4290307dd8829bdd12b63f0921d4bbef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4290307dd8829bdd12b63f0921d4bbef_JaffaCakes118
Size

3.2MB
MD5

4290307dd8829bdd12b63f0921d4bbef
SHA1

fb05fa61e836029cc3986f495dfbbd7d2aad514f
SHA256

fe6b653dda31e8bef80fe3a0dc5a97ceab3e5dadb69e8ddffa4e19e06183b603
SHA512

95e9b2ee2933eabf76138e694249293e57b263cfe87852a72953ef9bfd9f49e3384628cb57aa9a0ab107db22282296a0bae6f1f6bd47ce9a2990fb82671dead5
SSDEEP

98304:KhpQOHPCLw2dgCjQgedz5JCoKsBa5ZnwsiAxz:KhpPaLw2dF0DDcWa5Zn4Uz

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/FlashGet/dbghelp.dll	acprotect
static1/unpack001/FlashGet/modules/garage/garage.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FlashGet/dbghelp.dll	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FlashGet/@绿化工具.exe
unpack002/$PLUGINSDIR/ButtonEvent.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/linker.dll
unpack001/FlashGet/BugReport.dll
unpack001/FlashGet/BugReport.exe
unpack001/FlashGet/DBTransC.exe
unpack001/FlashGet/FgExplorer.exe
unpack001/FlashGet/P2PCore.dll
unpack001/FlashGet/P2SCore.dll
unpack001/FlashGet/SysOpt.exe
unpack001/FlashGet/adns.dll
unpack001/FlashGet/btcoreu.dll
unpack001/FlashGet/btwrap.dll
unpack001/FlashGet/corestat.dll
unpack001/FlashGet/dbghelp.dll
unpack001/FlashGet/ed2kwrap.dll
unpack001/FlashGet/explorerbar.dll
unpack001/FlashGet/flashget.exe
unpack001/FlashGet/hashgen.dll
unpack001/FlashGet/modules/garage/garage.dll
unpack001/FlashGet/p2spwrap.dll
unpack001/FlashGet/storage.dll
unpack001/FlashGet/zlib.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/FlashGet/@绿化工具.exe	nsis_installer_1
static1/unpack001/FlashGet/@绿化工具.exe	nsis_installer_2

Files

4290307dd8829bdd12b63f0921d4bbef_JaffaCakes118
.rar
FlashGet/@绿化工具.exe
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/linker.dll
.dll windows:4 windows x86 arch:x86

5b9be84907034b8f0152e51177ceafc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetModuleHandleA
lstrcpynA
lstrcpyA
GlobalFree

user32

UpdateWindow
InvalidateRect
SetCapture
SetFocus
PtInRect
GetWindowRect
GetDC
ReleaseCapture
EndPaint
BeginPaint
SetCursor
LoadCursorA
CallWindowProcA
DestroyCursor
SetWindowLongA
CreateCursor
IsWindow
ReleaseDC
SetWindowPos
GetWindowLongA
SendMessageA
GetClientRect
FillRect
GetFocus
DrawFocusRect
DrawTextA
ClientToScreen

gdi32

SetBkMode
SetTextColor
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteObject
SelectObject

shell32

ShellExecuteA

Exports

Exports

Link
Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/www.greendown.cn.ini
FlashGet/BHOHelper.exe
.exe windows:4 windows x86 arch:x86

6dc9eb9b4664c8c1695699c9e38d206c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e2:b6:e4:db:cb:ca:b9:10:d1:4d:60:0b:28:ba:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/07/2008, 00:00

Not After

07/07/2009, 23:59

Subject

CN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=marketing,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc42

ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord4274
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord1168
ord2614
ord2818
ord924
ord5683
ord4129
ord540
ord2764
ord4278
ord858
ord6663
ord939
ord823
ord537
ord860
ord535
ord800
ord825
ord1576
ord5714
ord815

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbsicmp
_setmbcp
sprintf
strncpy
__CxxFrameHandler

kernel32

TerminateProcess
OpenProcess
Process32Next
CreateToolhelp32Snapshot
GetFileAttributesA
CloseHandle
Sleep
CreateDirectoryA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
LoadLibraryA
lstrcmpiA
FreeLibrary
GetProcAddress

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryValueA

shell32

SHGetFolderPathA
ShellExecuteA

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

shlwapi

PathFileExistsA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/BugReport.dll
.dll windows:4 windows x86 arch:x86

03ab342a4ca6498832c5cb484ca36a0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

SymSetOptions
UnDecorateSymbolName
SymInitialize
SymGetModuleInfo
SymCleanup
SymLoadModule
SymGetLineFromAddr
SymGetOptions
SymGetModuleBase
SymFunctionTableAccess
StackWalk
MiniDumpWriteDump
SymGetSymFromAddr

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetProcessMemoryInfo

zlib

ord80
ord83
ord82
ord81
ord84

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
GetVolumeInformationA
GetFullPathNameA
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
InterlockedIncrement
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FileTimeToSystemTime
DeleteFileA
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
Sleep
GetACP
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
GlobalAddAtomA
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleA
CreateFileA
FileTimeToDosDateTime
GetFileSize
ReadFile
FindFirstFileA
FileTimeToLocalFileTime
FindClose
lstrlenA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
SetUnhandledExceptionFilter
GetTickCount
GetLocalTime
GetCurrentThread
DuplicateHandle
GetCurrentDirectoryA
GetEnvironmentVariableA
SetLastError
CreateToolhelp32Snapshot
Process32Next
CloseHandle
GetProcessTimes
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetLastError
GetVersionExA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

RegisterWindowMessageA
ShowWindow
GetSysColorBrush
LoadCursorA
DestroyMenu
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
LoadIconA
GetWindowPlacement
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
IsIconic
CharUpperA
GetGuiResources
MessageBoxA
GetForegroundWindow
GetWindowThreadProcessId

gdi32

SetMapMode
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
DeleteDC
GetStockObject
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

CreateClientVersionInfo
SetExceptionHandler

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/BugReport.exe
.exe windows:4 windows x86 arch:x86

e51339bff8c567573b7bf867da7c7b03

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetGetLastResponseInfoA
InternetCanonicalizeUrlA
HttpEndRequestA
HttpQueryInfoA
HttpSendRequestExA
InternetWriteFile
InternetSetOptionA
InternetOpenA
HttpOpenRequestA
InternetErrorDlg
InternetQueryOptionA
InternetConnectA
HttpAddRequestHeadersA
InternetReadFileExA
HttpSendRequestA
InternetSetStatusCallback
InternetCloseHandle
InternetCrackUrlA

kernel32

FlushFileBuffers
LockFile
UnlockFile
GetThreadLocale
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetModuleFileNameW
InterlockedDecrement
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
DeleteFileA
GetFileTime
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
ExitThread
CreateThread
GetStartupInfoA
ExitProcess
RaiseException
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TerminateProcess
IsDebuggerPresent
GetACP
Sleep
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentProcessId
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WaitForMultipleObjects
TerminateThread
SetThreadPriority
WaitForSingleObject
lstrlenA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
GetTempPathA
ReadFile
CreateEventA
CreateDirectoryA
ResetEvent
GetFileAttributesA
GetProcessHeap
HeapFree
CloseHandle
CreateFileA
HeapAlloc
SetFilePointer
SetEndOfFile
GetFileSize
SetEvent
WriteFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCommandLineA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA

user32

TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetSysColorBrush
DestroyMenu
UnregisterClassA
GetWindowThreadProcessId
IsWindowEnabled
GetActiveWindow
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
PeekMessageA
PostMessageA
ReleaseCapture
SetCursor
LoadIconA
LoadCursorA
PostThreadMessageA
EnableWindow
SetCapture
GetClientRect
GetWindowRect
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMessageTime
SendMessageA
LoadBitmapA
InflateRect
PtInRect
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
IsWindow
GetDesktopWindow
SetWindowLongA
GetFocus

gdi32

SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkMode
DeleteDC
GetStockObject
DeleteObject
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetObjectA
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
UrlUnescapeA

oleaut32

VariantInit
VariantChangeType
VariantClear

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/DBTransC.exe
.exe windows:4 windows x86 arch:x86

55b0cb1bc5a13843c635cb92e89ff0c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord656
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2582
ord4402
ord3370
ord3640
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord3136
ord3402
ord4627
ord3610
ord1146
ord1168
ord567
ord324
ord4234
ord800
ord2645
ord6195
ord4287
ord2764
ord4202
ord537
ord2379
ord755
ord470
ord6242
ord3092
ord3876
ord823
ord882
ord2801
ord5651
ord3616
ord2393
ord1969
ord603
ord2740
ord273
ord3127
ord354
ord858
ord860
ord540
ord350
ord3663
ord879
ord924
ord535
ord941
ord2818
ord5710
ord536
ord2915
ord6663
ord4129
ord4277
ord5683
ord6877
ord939
ord538
ord940
ord6418
ord4160
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5277
ord4673
ord1576

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
strftime
_splitpath
?terminate@@YAXXZ
rename
remove
_snwprintf
fwrite
fflush
fclose
_fsopen
_filelength
fread
fseek
_vsnprintf
gmtime
_snprintf
localtime
time
_setmbcp
_fileno
_except_handler3
??1type_info@@UAE@XZ
_makepath
__CxxFrameHandler
_mbscmp
_ftol
_purecall
_mbsicmp
_mbsnbcpy
_onexit

kernel32

FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
ReadFile
CloseHandle
GetFileSize
GetModuleFileNameA
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
GetTickCount
CopyFileA
FreeLibrary
GetCommandLineA
CreateDirectoryA
GetLastError
LoadLibraryA

user32

GetClientRect
DrawIcon
GetSystemMetrics
IsIconic
EnableWindow
LoadIconA
SendMessageA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shlwapi

PathIsDirectoryA
PathFileExistsA

storage

ord1

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/FgExplorer.exe
.exe windows:4 windows x86 arch:x86

486d7f4c6df472b1b5e0c9d85b50b97f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegSetValueA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA

netapi32

Netbios

mfc42

ord3402
ord3619
ord807
ord554
ord3626
ord2414
ord4268
ord3571
ord686
ord6442
ord4299
ord1641
ord2452
ord2453
ord2096
ord384
ord1140
ord5572
ord2915
ord940
ord2818
ord924
ord858
ord922
ord3874
ord6199
ord1146
ord4376
ord4853
ord5280
ord3597
ord641
ord324
ord5953
ord2737
ord4234
ord2820
ord5951
ord3790
ord4364
ord5082
ord1709
ord1712
ord6053
ord3598
ord642
ord327
ord2302
ord4235
ord4129
ord5683
ord5063
ord2087
ord4759
ord6880
ord1803
ord620
ord4230
ord5871
ord4284
ord4497
ord2754
ord3742
ord818
ord755
ord470
ord6453
ord1168
ord2582
ord4402
ord3370
ord3640
ord3692
ord693
ord4243
ord3706
ord2862
ord5781
ord283
ord3301
ord3293
ord3797
ord2864
ord2859
ord3754
ord6762
ord5875
ord4694
ord5148
ord3286
ord6696
ord4133
ord4297
ord5788
ord472
ord2567
ord2243
ord2860
ord3733
ord810
ord4271
ord6172
ord3296
ord5873
ord5785
ord640
ord1640
ord323
ord2971
ord6886
ord6885
ord6007
ord3998
ord2298
ord2299
ord809
ord556
ord2405
ord5053
ord5981
ord2122
ord4160
ord6358
ord1088
ord6197
ord1642
ord6128
ord6129
ord3753
ord3752
ord2450
ord801
ord541
ord6215
ord2642
ord6907
ord6883
ord2763
ord5710
ord2764
ord939
ord6888
ord6675
ord1200
ord5608
ord6905
ord3095
ord1871
ord6571
ord773
ord501
ord3977
ord2762
ord998
ord5607
ord1979
ord5442
ord1083
ord6385
ord6784
ord6008
ord3994
ord2801
ord2740
ord3721
ord795
ord713
ord414
ord5859
ord6401
ord3520
ord4278
ord6662
ord2614
ord2784
ord5600
ord2393
ord2776
ord6877
ord6283
ord536
ord3521
ord1816
ord2362
ord6402
ord3097
ord6705
ord926
ord6876
ord4622
ord2358
ord2294
ord3499
ord2515
ord355
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord3738
ord815
ord561
ord617
ord5214
ord296
ord4159
ord2621
ord1199
ord1205
ord3522
ord5856
ord3287
ord2884
ord6403
ord2725
ord5621
ord771
ord497
ord3318
ord923
ord4277
ord4698
ord1105
ord690
ord1988
ord5808
ord1075
ord5204
ord3229
ord1228
ord389
ord5861
ord6282
ord2863
ord2919
ord1150
ord1158
ord4202
ord6418
ord6648
ord5773
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord2399
ord603
ord1567
ord2652
ord1969
ord1669
ord268
ord273
ord4083
ord1789
ord3495
ord3610
ord3914
ord4125
ord4000
ord3303
ord3290
ord879
ord882
ord1949
ord6189
ord3089
ord1795
ord4123
ord341
ord654
ord5791
ord3573
ord6140
ord5450
ord6394
ord5440
ord6383
ord5642
ord3337
ord1106
ord5645
ord6779
ord6143
ord5681
ord6891
ord859
ord955
ord3302
ord1576
ord551
ord3811
ord5353
ord5356
ord6058
ord1074
ord6141
ord6264
ord6223
ord4189
ord700
ord2097
ord1175
ord396
ord698
ord415
ord715
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord2726
ord4226
ord5278
ord1842
ord4242
ord3567
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord602
ord796
ord674
ord6491
ord529
ord366
ord6000
ord2117
ord6565
ord6619
ord2076
ord4457
ord1233
ord5252
ord4427
ord4337
ord4499
ord4413
ord5030
ord5882
ord5883
ord6625
ord2455
ord6678
ord3220
ord2100
ord2528
ord1008
ord2938
ord6663
ord398
ord3439
ord913
ord5632
ord1945
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord5260
ord4432
ord813
ord560
ord4273
ord4508
ord4349
ord2827
ord2444
ord5248
ord5279
ord6369
ord5234
ord2389
ord4121
ord5471
ord4056
ord2530
ord6154
ord1938
ord2379
ord5290
ord4275
ord656
ord567
ord4424
ord4837
ord1776
ord6055
ord1829
ord539
ord1907
ord823
ord6334
ord4710
ord3092
ord4258
ord2370
ord2301
ord489
ord768
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
memchr
_purecall
_mbsnbset
atof
sscanf
_mbctype
_beginthreadex
strncat
fopen
_iob
fclose
fread
srand
_ltoa
_mbsicoll
mktime
toupper
isdigit
ctime
abs
isspace
_atoi64
realloc
strncmp
_mbsstr
_mbsdec
_mbsrchr
memmove
memcmp
time
strncpy
fabs
floor
strchr
strstr
_strdup
__p___argc
__p___argv
atol
_access
memcpy
_mbsicmp
_mbsnbcpy
printf
abort
strcmp
free
_stricmp
_itoa
_strnicmp
_setmbcp
malloc
_ftol
strcpy
strcat
_mbscmp
isalnum
atoi
strlen
rand
__CxxFrameHandler
sprintf
memset

kernel32

CreateDirectoryA
GetTempPathA
GetSystemDefaultLangID
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
TerminateThread
GetExitCodeThread
Sleep
GetSystemDirectoryA
ReadFile
SetFilePointer
ResumeThread
GetSystemTime
DeleteCriticalSection
lstrcpyA
LocalFree
FormatMessageA
lstrlenA
GetShortPathNameA
GetFileAttributesA
WinExec
lstrcatA
WritePrivateProfileStringA
MoveFileA
DeleteFileA
GetDiskFreeSpaceExA
GetLastError
LocalFileTimeToFileTime
SystemTimeToFileTime
GetModuleHandleA
GetVolumeInformationA
FlushFileBuffers
SetFileTime
GlobalAlloc
FileTimeToSystemTime
MulDiv
CreateEventA
GlobalFree
WaitForSingleObject
ResetEvent
SetEvent
GetCurrentDirectoryA
ReleaseMutex
GetWindowsDirectoryA
GetStartupInfoA
GetCurrentProcess
lstrcpynA
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
CloseHandle
GetFileSize
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryA
FreeLibrary
GetPrivateProfileStringA
GetModuleFileNameA
GetTickCount
GetPrivateProfileSectionA
CopyFileA
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
FindClose
FindNextFileA
GetPrivateProfileIntA
GetLocaleInfoA
FindFirstFileA

user32

FindWindowA
SetWindowTextA
FindWindowExA
SetMenuItemInfoA
GetMenuItemInfoA
ModifyMenuA
GetMenuItemID
GetMenuItemCount
GetMenuStringA
RemoveMenu
GetKeyState
SetCapture
ReleaseCapture
GetSystemMetrics
MessageBeep
wsprintfA
SetClipboardData
EmptyClipboard
SetWindowLongA
SetWindowPlacement
GetWindowPlacement
GetMenu
AppendMenuA
DeleteMenu
InsertMenuA
CreatePopupMenu
IsChild
SetMenuDefaultItem
MessageBoxExA
SetRect
RegisterWindowMessageA
RedrawWindow
CopyIcon
ExitWindowsEx
PostQuitMessage
GetDlgItem
SetFocus
OpenClipboard
GetClipboardData
CloseClipboard
LoadIconA
GetCursorPos
LoadMenuA
GetDC
ReleaseDC
OffsetRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
GetParent
GetNextDlgTabItem
GetWindowLongA
IsWindowVisible
InflateRect
UpdateWindow
EqualRect
InvalidateRect
GetMessagePos
IsRectEmpty
GetFocus
FillRect
DrawFocusRect
LoadCursorA
SetCursor
CopyRect
KillTimer
GetWindow
ScreenToClient
GetSysColor
DrawEdge
IsWindow
SetWindowPos
SetRectEmpty
GetClientRect
PtInRect
SetTimer
LoadBitmapA
GetWindowRect
PostMessageA
EnableWindow
SendMessageA

gdi32

PatBlt
CreatePalette
GetDeviceCaps
RealizePalette
PtInRegion
FillRgn
CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
GetObjectA
CreateFontIndirectA
CreateRectRgn
GetTextExtentPoint32A
CreateRectRgnIndirect
GetStockObject

shell32

ShellExecuteExA
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
DragQueryFileA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

comctl32

ImageList_Create
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw

ole32

CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen

wsock32

closesocket
recv
send
WSAGetLastError
WSAAsyncSelect
socket
accept
gethostbyname
getsockname
bind
htonl
setsockopt
inet_addr
ioctlsocket
htons
connect
WSASetLastError
WSAStartup
listen
WSACleanup

shlwapi

SHDeleteValueA
PathFileExistsA
SHSetValueA

imagehlp

CheckSumMappedFile
ImageNtHeader

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/FlashGetBHO.dll
.dll regsvr32 windows:4 windows x86 arch:x86

03597d45666fd1af14e7ba89c1f9d88f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e2:b6:e4:db:cb:ca:b9:10:d1:4d:60:0b:28:ba:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/07/2008, 00:00

Not After

07/07/2009, 23:59

Subject

CN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=marketing,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\CommLib\FlashGetBHO\release\FlashGetBHO.pdb

Imports

kernel32

lstrcmpiW
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
GetSystemDefaultLangID
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
FreeLibrary
LoadLibraryExW
GlobalFree
GlobalHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
GetFileAttributesW
WriteFile
SetFilePointer
CreateFileW
IsBadReadPtr
VirtualAlloc
GetProcAddress
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
WideCharToMultiByte
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId
FindFirstFileW
FindClose
EnterCriticalSection
RaiseException
CreateFileMappingW
MapViewOfFile
IsBadWritePtr
UnmapViewOfFile
CloseHandle
GetModuleHandleW
GetModuleFileNameW
lstrlenA
MultiByteToWideChar
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetLastError
SizeofResource
GetConsoleCP

user32

SetWindowPos
UnhookWindowsHookEx
CallNextHookEx
GetWindowThreadProcessId
PostMessageW
IsWindow
FindWindowW
CharNextW
DestroyWindow
SetWindowLongW
GetWindowLongW
KillTimer
DefWindowProcW
CharUpperBuffW
MapDialogRect
CreateWindowExW
SetWindowsHookExW
GetWindowRect
GetWindowDC
LoadStringW
UnregisterClassA
ReleaseDC
InvalidateRect
ShowWindow
IsWindowVisible
SetTimer
SendDlgItemMessageW
GetWindow
GetWindowModuleFileNameW
SendMessageTimeoutW
PtInRect
WindowFromPoint
CopyRect
CreatePopupMenu
AppendMenuW
TrackPopupMenu
GetCursorPos
GetSystemMetrics
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
LoadBitmapW
SendMessageW
SetWindowContextHelpId

gdi32

GetDeviceCaps
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject

advapi32

RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW

shell32

ShellExecuteW

ole32

ProgIDFromCLSID
OleUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
OleInitialize

oleaut32

VarBstrCat
CreateErrorInfo
SetErrorInfo
SafeArrayGetDim
SafeArrayGetElemsize
RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VarBstrCmp
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocStringLen

shlwapi

SHDeleteValueW
SHSetValueW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrOleFree
NdrStubForwardingFunction
NdrStubCall2

urlmon

CoInternetGetSession

oleacc

ObjectFromLresult

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/FlvDetector.exe
.exe windows:4 windows x86 arch:x86

46317091891c08a71b1cd6d843b11d8f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e2:b6:e4:db:cb:ca:b9:10:d1:4d:60:0b:28:ba:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/07/2008, 00:00

Not After

07/07/2009, 23:59

Subject

CN=Trend Media Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=marketing,O=Trend Media Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CommLib\FlashGetBHO\Release\FlvDetector.pdb

Imports

kernel32

InitializeCriticalSection
RaiseException
SetLastError
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
CreateFileA
GetFileInformationByHandle
GetCommandLineA
CreateMutexA
OpenFileMappingA
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
LoadLibraryExA
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetStringTypeExA
InterlockedExchange
LoadLibraryA
GetProcAddress
IsBadCodePtr
VirtualProtect
ReadProcessMemory
WriteProcessMemory
IsBadReadPtr
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
VirtualFree
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
GetOEMCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
RtlUnwind
GetStartupInfoA
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
LCMapStringW
LCMapStringA
GetUserDefaultLCID
Sleep
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
VirtualAlloc
MultiByteToWideChar
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
FindClose
FindFirstFileA
IsBadWritePtr
MapViewOfFile
GetLastError
CreateFileMappingA
lstrlenA
CloseHandle
UnmapViewOfFile
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
WriteConsoleA
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA

user32

PostQuitMessage
CreateWindowExA
PostMessageA
IsWindow
FindWindowA
KillTimer
SetTimer
DefWindowProcA
RegisterClassExA
LoadCursorA
GetClassInfoExA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableA
SetWindowPos
UnregisterClassA
LoadStringA
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
CallWindowProcA
SendMessageA
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DestroyAcceleratorTable
GetSysColor
BeginPaint
GetClientRect
FillRect
EndPaint
GetDC
ReleaseDC
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
RedrawWindow
DestroyWindow
GetClassNameA
GetParent
CharNextA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA
SelectObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA

shell32

SHGetFileInfoA
ShellExecuteA

ole32

OleUninitialize
StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance

oleaut32

OleCreateFontIndirect
SafeArrayUnlock
SafeArrayDestroy
VarUI4FromStr
SafeArrayGetVartype
SafeArrayLock
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
SysAllocString
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc

shlwapi

PathRemoveFileSpecA

ws2_32

WSAStartup
WSARecv
recv
WSACleanup

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/FlvDetector.ini
FlashGet/Flvdetector.htm
.html .js polyglot
FlashGet/GetAllUrl.htm
.html .vbs polyglot
FlashGet/GetUrl.htm
.html .js polyglot
FlashGet/Help/LICENSE.TXT
FlashGet/Help/Readme.txt
FlashGet/Help/WHATSNEW.TXT
FlashGet/JCCHS.INI
FlashGet/Langs/FGXL_CHS/AddBTTask.ini
FlashGet/Langs/FGXL_CHS/AddBatchLinksDlg.ini
FlashGet/Langs/FGXL_CHS/AddEMTask.ini
FlashGet/Langs/FGXL_CHS/AddHpFpLink.ini
FlashGet/Langs/FGXL_CHS/AddLinksDlg.ini
FlashGet/Langs/FGXL_CHS/AddLinksDlgEx.ini
FlashGet/Langs/FGXL_CHS/AddLinksModern.ini
FlashGet/Langs/FGXL_CHS/BTOption.ini
FlashGet/Langs/FGXL_CHS/BrowserPlugins.ini
FlashGet/Langs/FGXL_CHS/CategoryView.ini
FlashGet/Langs/FGXL_CHS/ComfirmWhenExitDialog.ini
FlashGet/Langs/FGXL_CHS/CommonDlg.ini
FlashGet/Langs/FGXL_CHS/ConfirmInvalidLinks.ini
FlashGet/Langs/FGXL_CHS/ContextMenu.ini
FlashGet/Langs/FGXL_CHS/DefaultDownloadsDialog.ini
FlashGet/Langs/FGXL_CHS/DeleteFilesDialog.ini
FlashGet/Langs/FGXL_CHS/DetailStatus.ini
FlashGet/Langs/FGXL_CHS/EMOption.ini
FlashGet/Langs/FGXL_CHS/EMServers.ini
FlashGet/Langs/FGXL_CHS/ExplorerPane.ini
FlashGet/Langs/FGXL_CHS/ExtensionRuleDlg.ini
FlashGet/Langs/FGXL_CHS/FG2SearchTopPlugin.ini
FlashGet/Langs/FGXL_CHS/FSUStatusBar.ini
FlashGet/Langs/FGXL_CHS/FileListCtrl.ini
FlashGet/Langs/FGXL_CHS/FileRemovedDialog.ini
FlashGet/Langs/FGXL_CHS/FindTaskDialog.ini
FlashGet/Langs/FGXL_CHS/FlashGetDlg.ini
FlashGet/Langs/FGXL_CHS/FlashgetAbout.ini
FlashGet/Langs/FGXL_CHS/GarageLoginDialog.ini
FlashGet/Langs/FGXL_CHS/GarageView.ini
FlashGet/Langs/FGXL_CHS/HotResource.ini
FlashGet/Langs/FGXL_CHS/HpFpOption.ini
FlashGet/Langs/FGXL_CHS/Info.ini
FlashGet/Langs/FGXL_CHS/IntegrityCheck.ini
FlashGet/Langs/FGXL_CHS/LogsOutput.ini
FlashGet/Langs/FGXL_CHS/MACReader.ini
FlashGet/Langs/FGXL_CHS/MainMenu.ini
FlashGet/Langs/FGXL_CHS/MainToolbar.ini
FlashGet/Langs/FGXL_CHS/MonitorOption.ini
FlashGet/Langs/FGXL_CHS/NormalOption.ini
FlashGet/Langs/FGXL_CHS/NotifyOption.ini
FlashGet/Langs/FGXL_CHS/Option.ini
FlashGet/Langs/FGXL_CHS/P4PPluginMain.ini
FlashGet/Langs/FGXL_CHS/ProxySetting.ini
FlashGet/Langs/FGXL_CHS/SearchBar.ini
FlashGet/Langs/FGXL_CHS/Security.ini
FlashGet/Langs/FGXL_CHS/SecurityOption.ini
FlashGet/Langs/FGXL_CHS/SecurityScan.ini
FlashGet/Langs/FGXL_CHS/SecurityToolbar.ini
FlashGet/Langs/FGXL_CHS/Shutdown.ini
FlashGet/Langs/FGXL_CHS/StatusBar.ini
FlashGet/Langs/FGXL_CHS/TaskDefOption.ini
FlashGet/Langs/FGXL_CHS/TaskListView.ini
FlashGet/Langs/FGXL_CHS/UserListCtrl.ini
FlashGet/Langs/FGXL_CHS/XpEnhance.ini
FlashGet/P2PCore.dll
.dll windows:4 windows x86 arch:x86

f229000a3c0711f64abf3c25f96deee2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\ProtKrnl\src\Build\P2PCore.pdb

Imports

kernel32

MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
GetLastError
lstrlenA
GetModuleFileNameA
FlushFileBuffers
CloseHandle
CreateFileA
WriteFile
GetLocalTime
LocalFree
GetSystemDirectoryA
GetFileAttributesA
FindResourceExA
RaiseException
SizeofResource
FormatMessageA
LoadResource
FindResourceA
GetFileAttributesExA
LockResource
GetVolumeInformationA
GetFileSizeEx
ReadFile
SetFilePointer
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
WaitForSingleObject
DisableThreadLibraryCalls
CreateEventA
IsBadCodePtr
GetTickCount
Sleep
GlobalAlloc
SetEvent
GlobalFree
GetCurrentProcessId
WritePrivateProfileStringA
GetCommandLineA
GetPrivateProfileStringA
CopyFileA
IsBadWritePtr
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReadFileEx
WaitForMultipleObjectsEx
GetFileSize
CancelIo
InterlockedIncrement
GetProcAddress
LoadLibraryA
FreeLibrary
SetHandleCount
GetFileType
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetLastError
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
RtlUnwind
VirtualFree
HeapCreate
ExitProcess
GetStdHandle
GetCPInfo
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc

user32

UnregisterClassA

ws2_32

inet_ntoa
inet_addr
closesocket
socket
WSAStartup
gethostbyname
htons
setsockopt
sendto
WSACleanup
bind
WSAEventSelect
WSAGetLastError
ntohs
WSAWaitForMultipleEvents
recvfrom
htonl

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

create_p2p_task
delete_p2p_task
get_p2p_id
get_p2phandle_peerinfo
get_p2phandle_serverlist
get_p2phandle_serverlog
p2p_add_share
p2p_delete_share
p2p_get_handle_info
p2p_get_netinfo
p2p_get_share_filelist
p2p_get_uplist
p2p_initialize
p2p_move_share
p2p_notify_new_finish
p2p_reload_option
p2p_task_limit_speed
p2p_uninitialize
set_p2p_allow_add_share
set_p2p_debug_callback
set_p2p_debug_flag
set_p2p_debug_supernode
start_p2p_task

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/P2SCore.dll
.dll windows:4 windows x86 arch:x86

fd0110abd94f60e4aacf9a4f253e6cd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\ProtKrnl\src\build\P2SCore.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
CompareStringA
CreateEventA
SetEvent
GetExitCodeThread
MultiByteToWideChar
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
WaitForSingleObject
DeleteCriticalSection
GetTickCount
EnterCriticalSection
lstrlenA
CompareStringW
WaitForMultipleObjects
Sleep
LoadResource
FindResourceA
FindResourceExA
LockResource
SizeofResource
ReadFile
CreateFileA
GetOverlappedResult
GetSystemInfo
GetFileSize
WriteFile
MapViewOfFile
UnmapViewOfFile
FlushFileBuffers
SetFilePointer
CreateFileMappingA
GetFileAttributesA
GetLocalTime
RaiseException
SetEndOfFile
GetModuleFileNameA
GetOEMCP
CreateDirectoryA
OutputDebugStringA
ResetEvent
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteFileA
SetFileTime
MoveFileA
GetDiskFreeSpaceExA
SystemTimeToFileTime
GetProcAddress
LoadLibraryA
FreeLibrary
SetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateThread
ExitThread
GetModuleHandleA
VirtualAlloc
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCommandLineA
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
TlsSetValue
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetStdHandle
VirtualFree
HeapCreate
ExitProcess
TlsFree

user32

MessageBoxA
GetWindowTextA
SetWindowTextA
SendMessageA
PostMessageA
GetScrollPos
UnregisterClassA

shlwapi

UrlGetPartA
PathFileExistsA
PathIsDirectoryA
StrStrIA
StrTrimA
PathStripPathA
StrRChrA

wininet

InternetGetCookieA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetTimeToSystemTimeA

ws2_32

gethostbyname
inet_addr
ntohl
WSAAccept
WSAWaitForMultipleEvents
WSARecv
bind
getsockname
shutdown
WSAEventSelect
WSAConnect
htons
inet_ntoa
WSAEnumNetworkEvents
ntohs
closesocket
htonl
WSAStartup
WSASend
WSAGetLastError
setsockopt
WSACleanup
WSASocketA
ioctlsocket
listen

adns

adns_lib_resolve
adns_lib_result
adns_lib_quit
adns_lib_init

p2pcore

get_p2p_id
ord1
ord2
p2p_move_share
get_p2phandle_serverlog
create_p2p_task
p2p_add_share
get_p2phandle_peerinfo
get_p2phandle_serverlist
delete_p2p_task
start_p2p_task
p2p_get_handle_info
p2p_task_limit_speed

winmm

timeGetTime

Exports

Exports

??0P2SP@@QAE@XZ
??1P2SP@@QAE@XZ
??4P2SP@@QAEAAV0@ABV0@@Z
?AsyncReportPartHash@P2SP@@SAHPAE0_J0H@Z
?CheckFinish@P2SP@@QAE_N_JHPAD_N@Z
?DelResumeInfo@P2SP@@SAHAAUst_TASK_PARAMS@@@Z
?DelTempFile@P2SP@@SAHAAUst_TASK_PARAMS@@@Z
?Delete@P2SP@@QAE_NXZ
?GetBlockInfo@P2SP@@QAEHPAHHAAH@Z
?GetFilenameByURL@P2SP@@SAXPBDPADH@Z
?GetServerList@P2SP@@QAEKPAUtagP2SServerItem@@K@Z
?GetServerLog@P2SP@@QAEKPADK@Z
?GetSourceList@P2SP@@QAEKPAUP2SP_SOURCE_LIST@@K@Z
?GetSourceLog@P2SP@@QAEKPADKH@Z
?GetTaskLog@P2SP@@QAEHPADAAK1AAH@Z
?GetTaskPartHash@P2SP@@QAEKPAEH@Z
?Init@P2SP@@SAHXZ
?InitOther@P2SP@@SAXXZ
?LimitDownloadSpeed@P2SP@@QAEXH@Z
?NotifyExternalSpeed@P2SP@@QAEXH@Z
?Quit@P2SP@@SAXXZ
?SetCacheSize@P2SP@@SAXH@Z
?SetProxy@P2SP@@SAXHIPAD00@Z
?SetUseServerTime@P2SP@@SAXH@Z
?Start@P2SP@@QAEXAAUst_TASK_PARAMS@@@Z
?StopAsync@P2SP@@QAEXXZ
?StopSync@P2SP@@QAEXXZ
?UpdateDebugConsole@P2SP@@QAEKPADK@Z
?UpdateInfo@P2SP@@QAEXAAUst_TASK_INFO@@@Z
?get_complete@P2SP@@QAEPAEAAH@Z
p2s_get_p2p_id
p2s_p2p_move_share

Sections

.text
Size: 364KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/Back.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/Backward.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/BrowserBarCT.xml
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/FlashgetResource.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/Forward.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarCT/Home.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarDisableCT/Backward.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarDisableCT/BrowserBarDisableCT.xml
FlashGet/Skins/ShadowGrayBlue/BrowserBarDisableCT/Forward.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarDisableCT/Home.bmp
FlashGet/Skins/ShadowGrayBlue/BrowserBarDisableCT/Resource.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Available.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/CategoryTreeCT.xml
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Downloaded.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Downloading.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Favorite.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Flashget.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Release.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Rubbish.bmp
FlashGet/Skins/ShadowGrayBlue/CategoryTreeCT/Search.bmp
FlashGet/Skins/ShadowGrayBlue/ExpBar/Expbar.xml
FlashGet/Skins/ShadowGrayBlue/ExpBar/garage.bmp
FlashGet/Skins/ShadowGrayBlue/ExpBar/resource.bmp
FlashGet/Skins/ShadowGrayBlue/ExpBar/transfer.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/BT.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/EM.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/GlobalOptionCT.xml
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/HpFp.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/Monitor.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/Normal.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/Notify.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/Proxy.bmp
FlashGet/Skins/ShadowGrayBlue/GlobalOptionCT/TaskDef.bmp
FlashGet/Skins/ShadowGrayBlue/Info.ini
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/About.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/DeleteTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/MainMenuCT.xml
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/MoveDownTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/MoveUpTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/NewTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/Option.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/PauseTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/Resource.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/StartTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/TaskProperties.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/folder.bmp
FlashGet/Skins/ShadowGrayBlue/MainMenuCT/open.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/About.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/DeleteTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/Folder.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/MainToolbarCT.xml
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/NewTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/Open.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/Option.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/PauseTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/Resource.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/StartTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarCT/TaskProperties.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/DeleteTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/Folder.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/MainToolbarDisableCT.xml
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/NewTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/Open.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/Option.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/PauseTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/Resource.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/StartTask.bmp
FlashGet/Skins/ShadowGrayBlue/MainToolbarDisableCT/TaskProperties.bmp
FlashGet/Skins/ShadowGrayBlue/Monitor/InfoBkg.Bmp
FlashGet/Skins/ShadowGrayBlue/Monitor/MonitorBkg.bmp
FlashGet/Skins/ShadowGrayBlue/OutpuLogCT/Down.bmp
FlashGet/Skins/ShadowGrayBlue/OutpuLogCT/Error.bmp
FlashGet/Skins/ShadowGrayBlue/OutpuLogCT/Normal.bmp
FlashGet/Skins/ShadowGrayBlue/OutpuLogCT/OutpuLogCT.xml
FlashGet/Skins/ShadowGrayBlue/OutpuLogCT/Up.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/All.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Book.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Bt.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Game.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Movie.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Music.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Phone.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Picture.bmp
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/SobarIconCT.xml
FlashGet/Skins/ShadowGrayBlue/SobarIconCT/Software.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Error.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/OK.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Pause.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Pin.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Schedule.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Start.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/TaskListCT.xml
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Upload.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/Wait.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/hashing.bmp
FlashGet/Skins/ShadowGrayBlue/TaskListCT/rename.bmp
FlashGet/Skins/close_default.bmp
FlashGet/Skins/close_press.bmp
FlashGet/Skins/close_select.bmp
FlashGet/Skins/max_default.bmp
FlashGet/Skins/max_press.bmp
FlashGet/Skins/max_select.bmp
FlashGet/Skins/min_default.bmp
FlashGet/Skins/min_press.bmp
FlashGet/Skins/min_select.bmp
FlashGet/Skins/notify.wav
FlashGet/Skins/notify_board.bmp
FlashGet/Skins/notify_icon.bmp
FlashGet/StatInfo.ini
FlashGet/SysOpt.exe
.exe windows:4 windows x86 arch:x86

3c76780502bc45197fbddc667f9b736c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
SetFilePointer
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
CompareStringA
lstrcmpiA
ExitProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
IsDBCSLeadByte
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
OutputDebugStringA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
WriteFile
GetStringTypeW
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
GetLastError
DebugBreak
InterlockedIncrement
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
GetFileSize
ReadFile
lstrlenA
InterlockedDecrement
RaiseException
LoadLibraryA
GetProcAddress
FreeLibrary
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCurrentProcess
CloseHandle
GetTickCount

user32

CharNextA
ExitWindowsEx
MessageBoxA
DestroyWindow
CreateWindowExA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageA
SetWindowPos
SetWindowLongA
GetDlgCtrlID
CreateDialogParamA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
GetSystemMetrics
LoadImageA
SetForegroundWindow
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
CallWindowProcA
UnregisterClassA
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
GetClassNameA
LoadCursorA
SetRectEmpty
IsDialogMessageA
OffsetRect
ReleaseDC
GetDC
DefWindowProcA
PostQuitMessage
EnableWindow
SetFocus
DrawTextA
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
IsWindow
GetDlgItem
GetParent
SetDlgItemTextA
GetDlgItemTextA
GetClientRect

gdi32

SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectA
SelectObject
GetObjectA
DeleteObject

advapi32

RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx
_TrackMouseEvent

imagehlp

CheckSumMappedFile
ImageNtHeader

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FlashGet/adns.dll
.dll windows:4 windows x86 arch:x86

5ce2a94a3785640706550e7640f4c432

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\adns\bin\adns.pdb

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
CloseHandle
ResetEvent
WaitForMultipleObjects
CreateEventA
SetEndOfFile
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetStdHandle
ReadFile
GetLocaleInfoA
GetStringTypeW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
RaiseException
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InterlockedExchange
VirtualQuery
SetFilePointer
FlushFileBuffers
GetStringTypeA
MultiByteToWideChar

iphlpapi

GetNetworkParams

ws2_32

sendto
ioctlsocket
ntohl
htonl
__WSAFDIsSet
recvfrom
ntohs
inet_ntoa
recv
getprotobyname
socket
htons
connect
closesocket
inet_addr
WSASetLastError
send
WSAGetLastError

Exports

Exports

adns_lib_init
adns_lib_quit
adns_lib_resolve
adns_lib_result

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/btcoreu.dll
.dll windows:4 windows x86 arch:x86

7abe2126446ded53bebc9d41e8dc2c01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\ProtKrnl\src\Build\btcoreu.pdb

Imports

ws2_32

WSAGetLastError
bind
socket
closesocket
setsockopt
ioctlsocket
recvfrom
sendto
gethostbyname
gethostname
select
connect
send
recv
getsockname
getsockopt
inet_addr
ntohs
ntohl
htons
__WSAFDIsSet
htonl
inet_ntoa
WSACleanup
WSAStartup
WSASetLastError
accept
listen

rpcrt4

UuidCreate

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetGetCookieA

iphlpapi

GetIfEntry
GetBestInterface
GetAdaptersInfo

kernel32

WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStringTypeA
IsValidCodePage
GetACP
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVolumeInformationA
GetTickCount
GlobalMemoryStatus
GetDiskFreeSpaceExA
Sleep
CopyFileA
FileTimeToSystemTime
GetFileAttributesExA
lstrlenA
WaitForSingleObject
GetCurrentThread
IsBadReadPtr
ReleaseMutex
CreateMutexA
CloseHandle
GetCurrentThreadId
GetFileAttributesA
GetLastError
CreateDirectoryA
GetModuleFileNameA
DeleteFileA
SetFilePointer
ReadFile
GetConsoleOutputCP
FlushFileBuffers
CreateFileA
SetEndOfFile
GetFileSize
GetOverlappedResult
DeviceIoControl
SetFileAttributesA
MoveFileA
IsBadWritePtr
GetFileTime
CompareFileTime
CreateEventA
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GetOEMCP
GetVersionExA
RemoveDirectoryA
InterlockedDecrement
InterlockedIncrement
MoveFileExA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceA
CreateSemaphoreA
ResumeThread
SetThreadPriority
CreateThread
InterlockedExchange
CompareStringW
CompareStringA
SystemTimeToTzSpecificLocalTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapFree
ExitThread
VirtualAlloc
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
WriteFile
GetThreadLocale
GetCommandLineA
GetProcessHeap
ExitProcess
LCMapStringA
GetCPInfo
LCMapStringW
RaiseException

user32

SendMessageA
SetTimer
KillTimer
EnumThreadWindows
GetClassNameA
GetWindowTextA
GetDlgItem
CharNextA
MessageBoxA
PostMessageA
IsWindow

advapi32

OpenServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear

shlwapi

PathStripPathA
PathFileExistsA

p2pcore

get_p2phandle_serverlist
get_p2phandle_serverlog
p2p_task_limit_speed
get_p2phandle_peerinfo
create_p2p_task
delete_p2p_task
p2p_move_share
ord1
ord2
p2p_add_share
start_p2p_task

p2score

?GetTaskPartHash@P2SP@@QAEKPAEH@Z
?AsyncReportPartHash@P2SP@@SAHPAE0_J0H@Z
??1P2SP@@QAE@XZ
?Start@P2SP@@QAEXAAUst_TASK_PARAMS@@@Z
?StopAsync@P2SP@@QAEXXZ
?StopSync@P2SP@@QAEXXZ
?UpdateInfo@P2SP@@QAEXAAUst_TASK_INFO@@@Z
??0P2SP@@QAE@XZ
?GetSourceList@P2SP@@QAEKPAUP2SP_SOURCE_LIST@@K@Z
?LimitDownloadSpeed@P2SP@@QAEXH@Z

Exports

Exports

BITS_ClearMakeThreads
BITS_CreateConfiguration
BITS_DeleteDownload
BITS_FreeBuffer
BITS_FreeHandle
BITS_FreeString
BITS_GetDefaultProfile
BITS_GetDownloadInfo
BITS_GetDownloadUploadSpeed
BITS_GetFileStatus
BITS_GetFinishedBitField
BITS_GetJobProfile
BITS_GetMemoryUsage
BITS_GetPeerStatus
BITS_GetPieceStatus
BITS_GetPreferrence
BITS_GetRunning
BITS_GetStatusDescription
BITS_GetTorrentInfo
BITS_GetTrackerStatus
BITS_Initialize
BITS_IsJobActive
BITS_MakeTorrent
BITS_PackMemoryPool
BITS_ParseTorrent
BITS_ParseTorrentFile
BITS_RegisterCallback
BITS_SetBitTorrentId
BITS_SetDefaultProfile
BITS_SetDownloadFlags
BITS_SetDownloadPath
BITS_SetFileSelection
BITS_SetJobProfile
BITS_SetJobTrackers
BITS_SetPreferrence
BITS_StartDownload
BITS_StartDownloadByHandle
BITS_StartDownloadByTorrent
BITS_StopDownload
BITS_Uninitialize
_BITS_AddProxy@4
_BITS_CoreInfo@4
_BITS_FindProxyByName@8
_BITS_GapDump@4
_BITS_GetFileItem@20
_BITS_GetGapList@12
_BITS_GetLogLine@20
_BITS_GetPartialPiece@12
_BITS_GetPeerCount@16
_BITS_GetPeerIdList@12
_BITS_GetPeerInfo@16
_BITS_GetPeerLog@16
_BITS_GetPeerPiece@24
_BITS_GetPieceBlock@16
_BITS_GetServerInfo@20
_BITS_GetTrackerLog@24
_BITS_ObjDel@12
_BITS_ObjNew@12
_BITS_ResetDownloadPath@12
_BITS_SetLogDevice@12
_BITS_SetProxyActive@8
_BITS_SetSpeed@12
_BITS_UpdateProxy@8
_BITS_WriteFile@32

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/btwrap.dll
.dll windows:4 windows x86 arch:x86

1343146f0dfbac56ec457b50f4bf17de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InterlockedDecrement
CopyFileA
InitializeCriticalSection
InterlockedIncrement
GetFileAttributesA
GetProcAddress
LoadLibraryA
GetLastError
DebugBreak
OutputDebugStringA
FlushInstructionCache
GetCurrentProcess
HeapDestroy
DeleteCriticalSection
VirtualQuery
GetModuleFileNameA

user32

FindWindowA
LoadStringA
DestroyWindow
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CharNextA
wvsprintfA
GetClassInfoExA
LoadCursorA
wsprintfA
CreateWindowExA
GetDesktopWindow
RegisterClassExA

shell32

SHFileOperationA
ShellExecuteA

oleaut32

SysFreeString

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shlwapi

PathRelativePathToA
PathFileExistsA
StrStrIA
PathStripToRootA
PathStripPathA
PathRemoveFileSpecA
PathRemoveBackslashA
PathAddBackslashA
StrRChrA
PathIsRelativeA
PathFindExtensionA
PathIsFileSpecA
PathAppendA

dbghelp

MakeSureDirectoryPathExists

msvcrt

atoi
_ismbcdigit
wcslen
memmove
sprintf
_mbsrchr
_atoi64
sscanf
_mbschr
free
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
_initterm
malloc
_adjust_fdiv
_onexit
_ftol
_mbscmp
strncpy
_mbsicmp
_mbsnbcpy
_purecall
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
_mbsstr
_stricmp

btcoreu

ord22
_BITS_GetPeerInfo@16
_BITS_GetPeerCount@16
ord18
_BITS_GetFileItem@20
ord34
ord25
ord13
ord10
_BITS_SetProxyActive@8
_BITS_AddProxy@4
_BITS_UpdateProxy@8
_BITS_FindProxyByName@8
ord16
ord33
ord15
ord32
_BITS_SetSpeed@12
_BITS_ResetDownloadPath@12
_BITS_GapDump@4
ord19
ord26
ord1
_BITS_GetLogLine@20
ord31
ord14
ord11
ord12
ord6
ord24
ord2
ord9

Exports

Exports

ExportALImpManager
FG2AppLayerInterfaceCheck

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/corestat.dll
.dll windows:4 windows x86 arch:x86

420ce43a7b43ee5092d6ddcd8613cd52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\ProtKrnl\src\build\corestat.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

WideCharToMultiByte
GetLastError
CompareStringA
CompareStringW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetTickCount
CloseHandle
CreateFileA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
WriteFile
ResumeThread
SetThreadPriority
CreateThread
WritePrivateProfileStringA
GetCurrentDirectoryA
GetPrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTimeFormatA
MultiByteToWideChar
GetVolumeInformationA
GetWindowsDirectoryA
GetCurrentProcess
ReadFile
GetFileSize
GetSystemDirectoryA
SetFilePointer
GetVersionExA
LocalFree
FormatMessageA
SetEndOfFile
GetUserDefaultLangID
GetSystemInfo
GetCurrentProcessId
RtlUnwind
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetFileType
InterlockedExchange
IsBadReadPtr
GetLocaleInfoA
GetACP
DeleteFileA
SetEnvironmentVariableA
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
GetCommandLineA
GetDateFormatA
MoveFileA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc

user32

UnregisterClassA
DefWindowProcA
PostMessageA
SetWindowLongA
CreateWindowExA
RegisterClassExA
SendMessageTimeoutA
TranslateMessage
GetMessageA
DestroyWindow
GetWindowLongA
IsWindow
PostQuitMessage
KillTimer
SetTimer
SendMessageA
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

oleaut32

VariantClear

shlwapi

PathFileExistsA

ws2_32

shutdown
getpeername
connect
send
recvfrom
recv
bind
inet_addr
gethostbyname
htons
ntohs
WSAGetLastError
WSASetLastError
ioctlsocket
setsockopt
htonl
WSACancelAsyncRequest
closesocket
sendto
WSAAsyncGetHostByName
WSAAsyncSelect
accept
socket
inet_ntoa
ntohl
listen

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetTcpTable
GetBestInterface
GetIfEntry
GetTcpStatistics

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhSetDefaultRealTimeDataSource
PdhAddCounterA
PdhCollectQueryData

Exports

Exports

??0Ccore_stat@@QAE@XZ
??4Ccore_stat@@QAEAAV0@ABV0@@Z
?fncore_stat@@YAHXZ
?ncore_stat@@3HA
CheckTaskStat
CreateTaskStat
GetClientPerfInfo
GetProcessPageUsage
InitStatProduct
InitUserID
IsStatMgrRunning
IsTaskStatValid
RemoveTaskStat
STBackErrSrcInfo
STCloseTask
STCreateTask
STGetCltSrcInfo
STInitialize
STIsOverLimit
STPostCltSrcInfo
STReportAddFiles
STReportLogInfo
STReportOnlyLog
STSetAddress
STSetCDNInfo
STSetCltCallBack
STTerminate
StatCreateBT
StatCreateP2S
StatReportClickFile
StatReportErrorP2S
StatReportFinishP2S
StatReportP2SRename
StatReportTorrentRename
StatReportTorrentUrl
StatShareFileInfo
StatUpdateMemory
StatUpdateSpeed
StopStatMgr
UpdateBTTaskStat
UpdateLinkTaskStat
UpdateP2PSession

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/dbghelp.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

UPX0
Size: - Virtual size: 312KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FlashGet/dbtrans_verbose.log
FlashGet/ed2kwrap.dll
.dll windows:4 windows x86 arch:x86

082897d8478326f2cf7a4ea9e15c8dc2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
InterlockedIncrement
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
InterlockedDecrement
CompareStringA
lstrlenA
EnterCriticalSection
Sleep
InterlockedExchange
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
SetFilePointer
LoadLibraryA
SetConsoleCtrlHandler
SetStdHandle
IsValidLocale
SetEnvironmentVariableA

user32

LoadStringA
CharNextA

shell32

ShellExecuteA

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

StrStrIA

fgemcore

ord100
ord101

Exports

Exports

ExportALImpManager
FG2AppLayerInterfaceCheck

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/explorerbar.dll
.dll windows:4 windows x86 arch:x86

9ef4170c9985074ac1d8e0ec625dbd1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
RtlUnwind
FatalAppExitA
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
GetCommandLineA
HeapAlloc
HeapFree
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
LockResource
IsBadWritePtr
FreeResource
MulDiv
GetProcAddress
ExpandEnvironmentStringsA
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryA
GetVersionExA
lstrcmpiA
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
CreateEventA
CreateThread
WaitForSingleObject
SetEvent
GetExitCodeThread
CloseHandle
IsBadReadPtr
lstrlenA
LCMapStringW
SetEnvironmentVariableA

user32

RegisterClassExA
GetKeyState
GetForegroundWindow
GetFocus
UnregisterClassA
GetDlgItem
CreateDialogParamA
ReleaseDC
GetDC
wsprintfA
LoadStringA
EnumChildWindows
GetSystemMetrics
PostMessageA
SendMessageTimeoutA
ShowScrollBar
SetWindowRgn
PostThreadMessageA
SetForegroundWindow
SetScrollInfo
AttachThreadInput
UpdateWindow
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA
GetSysColorBrush
IsWindow
ClientToScreen
CreateWindowExA
DestroyWindow
InflateRect
DrawFrameControl
GetSysColor
DrawFocusRect
GetWindowTextA
DrawTextExA
IsWindowEnabled
SetWindowLongA
InvalidateRect
BeginPaint
EndPaint
ScreenToClient
PtInRect
LoadCursorA
SetCursor
GetCapture
TrackMouseEvent
SetFocus
SetCapture
ReleaseCapture
DefWindowProcA
SetWindowPos
ShowWindow
IsWindowVisible
GetClassNameA
GetParent
GetWindowRect
GetWindowLongA
SendMessageA
FillRect
GetClientRect
GetScrollInfo
LoadImageA

gdi32

SetTextColor
GetTextMetricsA
GetTextFaceA
GetStockObject
CreateFontIndirectA
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
CreateDIBitmap
CreateDIBSection
LineTo
MoveToEx
CreatePen
SetBkColor
ExtTextOutA
DPtoLP
GetDeviceCaps
EnumFontFamiliesA
GetDIBColorTable
CreateSolidBrush
DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCloseKey

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_Add
ord17

winmm

PlaySoundA

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dllshar
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/flashget.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.MC0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MC1
Size: 661KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FlashGet/hashgen.dll
.dll windows:4 windows x86 arch:x86

8bd3e0a2cbd822be3b88c043e0101a2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetFileAttributesA
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FatalAppExitA
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetVolumeInformationA
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
FindFirstFileA
FindClose
UnlockFile
LockFile
GetCurrentProcess
DuplicateHandle
GetProcessVersion
LoadLibraryA
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
GetVersion
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
SetLastError
FreeLibrary
CreateEventA
SuspendThread
SetThreadPriority
InterlockedExchange
ResumeThread
SetEvent
WaitForSingleObject
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
RemoveDirectoryA
CreateDirectoryA
DeleteFileA
CopyFileA
MoveFileA
SetEndOfFile
GetFileSize
FlushFileBuffers
SetFilePointer
GetLastError
WriteFile
ReadFile
CloseHandle
GetFileType
CreateFileA

user32

IntersectRect
OffsetRect
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetWindowTextLengthA
SystemParametersInfoA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
OemToCharA
CharToOemA
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
wsprintfA
GetDesktopWindow
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
SetTimer
KillTimer
WaitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
PostQuitMessage
PostMessageA
IsIconic
IsDialogMessageA
GetWindowPlacement
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
ShowOwnedPopups
ScreenToClient

gdi32

SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
SetPolyFillMode
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
PolylineTo
CreateBitmap
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

DragAcceptFiles
SHGetFileInfoA

comctl32

ord17

wsock32

ioctlsocket
htons
htonl
ntohl
WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
inet_addr
ntohs
getpeername
accept
getsockname
bind
closesocket
gethostbyname
recv
send
WSAAsyncSelect
inet_ntoa
socket
recvfrom
sendto
connect

Exports

Exports

BuildAndSendFileInfo
CreateBTHashByFile
CreateED2KHashByFile
CreateFlashGetHashByFile
CreateFlashGetSpHashByFile

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/modules/garage/Headers/0.bmp
FlashGet/modules/garage/Headers/1.bmp
FlashGet/modules/garage/Headers/10.bmp
FlashGet/modules/garage/Headers/11.bmp
FlashGet/modules/garage/Headers/12.bmp
FlashGet/modules/garage/Headers/13.bmp
FlashGet/modules/garage/Headers/14.bmp
FlashGet/modules/garage/Headers/15.bmp
FlashGet/modules/garage/Headers/16.bmp
FlashGet/modules/garage/Headers/17.bmp
FlashGet/modules/garage/Headers/18.bmp
FlashGet/modules/garage/Headers/19.bmp
FlashGet/modules/garage/Headers/2.bmp
FlashGet/modules/garage/Headers/20.bmp
FlashGet/modules/garage/Headers/21.bmp
FlashGet/modules/garage/Headers/3.bmp
FlashGet/modules/garage/Headers/4.bmp
FlashGet/modules/garage/Headers/5.bmp
FlashGet/modules/garage/Headers/6.bmp
FlashGet/modules/garage/Headers/7.bmp
FlashGet/modules/garage/Headers/8.bmp
FlashGet/modules/garage/Headers/9.bmp
FlashGet/modules/garage/Headers/nologin.bmp
FlashGet/modules/garage/Info.ini
FlashGet/modules/garage/garage.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CheckFG2PInterface
ExportFG2Plugin
PubCreateSession
PubDeleteSession

Sections

.MC0
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MC1
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FlashGet/p2spwrap.dll
.dll windows:4 windows x86 arch:x86

3ad3a9d80b77a8660a52b030fd636ba1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
InterlockedDecrement
InterlockedIncrement
MoveFileA
GetLastError
GetProcAddress
LoadLibraryA
DeleteFileA
WideCharToMultiByte
IsBadReadPtr
DebugBreak
OutputDebugStringA
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesA

user32

FindWindowA
LoadStringA
CharNextA
wvsprintfA

shell32

SHFileOperationA
ShellExecuteA

oleaut32

SysFreeString

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

shlwapi

PathRelativePathToA
PathAppendA
PathStripToRootA
PathStripPathA
PathRemoveFileSpecA
PathRemoveBackslashA
PathAddBackslashA
StrStrIA
UrlGetPartA
StrRChrA
StrTrimA
PathFileExistsA
PathIsRelativeA
PathFindExtensionA
PathIsFileSpecA

p2score

?LimitDownloadSpeed@P2SP@@QAEXH@Z
?GetSourceList@P2SP@@QAEKPAUP2SP_SOURCE_LIST@@K@Z
?SetProxy@P2SP@@SAXHIPAD00@Z
?Quit@P2SP@@SAXXZ
??1P2SP@@QAE@XZ
?StopSync@P2SP@@QAEXXZ
?Delete@P2SP@@QAE_NXZ
?Start@P2SP@@QAEXAAUst_TASK_PARAMS@@@Z
?GetTaskLog@P2SP@@QAEHPADAAK1AAH@Z
?UpdateInfo@P2SP@@QAEXAAUst_TASK_INFO@@@Z
?Init@P2SP@@SAHXZ
??0P2SP@@QAE@XZ

msvcrt

free
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
malloc
_adjust_fdiv
_initterm
_mbsicmp
sprintf
isdigit
sscanf
atoi
_ismbcdigit
_mbschr
memmove
wcslen
atol
_stricmp
_mbsstr
_mbsnbcpy
strncpy
_mbsrchr
_mbscmp
??2@YAPAXI@Z
__CxxFrameHandler
_purecall

hashgen

ord4
ord3

Exports

Exports

ExportALImpManager
FG2AppLayerInterfaceCheck

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/p4spmgr.ini
FlashGet/profiles/config.dat
FlashGet/profiles/tasks.dat
FlashGet/storage.dll
.dll windows:4 windows x86 arch:x86

6cb8e0ee0e20dd9d2a7d1eb95ec04f7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
Sleep
InterlockedExchange
GetLastError
MoveFileA
MoveFileExA
CloseHandle
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
CreateFileA
GetSystemTime
GetFileInformationByHandle
GetTempPathA
GetVersion
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
RtlUnwind
HeapFree
RaiseException
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapAlloc
HeapReAlloc
SetStdHandle
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetTimeZoneInformation
GetLocalTime
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetSystemTimeAsFileTime
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
FatalAppExitA
TerminateProcess
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
GetProcAddress
ReadFile
SetHandleCount
GetStdHandle
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetLocaleInfoW
GetCurrentProcessId
DeleteFileA
SetCurrentDirectoryA

Exports

Exports

ExportFGXStorage

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/transaction.log
FlashGet/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashGet/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 296KB

.ndata Size: - Virtual size: 360KB

.rsrc Size: 88KB - Virtual size: 88KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 446B

5b9be84907034b8f0152e51177ceafc3

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 296KB

.ndata
Size: - Virtual size: 360KB

.rsrc
Size: 88KB - Virtual size: 88KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 446B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 276B

.reloc
Size: 512B - Virtual size: 256B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5c:e2:b6:e4:db:cb:ca:b9:10:d1:4d:60:0b:28:ba:55
Certificate

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 752B

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 11KB