3ff72893ec291d5bd25ef96407c8588a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ff72893ec291d5bd25ef96407c8588a_JaffaCakes118
Size

1.1MB
MD5

3ff72893ec291d5bd25ef96407c8588a
SHA1

43893024e1af8279244b6362e14dd2d0a116d895
SHA256

0e2f63c224dabf193a3cf8a437ea5820c7fd91655db8d29d2e1e74729ffb9914
SHA512

bb06152ed77582460d6fcbdc46f8b4cec64c13ba14cdd45c50d03118ee44feaa9790e65dc7c2acd0a80891515553cd15e761363a7f27557ede605381cae51f08
SSDEEP

24576:ASofM5OVWqOUeEHxqWlJbpRyfjQT60JfZHLid0HPX3Z:LofM5tqO7DWlJbpRyjB0xlEEp

Score

3^/10

Malware Config

Signatures

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gnsurfcontrol.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack002/ExeHook.dll
unpack002/JpgVSbmp.dll
unpack002/MonUrlExt.dll
unpack002/NMSashok.dll
unpack002/NMUI.exe
unpack002/NMUrlMon.dll
unpack002/PopHTMLTip.dll
unpack002/ScreenLogView.exe
unpack002/SoftUpdate.dll
unpack002/configcenter.dll
unpack002/dib.dll
unpack002/ftslsp.dll
unpack002/gnbsetupcn.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/gnblock.dll
unpack003/gnblock_tmp.dll
unpack003/language/simpchinese.dll
unpack003/language/simpchinese_tmp.dll
unpack002/res.dll
unpack002/security.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/gnsurfcontrol.exe	nsis_installer_1
static1/unpack002/gnbsetupcn.exe	nsis_installer_1

Files

3ff72893ec291d5bd25ef96407c8588a_JaffaCakes118
.rar
gnsurfcontrol.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/showtaskicon.bmp
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetPassword.ini
$PLUGINSDIR/SetShortCut.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ExeHook.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9e43006c44f00e70ad08806a941bb52f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Gn\网络监护\Release\ExeHook.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetLastError
lstrcpynW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpyW
GetModuleFileNameW
lstrcatW
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcmpiW
GetModuleHandleW
GetLocalTime
GetStringTypeW
GetStringTypeA
GetCPInfo
SetFilePointer
lstrlenW
WriteFile
CloseHandle
OutputDebugStringW
InterlockedIncrement
GetOEMCP
FlushFileBuffers
SetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
VirtualQuery
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
VirtualProtect
GetSystemInfo
FreeEnvironmentStringsW

user32

MessageBoxW
FindWindowW
SendMessageW
PostMessageW
CharNextW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW

shell32

SHGetFileInfoW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysStringLen
LoadRegTypeLi
VarUI4FromStr
VariantInit
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shlwapi

SHGetValueW
PathFindExtensionW
SHSetValueW
SHDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IntegralUnit.ini
JpgVSbmp.dll
.dll windows:4 windows x86 arch:x86

8ee1425373dbd6acff15e99152ac0ffb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetACP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
GetFileTime
GetFileAttributesA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
HeapFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
WideCharToMultiByte
InterlockedIncrement
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
SetLastError
InterlockedDecrement
lstrlenA
lstrcmpA
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
CreateFileA
CloseHandle
GlobalHandle

user32

GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuItemCount
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
WinHelpA
GetDlgItem
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetSystemMetrics
CharUpperA
wsprintfA
UnhookWindowsHookEx
GetActiveWindow
MessageBoxA
GetClientRect
ClientToScreen
GetClassInfoA
RegisterClassA
GetWindowRect
GetSysColor
LoadCursorA
SetCursor
GetDC
ReleaseDC
UnregisterClassA
SetMenuItemBitmaps

gdi32

CreatePalette
GetObjectA
BitBlt
RealizePalette
CreateCompatibleDC
StretchBlt
GetPaletteEntries
GetDeviceCaps
GetSystemPaletteEntries
CreateDIBitmap
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateDIBSection
CreateHalftonePalette
StretchDIBits
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BmpToJpg
DIBToJpg
JpgToBmp
PaintJPG
PaintJPG2
PaintJPG3
PaintJPG4

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5c8e75619cbfcc346fe66a97292c0e53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Gn\网络监护\Release\MonUrlExt.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
GetLastError
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
lstrcmpA
GetCurrentThreadId
GetCurrentProcess
WriteProcessMemory
GetProcAddress
LockResource
GetEnvironmentVariableA
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableA
CloseHandle
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FlushFileBuffers

user32

FindWindowA
SendMessageTimeoutA
CharNextA
RegisterWindowMessageA
CreateWindowExW
DestroyWindow
GetClassNameA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA

shell32

SHGetFileInfoA

ole32

StringFromCLSID
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysStringLen

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA
SHSetValueA
PathFindExtensionA

oleacc

ObjectFromLresult

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMSashok.dll
.dll windows:4 windows x86 arch:x86

dd58aa8fd4fb1e4725106663565715c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\NMUI\release\NMSashok.pdb

Imports

kernel32

lstrcmpA
CloseHandle
GetSystemInfo
VirtualProtect
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
ExitProcess
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

OpenDesktopA
EnumDesktopWindows
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
CallNextHookEx
CallWindowProcA
GetWindowTextA

Exports

Exports

DisableHotKey

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMUI.exe
.exe windows:4 windows x86 arch:x86

9d677fb176f5d28f8003f146ba46f63c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Gn\网络监护\Release\NMUI.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

ord17
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy

dib

CopyWindowToDIB
CopyScreenToDIB
PaintDIB
PaintBitmap
ConvertDIBToGray

jpgvsbmp

DIBToJpg

nmurlmon

SaveToken
ChangeToken
CheckToken

kernel32

SetErrorMode
GetFileAttributesW
GetFileTime
GetStartupInfoW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentDirectoryW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
SetEvent
SetThreadPriority
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
GetVersionExA
FreeResource
SetLastError
GlobalLock
GlobalUnlock
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileSize
ReadFile
GetPrivateProfileSectionW
WritePrivateProfileStringW
MoveFileExW
RemoveDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetModuleFileNameW
lstrcmpW
OpenFileMappingW
GetPrivateProfileStringW
TerminateProcess
CreateEventW
CreateFileMappingW
Sleep
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetCurrentThread
GetCurrentProcess
LocalAlloc
GetSystemDirectoryW
lstrcatW
lstrcpyW
MulDiv
lstrlenA
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpynW
GetLastError
FormatMessageW
LocalFree
CreateFileW
SetFilePointer
lstrlenW
WriteFile
CloseHandle
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
ResumeThread
GetTickCount
HeapSize

user32

CopyAcceleratorTableW
wsprintfW
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
CharNextW
EndPaint
BeginPaint
GetDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
DestroyMenu
SetMenuItemBitmaps
EnableMenuItem
GetMenuCheckMarkDimensions
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
InvalidateRgn
MessageBoxW
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
EqualRect
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
CharUpperW
GetNextDlgGroupItem
MessageBeep
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
ReleaseCapture
SetCapture
ScreenToClient
SetRect
PtInRect
IsRectEmpty
UnregisterClassW
GetFocus
DestroyIcon
RegisterHotKey
IsWindow
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
LoadIconW
IsWindowVisible
GetClientRect
IsIconic
SendMessageW
RemoveMenu
GetSubMenu
CheckMenuItem
DeleteMenu
RegisterClipboardFormatW
PostThreadMessageW
FindWindowW
PostMessageW
SetForegroundWindow
MoveWindow
GetParent
KillTimer
SetTimer
LoadBitmapW
ExitWindowsEx
CreateWindowExW
SetWindowLongW
DrawTextW
DrawFocusRect
GetWindowLongW
CallWindowProcW
LoadCursorW
SetCursor
GetSysColorBrush
FillRect
GetWindowRect
GetWindowDC
ReleaseDC
InvalidateRect
SetWindowPos
TrackMouseEvent
SystemParametersInfoW
GetSystemMetrics
GetSysColor
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetMenuItemCount
InflateRect
CopyRect
DrawStateW
GetDlgItemTextA
EnableWindow
AdjustWindowRectEx
RegisterWindowMessageW

gdi32

GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
CreateRectRgnIndirect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW
CreateSolidBrush
TextOutW
RectVisible
ExtSelectClipRgn
GetTextMetricsW
CreatePen
MoveToEx
LineTo
RestoreDC
SaveDC
ExtTextOutW
GetClipBox
GetDeviceCaps
SetPixelV
GetStockObject
CreateFontW
SetTextColor
SetBkMode
GetPixel
CreateCompatibleDC
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject
DeleteDC
GetObjectW
PtVisible

msimg32

GradientFill

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
ChangeServiceConfigW
StartServiceW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
Shell_NotifyIconW
ExtractIconW
SHGetSpecialFolderPathW

shlwapi

SHGetValueW
PathFileExistsW
SHSetValueW
SHSetValueA
SHDeleteKeyW
SHDeleteValueW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleFlushClipboard
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoUninitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantCopy
SysAllocStringLen
SysStringLen
VariantClear
SysAllocString
SysFreeString

urlmon

CreateURLMoniker

wininet

InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetQueryOptionW

nmsashok

DisableHotKey

ws2_32

WSCEnumProtocols

iphlpapi

GetAdaptersInfo

netapi32

Netbios

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NMUrlMon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

01e96491ca693fd0ac73fade4fe015f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Gn\网络监护\Release\NMUrlMon.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
MultiByteToWideChar
WriteFile
lstrlenA
SetFilePointer
lstrlenW
GetLastError
lstrcatA
SetEnvironmentVariableA
GetEnvironmentVariableA
LCMapStringA
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
TlsFree
TlsAlloc
CreateDirectoryA
FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpiA
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
lstrcmpA
LoadLibraryA
GetCurrentProcessId
TlsGetValue
GetCurrentThreadId
WideCharToMultiByte
TlsSetValue
HeapDestroy
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetProcAddress
GetProcessHeap
HeapFree
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FlushFileBuffers
CreateThread
SetLastError
GetCPInfo
GetOEMCP
LCMapStringW
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess

user32

SetWindowTextA
FindWindowA
SendMessageTimeoutA
CallWindowProcA
DefWindowProcA
SetWindowLongA
GetWindowLongA
GetKeyState
GetWindowTextA
SetWindowsHookExA
CallNextHookEx
FindWindowExA
GetWindowThreadProcessId
GetClassNameA
GetParent
SendMessageA
UnhookWindowsHookEx
CharNextA
IsWindow

advapi32

RegEnumKeyExA
LookupAccountNameA
InitializeAcl
AddAccessAllowedAce
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

StringFromCLSID
CoCreateInstance
StringFromGUID2
CoTaskMemFree

shell32

SHGetFileInfoA

oleaut32

VariantClear
VarUI4FromStr
LoadRegTypeLi
DispCallFunc
SysAllocString
SysFreeString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
VarBstrCat
SysAllocStringLen
VariantInit

shlwapi

SHGetValueA
SHSetValueA
SHDeleteKeyA
PathFindFileNameA
PathRemoveFileSpecA
SHDeleteValueA
PathFindExtensionA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

Bcazsj
ChangeToken
CheckToken
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
SaveToken

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PopHTMLTip.dll
.dll regsvr32 windows:4 windows x86 arch:x86

03635043a9a9ed3b0ef44b64dd982dc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\提示信息控件\PopHTMLTip\Release\PopHTMLTip.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrcpyA
GetModuleFileNameA
lstrcatA
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
IsDBCSLeadByte
MulDiv
lstrcmpA
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
MultiByteToWideChar
GetVersionExA
CloseHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
VirtualProtect
ExitProcess
RtlUnwind
InitializeCriticalSection
RaiseException
GetLastError
lstrlenW
SetFilePointer
lstrlenA
WriteFile
GetStringTypeW

user32

UnregisterClassA
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
SetWindowPos
GetWindowRect
GetClientRect
ShowWindow
SetTimer
IsWindow
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
GetDlgItem
KillTimer
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
CallWindowProcA
CharNextA
RegisterWindowMessageA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
SystemParametersInfoA
LoadCursorA
wsprintfA
GetClassInfoExA
SendMessageA
SetFocus

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2

shell32

SHGetFileInfoA

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
VariantChangeType
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc

shlwapi

PathFindExtensionA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateSolidBrush
DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ScreenLogView.exe
.exe windows:4 windows x86 arch:x86

7f03fc4b6dc6564d9c8f68efd087093b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Gn\网络监护\Release\ScreenLogView.pdb

Imports

jpgvsbmp

PaintJPG2

kernel32

GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetStartupInfoA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MultiByteToWideChar
GetLastError
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
GetStringTypeExA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalUnlock
GlobalLock
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpW
lstrcatA
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
CreateFileA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
WritePrivateProfileStringA
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
RaiseException
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetTickCount
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
GlobalFindAtomA

user32

GetDCEx
LockWindowUpdate
SetParent
GetMenuItemInfoA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
LoadBitmapA
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindowRect
GetClientRect
SetTimer
KillTimer
SetCapture
LoadCursorA
EnableWindow
GetMenuCheckMarkDimensions
SendMessageA
GetSysColor
ClipCursor
ReleaseCapture
SetCursor
RegisterWindowMessageA
wsprintfA
LoadMenuA
DestroyMenu
GetClassNameA
SetWindowPos
WinHelpA
SetFocus
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetKeyState
GetDlgCtrlID
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetMenu
UnpackDDElParam
ReuseDDElParam
LoadIconA
GetClassInfoA
PeekMessageA
GetCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
CharNextA
DestroyIcon
WindowFromPoint
SetRect
DispatchMessageA
GetSysColorBrush
UpdateWindow
GetSystemMetrics
CharUpperA
TranslateAcceleratorA
IsWindowEnabled
GetWindow
GetDesktopWindow
IsWindow
GetWindowLongA
ShowWindow
SetMenu
PostMessageA
BringWindowToTop
GetLastActivePopup
CopyRect
SetRectEmpty
OffsetRect
IntersectRect
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
InsertMenuItemA
IsIconic

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateFontA
GetCharWidthA
DeleteObject
StretchDIBits
DeleteDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
SelectObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

DragFinish
ExtractIconA
SHGetFileInfoA
DragQueryFileA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindExtensionA
SHSetValueA
PathFindFileNameA
PathStripToRootA
SHGetValueA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantClear

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SoftUpdate.dll
.dll windows:4 windows x86 arch:x86

ae237b0a6eba2e101cffd40db7c1e636

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Gn\网络监护\Release\SoftUpdate.pdb

Imports

kernel32

GetModuleFileNameA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
SizeofResource
lstrcpyA
LoadResource
FindResourceA
FindResourceExA
GetTempPathA
GetWindowsDirectoryA
MoveFileA
MoveFileExA
DeleteFileA
CreateDirectoryA
GetShortPathNameA
OutputDebugStringA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetSystemDirectoryA
lstrcatA
CreateFileA
WriteFile
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LockResource
InterlockedExchange
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOEMCP

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

shlwapi

SHGetValueA
PathRemoveFileSpecA
SHDeleteKeyA
SHSetValueA

wininet

InternetReadFile
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetPEFileVersion
RebootUpdate
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
configcenter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dd5133e02e9b866ec88d8999df490b21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
DeleteFileW
CopyFileW
OutputDebugStringW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
GetModuleFileNameW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
DebugBreak
lstrlenA
lstrcpynW
CloseHandle
WriteFile
CreateFileW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
lstrcatW
GetPrivateProfileSectionW
GetPrivateProfileIntW
lstrcpyW
DisableThreadLibraryCalls

user32

DialogBoxParamW
GetActiveWindow
MessageBoxW
SetWindowLongW
wvsprintfW
LoadStringW
EndDialog
SetDlgItemTextW
CharNextW
CharLowerW
SendMessageW
GetDlgItemTextW
FindWindowW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString

shlwapi

SHDeleteKeyW
SHGetValueW
PathFileExistsW
SHSetValueW

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW

msvcrt

wcslen
??2@YAPAXI@Z
memcmp
_except_handler3
wcscmp
_itow
__CxxFrameHandler
memset
free
_initterm
malloc
_adjust_fdiv
iswdigit
wcschr
_wtoi
memcpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ManagerConfig
UpdateConfig

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dib.dll
.dll windows:4 windows x86 arch:x86

40f2dcddfddf54dc53ce2ffda36cd0a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
HeapCreate
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
CloseHandle
HeapDestroy
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
RaiseException
TerminateProcess
ExitProcess
GetCommandLineA
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetFileTime
GetFileAttributesA
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
CreateFileA
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
HeapFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
MultiByteToWideChar
LoadLibraryA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetLastError
lstrcpynA
GetModuleHandleA
GetProcAddress
SetLastError
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
SetFilePointer
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc

user32

GetTopWindow
AdjustWindowRectEx
MapWindowPoints
LoadIconA
LoadStringA
DestroyMenu
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GetMenuItemCount
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
CopyRect
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GetIconInfo
GetSysColorBrush
FillRect
GetSysColor
ScreenToClient
GetClientRect
GetCapture
WinHelpA
ClientToScreen
GetWindowRect
IsRectEmpty
LoadCursorA
SetCursor
GetDC
ReleaseDC
GetClassNameA
wsprintfA

gdi32

CreatePalette
GetObjectA
GetSystemPaletteEntries
GetDeviceCaps
CreateDIBitmap
RealizePalette
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
BitBlt
StretchBlt
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateHalftonePalette
GetPaletteEntries
CreateCompatibleBitmap
CreateDCA
StretchDIBits
Rectangle
CreateSolidBrush
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BytesPerLine
ConvertDIBFormat
ConvertDIBToGray
CopyClientRectToBitmap
CopyClientRectToDIB
CopyScreenToBitmap
CopyScreenToDIB
CopyWindowToBitmap
CopyWindowToDIB
DIBBitCount
DIBHeight
DIBNumColors
DIBToIconFile
DIBWidth
DestroyDIB
DrawTransparentBitmap
GetIconSizeColor
IconToDIB
LoadDIB
PaintBitmap
PaintDIB
ReadDIBFromIconFile
SaveDIB
WriteIconToIconFile
ZoomIn

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftslsp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ae65ad9422d094c32aeee693a12711a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
LeaveCriticalSection
GetProcAddress
InitializeCriticalSection
ExpandEnvironmentStringsW
EnterCriticalSection
GlobalFree
OutputDebugStringW
GetLastError
GetModuleFileNameW
FreeLibrary
GlobalAlloc
LoadLibraryW

user32

wsprintfW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

ws2_32

WSASetLastError
inet_addr
WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSCWriteProviderOrder
htons
WSCGetProviderPath

msvcrt

atoi
_adjust_fdiv
malloc
_initterm
free
_vsnwprintf
_except_handler3
strchr
strncpy
wcscpy

Exports

Exports

DllRegisterServer
DllUnregisterServer
Resume
WSPStartup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gnbsetupcn.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
filter.ini
gnblock.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c855890e542ff764c91171778ab2e93f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetVersionExA
WritePrivateProfileStringA
GetShortPathNameA
GetWindowsDirectoryA
MoveFileExA
TlsFree
TlsAlloc
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetProcAddress
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LoadLibraryA
WaitForSingleObject
CreateThread
TlsSetValue
lstrcmpW
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetSystemDefaultLangID
Sleep
lstrcmpiA
WriteProcessMemory
GlobalLock
GlobalUnlock
WideCharToMultiByte
lstrcpyW
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
InterlockedDecrement
lstrcmpA
TlsGetValue
DebugBreak
DeleteFileA
WritePrivateProfileSectionA
GetLastError
CreateFileA
WriteFile
CloseHandle
OutputDebugStringA
lstrcpyA
lstrcatA
CreateDirectoryA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
GetCurrentProcess
FlushInstructionCache
InterlockedIncrement
lstrlenA
LoadLibraryExA

user32

KillTimer
UnhookWindowsHookEx
SetWindowsHookExA
SetTimer
ShowWindow
CharUpperW
SetWindowLongW
IsWindowUnicode
SetDlgItemTextA
SetWindowLongA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetMenuStringA
GetWindow
IsWindowEnabled
FindWindowExW
GetWindowTextW
SendMessageTimeoutA
EndDialog
wsprintfA
TrackPopupMenu
DestroyMenu
InsertMenuA
AppendMenuA
CreatePopupMenu
ModifyMenuA
EnableMenuItem
IsWindowVisible
IsIconic
GetWindowLongW
LoadMenuA
GetParent
GetWindowLongA
DefWindowProcA
SendMessageA
GetDlgItem
EnableWindow
GetWindowTextLengthA
SetFocus
CharLowerA
GetDlgItemTextA
SetCursor
LoadCursorA
GetWindowTextA
CheckMenuItem
IsWindow
CallWindowProcA
FindWindowExA
PtInRect
GetWindowRect
GetSubMenu
RegisterWindowMessageA
ReleaseDC
GetDC
DrawTextA
ShowScrollBar
LockWindowUpdate
CheckRadioButton
LoadBitmapA
LoadIconA
CopyRect
CreateWindowExA
CreateWindowExW
DestroyWindow
PostMessageA
IsCharAlphaA
ClientToScreen
GetClassNameA
GetWindowThreadProcessId
GetKeyState
EnumThreadWindows
PostThreadMessageA
CallNextHookEx
IsDlgButtonChecked
CheckDlgButton
CharNextA
wvsprintfA
MessageBoxA
GetActiveWindow
DialogBoxParamA
GetFocus
GetCursorPos
ScreenToClient
LoadStringA
SetWindowTextA
GetSystemMetrics

gdi32

GetDeviceCaps
DPtoLP
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
IsTextUnicode
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

GetHGlobalFromStream
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

DispCallFunc
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi

shlwapi

PathMatchSpecA
SHGetValueA
PathFindFileNameA
PathRemoveFileSpecA
SHDeleteKeyA
SHSetValueA

winmm

PlaySoundA

urlmon

CoInternetGetSession

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpOpenRequestA
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
InternetConnectA
InternetOpenA

oleacc

ObjectFromLresult

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA
InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_SetImageCount
ImageList_GetImageInfo
ImageList_GetImageCount
PropertySheetA

msvcrt

strncpy
_mbsstr
memset
_mbschr
??2@YAPAXI@Z
memcpy
free
memmove
realloc
_mbsicmp
_mbscmp
_mbsrchr
??3@YAXPAX@Z
__CxxFrameHandler
strstr
strlen
atoi
wcslen
_ismbcdigit
_except_handler3
strpbrk
strchr
_mbspbrk
localtime
time
strcat
strcpy
abs
malloc
memcmp
_purecall
wcscmp
wcsstr
_snprintf
swprintf
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_strcmpi
_adjust_fdiv
_strnicmp
atol

setupapi

SetupIterateCabinetA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gnblock_tmp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c855890e542ff764c91171778ab2e93f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetVersionExA
WritePrivateProfileStringA
GetShortPathNameA
GetWindowsDirectoryA
MoveFileExA
TlsFree
TlsAlloc
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetProcAddress
IsDBCSLeadByte
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LoadLibraryA
WaitForSingleObject
CreateThread
TlsSetValue
lstrcmpW
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetSystemDefaultLangID
Sleep
lstrcmpiA
WriteProcessMemory
GlobalLock
GlobalUnlock
WideCharToMultiByte
lstrcpyW
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
InterlockedDecrement
lstrcmpA
TlsGetValue
DebugBreak
DeleteFileA
WritePrivateProfileSectionA
GetLastError
CreateFileA
WriteFile
CloseHandle
OutputDebugStringA
lstrcpyA
lstrcatA
CreateDirectoryA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
GetCurrentProcess
FlushInstructionCache
InterlockedIncrement
lstrlenA
LoadLibraryExA

user32

KillTimer
UnhookWindowsHookEx
SetWindowsHookExA
SetTimer
ShowWindow
CharUpperW
SetWindowLongW
IsWindowUnicode
SetDlgItemTextA
SetWindowLongA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetMenuStringA
GetWindow
IsWindowEnabled
FindWindowExW
GetWindowTextW
SendMessageTimeoutA
EndDialog
wsprintfA
TrackPopupMenu
DestroyMenu
InsertMenuA
AppendMenuA
CreatePopupMenu
ModifyMenuA
EnableMenuItem
IsWindowVisible
IsIconic
GetWindowLongW
LoadMenuA
GetParent
GetWindowLongA
DefWindowProcA
SendMessageA
GetDlgItem
EnableWindow
GetWindowTextLengthA
SetFocus
CharLowerA
GetDlgItemTextA
SetCursor
LoadCursorA
GetWindowTextA
CheckMenuItem
IsWindow
CallWindowProcA
FindWindowExA
PtInRect
GetWindowRect
GetSubMenu
RegisterWindowMessageA
ReleaseDC
GetDC
DrawTextA
ShowScrollBar
LockWindowUpdate
CheckRadioButton
LoadBitmapA
LoadIconA
CopyRect
CreateWindowExA
CreateWindowExW
DestroyWindow
PostMessageA
IsCharAlphaA
ClientToScreen
GetClassNameA
GetWindowThreadProcessId
GetKeyState
EnumThreadWindows
PostThreadMessageA
CallNextHookEx
IsDlgButtonChecked
CheckDlgButton
CharNextA
wvsprintfA
MessageBoxA
GetActiveWindow
DialogBoxParamA
GetFocus
GetCursorPos
ScreenToClient
LoadStringA
SetWindowTextA
GetSystemMetrics

gdi32

GetDeviceCaps
DPtoLP
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
IsTextUnicode
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

GetHGlobalFromStream
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

DispCallFunc
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi

shlwapi

PathMatchSpecA
SHGetValueA
PathFindFileNameA
PathRemoveFileSpecA
SHDeleteKeyA
SHSetValueA

winmm

PlaySoundA

urlmon

CoInternetGetSession

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpOpenRequestA
InternetCrackUrlA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
InternetConnectA
InternetOpenA

oleacc

ObjectFromLresult

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA
InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_SetImageCount
ImageList_GetImageInfo
ImageList_GetImageCount
PropertySheetA

msvcrt

strncpy
_mbsstr
memset
_mbschr
??2@YAPAXI@Z
memcpy
free
memmove
realloc
_mbsicmp
_mbscmp
_mbsrchr
??3@YAXPAX@Z
__CxxFrameHandler
strstr
strlen
atoi
wcslen
_ismbcdigit
_except_handler3
strpbrk
strchr
_mbspbrk
localtime
time
strcat
strcpy
abs
malloc
memcmp
_purecall
wcscmp
wcsstr
_snprintf
swprintf
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_strcmpi
_adjust_fdiv
_strnicmp
atol

setupapi

SetupIterateCabinetA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
language/simpchinese.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
language/simpchinese_tmp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whitelist.ini
misi.dat
pl.ini
report.htm
.html .js polyglot
res.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/PopInfo.htm
.html .js polyglot
res/close.gif
.gif
res/close_down.gif
.gif
res/main.gif
.gif
res/mousemove_close.gif
.gif
security.exe
.exe windows:4 windows x86 arch:x86

5e7243748eb848e623f0322f13569b0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
QueryDosDeviceA
lstrlenA
GetModuleFileNameA
FindResourceA
GetLastError
MoveFileExA
GetWindowsDirectoryA
GetStringTypeA
LCMapStringW
LoadResource
SizeofResource
LockResource
GetSystemDirectoryA
CreateDirectoryA
lstrcpyA
DeleteFileA
lstrcatA
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
CloseHandle
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeW

user32

MessageBoxA

advapi32

StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
DeleteService

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA
PathFileExistsA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssi.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 352KB

.rsrc Size: 8KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.data Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 134B

9e43006c44f00e70ad08806a941bb52f

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

8ee1425373dbd6acff15e99152ac0ffb

Headers

File Characteristics

Imports

winmm

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 352KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 172KB - Virtual size: 169KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 4KB

.Share
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 3KB - Virtual size: 3KB