkinFormal/SkinClient.ini
$_10_/Resource/SkinFormal/SkinClose.ini
$_10_/Resource/SkinFormal/Synopsis1.ini
$_10_/Resource/SkinFormal/Synopsis1.png
.png
$_10_/Resource/SkinFormal/Synopsis2.png
.png
$_10_/Resource/SkinFormal/close.png
.png
$_10_/Resource/SkinFormal/downarrow.png
.png
$_10_/Resource/SkinFormal/hover.png
.png
$_10_/Resource/SkinFormal/leftarrow.png
.png
$_10_/Resource/SkinFormal/rightarrow.png
.png
$_10_/Resource/SkinFormal/setting.png
.png
$_10_/Resource/SkinFormal/uparrow.png
.png
$_10_/Templete/CoopenPhoto.jpg
.jpg
$_10_/Templete/DefaultCoopenWallpaper.jpg
.jpg
$_10_/Templete/ModeB.tpl
$_10_/Templete/ModeB_logo.jpg
.jpg
$_10_/Templete/ModeC.tpl
$_10_/conf/ChannelListReal.txt
$_10_/conf/PluginConfig.ini
$_10_/image/Photo/local Photo/B_0.jpg
.jpg
$_10_/image/Photo/local Photo/B_1.jpg
.jpg
$_10_/image/Wallpaper/coopen wallpaper/DefaultCoopenWallpaper.jpg
.jpg
$_10_/image/Wallpaper/local wallpaper/DefaultCoopenWallpaper.jpg
.jpg
$_10_/licence.txt
Coopen.exe
.exe windows:4 windows x86 arch:x86

37bdd694e262b9b644cfec8bf5405995

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2a:22:5d:6d:d7
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

30-07-2010 07:33

Not After

30-07-2011 07:33

Subject

CN=北京首都在线网络技术有限公司,O=北京首都在线网络技术有限公司,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:1f:12:42:63:4b:3d:4b:d3:9d:be:f8:64:04:52:cc:b8:7c:49:93
Signer

Actual PE Digest

ca:1f:12:42:63:4b:3d:4b:d3:9d:be:f8:64:04:52:cc:b8:7c:49:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexW
CloseHandle
TerminateProcess
OpenProcess
GetCurrentProcessId
GetVersionExW
Process32NextW
Process32FirstW
ReleaseMutex
WaitForSingleObject
LocalFree
GetCommandLineW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateProcessW
GetModuleFileNameW
CreateToolhelp32Snapshot
Sleep
GetOEMCP
GetACP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
SetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CopyFileW
FlushFileBuffers
SetFilePointer
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcess
GetModuleHandleA
GetStartupInfoW
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW
HeapReAlloc
HeapSize
VirtualAlloc
IsBadWritePtr
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr

user32

FindWindowExW
ShowWindow
wsprintfW
MessageBoxW
GetWindow
FindWindowW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CloseWindow

shell32

ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/v.txt
.vbs
$TEMP/xcmd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_48_/$APPDATA/$_49_
$_48_/$APPDATA/xcmd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_48_/$DESKTOP/$_49_
$_48_/$STARTMENU/$_49_
$_48_/$SYSDIR/game.ico
$_48_/$SYSDIR/taobao.ico
$_48_/1.html
$_48_/3.bat
$_48_/3.vbs
.vbs
$_48_/game.ico
$_48_/qq
.vbs
$_48_/qq.ico
$_48_/taobao.ico
$_48_/v.txt
.vbs
Uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oem.ini
֮.exe
.exe windows:4 windows x86 arch:x86

529e31f77e52cbf0a3f800a64416df7b

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30-04-2007 00:00

Not After

29-04-2012 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:43:34:d8:ea:88:95:32:91:21:c9:7d:8f:df:3a:d3
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

06-07-2009 00:00

Not After

06-07-2011 23:59

Subject

CN=Beijing ShengjingWanwei Technology Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Beijing ShengjingWanwei Technology Co.\,Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
midiStreamClose
midiStreamOut

ws2_32

recv
WSARecv
WSAGetLastError
connect
closesocket
send

imm32

ImmNotifyIME
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetLongPathNameW
WriteProcessMemory
ReadProcessMemory
VirtualProtect
lstrcmpW
SearchPathW
LoadLibraryA
CreateThread
TlsGetValue
CreateProcessW
GetModuleHandleW
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
ReadFile
GetFileSize
TlsSetValue
DeviceIoControl
OpenProcess
GlobalFree
LockResource
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProcessHeap
LocalFree
TerminateThread
GetExitCodeThread
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
SetEndOfFile
SetFilePointer
GetFileTime
WriteFile
TlsFree
TlsAlloc
GetFileAttributesW
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetVersion
FreeResource
LocalAlloc
SetProcessWorkingSetSize
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
CreateSemaphoreW
ReleaseSemaphore
FlushInstructionCache
FindFirstChangeNotificationW
CreateEventW
SetEvent
ResetEvent
lstrcmpiW
GetPrivateProfileIntW
SetFileAttributesW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetTempFileNameW
VirtualAlloc
VirtualFree
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
SetLastError
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
InterlockedCompareExchange
SetFileTime
GetLastError
WaitForMultipleObjects
FindNextChangeNotification
GetDiskFreeSpaceExW
CreateDirectoryW
InterlockedDecrement
lstrlenW
FindClose
FindNextFileW
WritePrivateProfileStringW
GetShortPathNameW
GetPrivateProfileStringW
FindFirstFileW
GetModuleFileNameW
CloseHandle
DeleteFileW
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
FindCloseChangeNotification
GetTickCount
GetTempPathW
lstrcatW
GetLocaleInfoW
WaitForSingleObject
CopyFileW
RemoveDirectoryW
CreateMutexW
ReleaseMutex
GetSystemDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
MoveFileW
ExpandEnvironmentStringsW
CreateFileW
SystemTimeToFileTime
GetSystemTime
GetVersionExW
GetCommandLineW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
TerminateProcess

user32

GetMenuInfo
PostQuitMessage
IsMenu
GetMenuStringW
GetMenuItemID
keybd_event
MapVirtualKeyW
CheckMenuRadioItem
SubtractRect
EndMenu
IsChild
EnumChildWindows
IntersectRect
RemoveMenu
SetCursorPos
DialogBoxParamW
LoadImageW
SetWindowPos
GetWindowRect
ShowWindow
SetWindowLongW
GetDlgItem
LoadStringW
SendMessageW
SetWindowTextW
GetWindowTextW
PostMessageW
EndDialog
SetFocus
MessageBoxW
IsIconic
UnhookWindowsHookEx
IsWindowVisible
SetPropW
RemovePropW
ScreenToClient
GetPropW
CheckDlgButton
EnableWindow
CreateWindowExW
IsWindow
InflateRect
CopyRect
SetWindowsHookExW
CallNextHookEx
MenuItemFromPoint
SystemParametersInfoW
SetParent
SetActiveWindow
CopyIcon
DrawIconEx
MoveWindow
RegisterClassExW
CopyImage
GetForegroundWindow
DestroyIcon
CloseClipboard
GetClientRect
EndPaint
GetSysColor
IsDlgButtonChecked
DrawEdge
DrawTextW
FillRect
BeginPaint
DestroyWindow
SetForegroundWindow
GetParent
DefWindowProcW
ReleaseDC
GetDC
OffsetRect
CallWindowProcW
GetWindowLongW
GetComboBoxInfo
PtInRect
GetCursorPos
GetKeyState
InvalidateRect
GetWindowTextLengthW
GetSystemMetrics
RegisterClipboardFormatW
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
GetAsyncKeyState
SetCursor
LoadCursorW
CharNextW
DrawIcon
LoadIconW
MapWindowPoints
GetDesktopWindow
SetDlgItemTextW
IsZoomed
SetWindowRgn
SetClipboardData
EmptyClipboard
OpenClipboard
WindowFromPoint
InsertMenuW
IsWindowEnabled
GetKeyboardLayoutNameW
LoadKeyboardLayoutW
LoadAcceleratorsW
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
CopyAcceleratorTableW
GetKeyNameTextW
GetClipboardData
GetMonitorInfoW
MonitorFromWindow
SetRect
RegisterHotKey
UnregisterHotKey
GetWindow
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
GetWindowDC
GetMenuState
EqualRect
GetGUIThreadInfo
GetSystemMenu
GetMenuItemInfoW
SetMenuInfo
GetMenuItemCount
CheckMenuItem
GetSysColorBrush
DestroyMenu
FindWindowW
GetWindowPlacement
SetWindowPlacement
TrackMouseEvent
UpdateWindow
RegisterWindowMessageW
GetWindowModuleFileNameW
SetWindowLongA
SetMenuItemInfoW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
GetMenu
SendMessageTimeoutW
EnumThreadWindows
GetClassNameW
GetMessagePos
SetCapture
ReleaseCapture
ShowCursor
KillTimer
ClientToScreen
SetTimer
RedrawWindow
GetFocus
DeleteMenu
GetAncestor
CreatePopupMenu
InsertMenuItemW
GetDlgItemTextW
LoadBitmapW
PeekMessageW
TranslateMessage
DispatchMessageW
CharUpperW
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeFreeStringHandle
DdeUninitialize
DdeInitializeW
DdeCreateStringHandleW
DdeNameService
GetMessageW
PostThreadMessageW
CharLowerW

gdi32

CreateRectRgnIndirect
FillRgn
GetDIBits
CreateDIBSection
MoveToEx
LineTo
CreateRoundRectRgn
CombineRgn
CreateRectRgn
SelectClipRgn
GetObjectW
GetTextMetricsW
SetBkColor
CreatePen
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePatternBrush
Rectangle
EnumFontsW
GetStockObject
SetTextColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
CopySid
SetSecurityDescriptorDacl

shell32

ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
DoEnvironmentSubstW
SHChangeNotify
SHFreeNameMappings
SHAppBarMessage
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

OleUninitialize
CoCreateGuid
CoGetInterfaceAndReleaseStream
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoGetMalloc
DoDragDrop
CoInitialize
CoCreateInstance
OleDraw
OleInitialize
RevokeDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CLSIDFromProgID
OleSetContainedObject
CoMarshalInterThreadInterfaceInStream
OleRun
CoTaskMemAlloc
OleCreate

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen

wininet

HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
InternetSetOptionW
InternetCanonicalizeUrlW
FtpGetFileSize
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetSetOptionA
DeleteUrlCacheEntryA
HttpAddRequestHeadersA
InternetConnectA
CommitUrlCacheEntryA
HttpOpenRequestA
DeleteUrlCacheEntryW
InternetCrackUrlW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
HttpQueryInfoW
InternetGetConnectedState
FindFirstUrlCacheEntryW

dsound

ord1

shlwapi

StrStrIA
PathMatchSpecA
UrlCanonicalizeW
PathFileExistsW
PathRemoveFileSpecW
SHEnumKeyExW
StrCpyNW
StrCmpW
PathIsUNCW
UrlIsW
SHQueryInfoKeyW
StrRetToBufW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
UrlGetPartW
SHAutoComplete
PathIsRootW
PathFindFileNameW
UrlCombineW
PathMatchSpecW
UrlIsOpaqueW
StrStrIW
PathCombineW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathIsURLW
SHGetValueW
SHEnumValueW
PathFindFileNameA

msvcrt

swscanf
fseek
ftell
fread
_wtol
_ltow
malloc
free
_wfopen
fwprintf
fclose
iswdigit
swprintf
vswprintf
wcsncmp
_ftol
_wtoi
_except_handler3
wcscat
_snprintf
_itow
wcschr
time
_wcsnicmp
_beginthreadex
memmove
wcscmp
_wcsicmp
wcsstr
??2@YAPAXI@Z
wcsrchr
wcsncpy
wcscpy
_snwprintf
wcslen
wcspbrk
__CxxFrameHandler
gmtime
wcsftime
localtime
_ui64tow
_wtoi64
_i64tow
wcsncat
fopen
fwrite
_purecall
mktime
fputs
strrchr
strncpy
strchr
iswspace
wcstod
realloc
strpbrk
strstr
sscanf
iswlower
atoi
sprintf
_strlwr
strncat
_CIpow
strncmp
_atoi64
fputws
wcstok
exit
scanf
printf
isalnum
toupper
towlower
towupper
_ismbslead
fprintf
_strnicmp
fgets
rewind
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
_stricmp
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_wstrtime

urlmon

ObtainUserAgentString
CoInternetGetSession
CoInternetCombineUrl
CoGetClassObjectFromURL
RegisterBindStatusCallback
RevokeBindStatusCallback

netapi32

Netbios

gdiplus

GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipLoadImageFromStream
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageWidth

wintrust

WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

comctl32

ImageList_DragEnter
ImageList_BeginDrag
ImageList_GetIconSize
ord16
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Duplicate
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_Destroy
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_Add
ImageList_SetBkColor
ImageList_Draw

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
֮.ini

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 333KB - Virtual size: 333KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 70B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 20KB - Virtual size: 20KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 838B

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 16KB - Virtual size: 16KB

CODE
Size: 333KB - Virtual size: 333KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 70B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 838B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 193KB

.reloc
Size: 2KB - Virtual size: 1KB