4ae94feaab51f53dc3c7bf70d6690c9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4ae94feaab51f53dc3c7bf70d6690c9d_JaffaCakes118
Size

2.5MB
MD5

4ae94feaab51f53dc3c7bf70d6690c9d
SHA1

7ba6ffd1c52f92d03214a3b873dc9047fa5ba70f
SHA256

b07b9ab213b9eed36b213cb4d2e14e089a18b545b11551e6a6bcd1e41304e974
SHA512

94f96a4fa21bb11fa2b447b3dd1ce7624dc1cb86b0783308aea55ed8e698bf12cd0d566d6ab6ca1aefe7290591f118fcc050e433808a7fa89e9388b5d7251227
SSDEEP

49152:nx3RkrUu2hHUL/pwwkaYqrf3HhQai8DEOk9aov53QT9eQ/hWSCCmY/Xb3rWXXI:nx3OL2dUDpwna173HhQaP69pvuTsQ/Q0

Score

3^/10

Malware Config

Signatures

Unsigned PE 31 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ft3inst.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack002/$SYSDIR/MonUrlExt.dll
unpack002/$SYSDIR/ftdoctor.dll
unpack002/$SYSDIR/ftsurfmon.dll
unpack002/$WINDIR/VirKeyBd.dll
unpack002/$WINDIR/ftcomdll.dll
unpack002/$WINDIR/ftct.exe
unpack002/$WINDIR/ftlive.dll
unpack002/$WINDIR/ftopt.exe
unpack002/$WINDIR/ftslsp.dll
unpack002/$WINDIR/msgctl.dll
unpack002/JpgVSbmp.dll
unpack002/Message.dll
unpack002/NMSashok.dll
unpack002/backup/$WINDIR/res.dll
unpack004/MonUrlExt.dll
unpack005/ftcomdll.dll
unpack006/ftct.exe
unpack008/ftgzip.dll
unpack009/ftlive.dll
unpack002/configcenter.dll
unpack002/ftgzip.dll
unpack002/ftupdate.dll
unpack002/lockscr.exe
unpack002/log.dll
unpack002/plm.dll
unpack002/surfctl.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/ft3inst.exe	nsis_installer_1

Files

4ae94feaab51f53dc3c7bf70d6690c9d_JaffaCakes118
.rar
155绿色软件站.url
.url
ft3inst.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetPassword.ini
$PLUGINSDIR/SetShortCut.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/option.ini
$PLUGINSDIR/showtaskicon.bmp
$PLUGINSDIR/welcome.bmp
$PLUGINSDIR/welcome.ini
$SYSDIR/FT_ET99_API.dll
.dll windows:4 windows x86 arch:x86

e2d1b2ffa4a28c81124f88c56ed492a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/05/2007, 00:00

Not After

02/06/2010, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Feitian Technologies Co.\, Ltd.,L=Beijing\,China,ST=Beijing\,China,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

Actual PE Digest

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetVersionExA
TerminateProcess
WideCharToMultiByte
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
IsBadReadPtr
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetFeature
HidD_GetAttributes
HidD_SetFeature

Exports

Exports

MD5_HMAC
et_ChangeUserPIN
et_CloseToken
et_FindToken
et_GenPID
et_GenRandom
et_GenSOPIN
et_GetSN
et_HMAC_MD5
et_OpenToken
et_Read
et_ResetPIN
et_ResetSecurityState
et_SetKey
et_SetupToken
et_TurnOffLED
et_TurnOnLED
et_Verify
et_Write

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5ea75c942dede06496baf009be6181fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\Ft3\Release\MonUrlExt.pdb

Imports

kernel32

LoadLibraryA
LoadLibraryW
GetModuleHandleA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
lstrcpyW
WriteFile
SetFilePointer
CreateFileW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLastError
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcmpW
GetLocalTime
LCMapStringW
FreeLibrary
MultiByteToWideChar
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
InitializeCriticalSection
RaiseException
VirtualProtect
VirtualQuery
GetProcAddress
GetCurrentProcess
FlushInstructionCache
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
GetSystemInfo
SetUnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

CharNextW
GetClassNameW
DestroyWindow
SendMessageTimeoutW
FindWindowW
RegisterWindowMessageW
CreateWindowExW

advapi32

RegQueryInfoKeyW
GetUserNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
VarBstrCmp
SysAllocStringLen
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFindExtensionW
SHGetValueW
SHSetValueW

wininet

InternetCrackUrlW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ftdoctor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1b5ba371d83efe6a0dd32179218f775c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
DeviceIoControl
DisableThreadLibraryCalls
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetTempPathA
Sleep
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
MoveFileExW
ExitProcess
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LockResource
SizeofResource
LoadResource
FindResourceA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
lstrcmpiW
DebugBreak
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
lstrlenW
WideCharToMultiByte
OutputDebugStringW
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
CloseHandle
SetFilePointer
WriteFile
CreateProcessW

user32

SetDlgItemTextW
MessageBoxW
wvsprintfW
CharNextW
LoadStringW
DialogBoxParamW
GetActiveWindow
SetWindowLongW
EndDialog
SendMessageW
ShowWindow
EnableWindow
GetDlgItem
GetDlgCtrlID
LoadBitmapW
MessageBoxA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
GetWindowLongW

gdi32

SetTextColor
GetStockObject
GetObjectW
DeleteObject
CreateFontIndirectW

advapi32

RegSetValueExW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString
RegisterTypeLi
LoadTypeLi

shlwapi

SHGetValueW
SHDeleteValueW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
SHSetValueW
PathRemoveFileSpecW

wininet

InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
HttpOpenRequestW

setupapi

SetupIterateCabinetW

msvcrt

__dllonexit
fopen
fwrite
fclose
swprintf
_CxxThrowException
memmove
wcschr
free
wcscmp
_wcsicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_beginthreadex
time
memcmp
realloc
_wtoi
iswdigit
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
strcat
strlen
_vsnwprintf
wcslen
_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
wcsstr
wcsncpy
??3@YAXPAX@Z
malloc
memset

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FtDoctor
Setting

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ftsurfmon.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2452d60623ac827a2fb3e46581a8225a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetLocalTime
DeleteFileW
MoveFileExW
GetVersionExW
DeviceIoControl
WritePrivateProfileStringW
GetModuleHandleW
lstrcmpiW
TlsSetValue
TlsGetValue
GetCurrentProcessId
GetCurrentThreadId
lstrcmpW
GetWindowsDirectoryW
TlsFree
TlsAlloc
GetSystemDirectoryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetShortPathNameW
InterlockedIncrement
SizeofResource
MultiByteToWideChar
FindResourceW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
ExitProcess
GetModuleFileNameA
CreateProcessW
CompareStringW
LCMapStringW
GetSystemTime
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenFileMappingW
GetLastError
GetFileSize
ReadFile
OutputDebugStringW
DebugBreak
lstrlenA
LoadResource
InterlockedDecrement
lstrlenW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LoadLibraryExW
LoadLibraryW
FreeLibrary

user32

GetCursorPos
ScreenToClient
FillRect
BeginPaint
IsWindow
DestroyWindow
GetClientRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
DrawTextW
EndPaint
CreateWindowExW
OffsetRect
GetDC
ReleaseDC
InvalidateRect
SetFocus
GetCapture
ReleaseCapture
UpdateWindow
DefWindowProcW
SetRectEmpty
PtInRect
CallWindowProcW
SetWindowPos
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
DialogBoxParamW
ShowWindow
CharUpperW
SetCursor
SetCapture
WaitForInputIdle
MessageBoxA
EnumThreadWindows
GetWindowLongW
PostMessageW
GetActiveWindow
GetClassNameW
GetParent
SendMessageW
SetWindowTextW
GetWindowTextW
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
FindWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
GetDlgCtrlID
SetDlgItemTextW
CheckRadioButton
MessageBoxW
LoadStringW
CharNextW
wvsprintfW
CharLowerW
FindWindowW
SendMessageTimeoutW
SetWindowLongW
GetDlgItem
GetWindowTextLengthW
EnableWindow
GetDlgItemTextW
IsDlgButtonChecked
EndDialog
CheckDlgButton
LoadCursorW

gdi32

GetStockObject
SetTextColor
DeleteObject
DeleteDC
CreateFontIndirectW
GetObjectW
SelectObject
SetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
GetUserNameW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
CoCreateInstance

oleaut32

RegisterTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocString
VariantClear
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
DispCallFunc

comctl32

CreatePropertySheetPageW
_TrackMouseEvent
PropertySheetW
DestroyPropertySheetPage

urlmon

CoInternetGetSession

shlwapi

PathGetArgsW
PathUnquoteSpacesW
SHDeleteKeyW
PathRemoveExtensionW
PathFindFileNameW
SHDeleteValueW
PathFileExistsW
SHGetValueW
PathMatchSpecW
SHSetValueW

wininet

InternetCrackUrlW

msvcrt

localtime
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
memcmp
abs
wcspbrk
swprintf
_snprintf
strncat
_strlwr
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
memset
memcpy
wcsncpy
wcsstr
wcslen
strlen
strcat
sprintf
time
_vsnwprintf
wcscmp
??2@YAPAXI@Z
_wtoi
wcschr
strncpy
realloc
free
iswdigit
strpbrk
_strtime
wcscpy
memmove
wcsncmp
malloc

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

AddBlackSite
Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/$SYSDIR/drivers/ftdrv.sys
.sys windows:4 windows x86 arch:x86

cbb6ac3046cb27b3f7a4c55c101f9e81

Code Sign

2c:af:b3:66:64:4d:3a:7d:d2:ce:93:33:d0:5e:54:14
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15/10/2009, 00:00

Not After

15/10/2010, 23:59

Subject

CN=广州梦飞网络科技有限公司,O=广州梦飞网络科技有限公司,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
ExFreePoolWithTag
PsGetCurrentProcessId
wcscat
ExAllocatePoolWithTag
wcslen
wcsrchr
wcsstr
RtlCompareUnicodeString
_strlwr
_stricmp
_wcsicmp
ZwQueryInformationProcess
ExGetPreviousMode
DbgPrint
RtlInitUnicodeString
_except_handler3
strncmp
IoGetCurrentProcess
strncpy
wcscpy
swprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ZwDeleteKey
ZwSetValueKey
ZwDeleteValueKey
ZwSetSystemTime
ZwTerminateProcess
ZwQueryDirectoryFile
ZwCreateFile
ZwWriteFile
KeServiceDescriptorTable
ZwSetInformationFile
MmGetSystemRoutineAddress
IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
MmIsAddressValid
ObfDereferenceObject
ObQueryNameString
ZwCreateKey
RtlCopyUnicodeString
ZwEnumerateValueKey
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcsncpy

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/VirKeyBd.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d5d93c9693be58a8d7438fd5d12d41ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Active\Virtual Keyboard\Release\VirKeyBd.pdb

Imports

kernel32

RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapReAlloc
GetCommandLineA
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetCurrentProcess
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
SetLastError
LockResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetProcAddress
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

DestroyMenu
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
ShowWindow
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
GetSysColorBrush
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
PtInRect
SetRect
SendMessageA
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
SetForegroundWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetParent
wsprintfA
RegisterClassA
RemovePropA
GetCapture
SetCapture
GetDesktopWindow
EnableWindow
ReleaseCapture
GetSystemMetrics
InflateRect
GetClassInfoA
GetSysColor
SetCursor
LoadCursorA
GetCursorPos
DrawFrameControl
UnregisterClassA
CharNextA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GetWindow
IsWindowVisible
DestroyWindow
IsWindow
InvalidateRect
FillRect

gdi32

GetDeviceCaps
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
CreatePen
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleTranslateColor
LoadRegTypeLi
SysStringLen
VariantClear
VariantChangeType
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftcomdll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2501306361fa4123dc2892db79d9a553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
lstrcmpW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
CompareStringW
lstrlenA
MultiByteToWideChar
DebugBreak
GetCurrentProcess
CreateProcessW
WritePrivateProfileStringW
WritePrivateProfileSectionW
FlushInstructionCache
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetShortPathNameW
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
LoadLibraryW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

UpdateWindow
DefWindowProcW
SetRectEmpty
PtInRect
ReleaseCapture
GetCapture
DestroyWindow
BeginPaint
SetCursor
ScreenToClient
GetCursorPos
WaitForInputIdle
wvsprintfW
CreateWindowExW
GetWindow
GetDlgCtrlID
FillRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
EndPaint
SystemParametersInfoW
MapWindowPoints
CallWindowProcW
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
ReleaseDC
IsWindow
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
LoadCursorW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
GetWindowRect
GetDlgItemTextA
SetDlgItemTextW
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
EndDialog
LoadStringW
CharLowerW
SendMessageW
MessageBoxA
MessageBoxW
SetWindowLongW
CharNextW
GetActiveWindow
DialogBoxParamW
FindWindowW
SendMessageTimeoutW
SetCapture

gdi32

SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject
SelectObject
DeleteDC

advapi32

GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
SHDeleteValueW
SHGetValueA
SHGetValueW
SHSetValueW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

msvcrt

strcmp
?terminate@@YAXXZ
__dllonexit
wcschr
realloc
_onexit
_initterm
_adjust_fdiv
iswdigit
swprintf
_wcsicmp
wcslen
strlen
strcat
sprintf
time
_vsnwprintf
memset
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_purecall
??2@YAPAXI@Z
_except_handler3
wcsstr
wcscmp
strchr
malloc
free
_wtoi
_wcsicoll

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftct.exe
.exe windows:4 windows x86 arch:x86

fcd926a2bddace6ba385c583ff86ca00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
CreateThread
SetFileAttributesW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
GetPrivateProfileStringW
Sleep
lstrcmpiW
WaitForMultipleObjects
CreateEventW
FindCloseChangeNotification
WaitForSingleObject
FindFirstChangeNotificationW
lstrcpynA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
ExitProcess
GetModuleFileNameA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
DeleteFileW
GetProcAddress
OpenEventW
GetLocalTime
GetPrivateProfileIntW
TerminateProcess
DebugBreak
lstrlenA
WritePrivateProfileStringW
GetModuleHandleW
HeapFree
HeapAlloc
CreateDirectoryW
CopyFileW
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetCurrentProcessId
VirtualAllocEx
MultiByteToWideChar
GetOEMCP
GetACP
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
SetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
LoadLibraryW
InterlockedDecrement
FreeLibrary
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeviceIoControl
GetVersionExW
lstrcpynW
GetLastError
OutputDebugStringW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
WriteProcessMemory
CloseHandle

user32

DispatchMessageW
RegisterWindowMessageW
SendMessageTimeoutW
wvsprintfW
CharNextW
CharUpperW
FindWindowW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowPos
KillTimer
SetWindowTextW
SetTimer
TranslateAcceleratorW
GetActiveWindow
MessageBoxA
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
RegisterClassExW
SetWindowLongW
InvalidateRect
GetWindowRect
RemoveMenu
PtInRect
MapWindowPoints
IsWindow
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
MessageBeep
CreateWindowExW
LoadMenuW
LoadAcceleratorsW
SendMessageW
LoadStringW
SetFocus
GetWindowLongW
PostQuitMessage
LoadStringA
PostMessageW
DefWindowProcW
DestroyWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetClientRect
CallWindowProcW

advapi32

InitializeAcl
RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
AddAccessAllowedAce

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHGetValueW
SHGetValueA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueW

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/ftlive.dll
.dll windows:4 windows x86 arch:x86

470584955592f98a3db1034aa474ff4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
OpenMutexW
OutputDebugStringW
GetLastError
MoveFileExW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
lstrcmpiW
SetThreadPriority
GetCurrentThread
CreateMutexW
Thread32Next
ResumeThread
OpenThread
Thread32First
GetPrivateProfileIntW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
VirtualAllocEx
ExitProcess
GetWindowsDirectoryW
FreeLibrary
GetCurrentProcessId
CreateProcessW
FindClose
FindFirstFileW
ReadFile
FindNextFileW
DeleteFileW
GetSystemDirectoryW
lstrcmpW
SetLastError
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
lstrlenA
GetLocalTime
CreateEventW
SetFileAttributesW
GetTempPathW
TerminateThread
CreateDirectoryW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
lstrlenW
lstrcpynW
VirtualProtect
FlushInstructionCache
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleFileNameA

user32

SendMessageTimeoutW
GetWindowThreadProcessId
RegisterHotKey
PostMessageW
SetTimer
UnregisterHotKey
KillTimer
DefWindowProcW
PostQuitMessage
RegisterClassExW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MessageBoxA
GetActiveWindow
WaitForInputIdle
GetSystemMetrics
ExitWindowsEx
LoadIconW
FindWindowW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHDeleteValueW
PathFindExtensionW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
PathGetArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRenameExtensionW
PathFindFileNameW
SHDeleteKeyW

wininet

InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

msvcrt

free
wcscmp
_snwprintf
__CxxFrameHandler
_beginthreadex
_wcslwr
_wtoi
_strtime
_vsnwprintf
time
sprintf
wcslen
wcsncpy
wcsstr
??2@YAPAXI@Z
swprintf
??3@YAXPAX@Z
realloc
_except_handler3
_wtol
_strnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
malloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/ftopt.exe
.exe windows:4 windows x86 arch:x86

b832975a4fcb11c13ae93797cb09e9cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
TerminateProcess
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
GetPrivateProfileSectionNamesW
MoveFileExW
GetPrivateProfileStringW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
Sleep
WritePrivateProfileStringW
LoadLibraryA
VirtualFreeEx
CreateRemoteThread
GetModuleHandleW
WriteProcessMemory
VirtualAllocEx
GetPrivateProfileSectionW
CompareStringW
HeapFree
HeapAlloc
CreateProcessW
CreateDirectoryW
GetTempFileNameW
GetModuleFileNameW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
SetFileAttributesW
GlobalFree
MulDiv
ResumeThread
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceW
ResetEvent
SetEvent
GetExitCodeThread
GetSystemDirectoryW
RaiseException
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
CompareStringA
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
SetLastError
TlsAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
ExitThread
TlsGetValue
TlsSetValue
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
OpenProcess
GetWindowsDirectoryW
GetModuleFileNameA
ExitProcess
DeviceIoControl
GetVersionExW
GetFileSize
ReadFile
DeleteFileW
GetLocalTime
CreateThread
WaitForSingleObject
lstrcpynW
GetLastError
SetEnvironmentVariableA
GetPrivateProfileIntW
OutputDebugStringW
DebugBreak
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
lstrlenA
InterlockedDecrement
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

SendMessageTimeoutW
FindWindowW
GetParent
SetDlgItemTextW
SendMessageW
ReleaseDC
GetFocus
GetSysColor
IsWindowEnabled
GetWindowDC
GetDesktopWindow
CloseClipboard
SetClipboardData
EmptyClipboard
GetClassNameW
GetWindowTextLengthW
GetDC
OffsetRect
GetDlgCtrlID
KillTimer
IsRectEmpty
CreateWindowExW
WaitForInputIdle
SetRectEmpty
SetCapture
PtInRect
ReleaseCapture
GetCapture
UpdateWindow
EndPaint
BeginPaint
GetDlgItem
FillRect
MessageBoxW
LoadStringW
DrawFocusRect
SetCursor
LoadCursorW
GetDlgItemTextW
SetFocus
GetDlgItemTextA
SetWindowLongW
wvsprintfW
OpenClipboard
CheckRadioButton
SetRect
GetUpdateRect
ExitWindowsEx
CharNextW
EndDialog
SetWindowPos
InvalidateRect
LoadIconW
SetWindowTextW
IsWindow
MoveWindow
ShowWindow
EnableWindow
SetTimer
GetWindowTextW
DestroyIcon
LoadImageW
IsDlgButtonChecked
CheckDlgButton
CallWindowProcW
LoadBitmapW
GetCursorPos
ScreenToClient
CopyRect
DrawTextW
DefWindowProcW
CharUpperW
DestroyWindow
DialogBoxParamW
GetWindowThreadProcessId
PostMessageW
GetActiveWindow
MessageBoxA
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints

gdi32

CreateSolidBrush
DeleteObject
CreateFontIndirectW
GetObjectW
SetBkMode
SetTextColor
SelectObject
GetStockObject
DeleteDC
EnumFontsW
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

advapi32

RegEnumValueW
AddAccessAllowedAce
RegQueryValueExW
RegCreateKeyExW
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupAccountNameW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
InitializeAcl

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
DispCallFunc
VariantClear
SysAllocString
OleLoadPicture
LoadRegTypeLi
SysFreeString

comctl32

ImageList_Create
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_AddMasked

shlwapi

PathFileExistsW
PathFindFileNameW
SHSetValueW
SHGetValueA
PathIsDirectoryW
PathRemoveFileSpecW
SHDeleteKeyW
SHDeleteValueW
SHSetValueA
SHGetValueW

wininet

InternetReadFile
InternetCrackUrlW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/ftslsp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

aa65fa328f0a427355cf065430726bbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
VirtualProtect
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
CloseHandle
WriteFile
SetFilePointer
CreateFileW
LCMapStringW
InterlockedIncrement
InterlockedDecrement
lstrlenA
CreateFileMappingW
lstrcatW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileSectionW
OutputDebugStringW
GetLastError
lstrcpynW
GetProcAddress
WaitForSingleObject
IsBadReadPtr
TlsGetValue
TlsSetValue
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
TlsFree
OpenFileMappingW
GetModuleHandleW
TlsAlloc
GetModuleFileNameW
InitializeCriticalSection
DisableThreadLibraryCalls
GetPrivateProfileStringW
lstrcmpW
LeaveCriticalSection
ExpandEnvironmentStringsW
lstrcmpiW
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
LoadLibraryW
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetACP
SetEnvironmentVariableA
GetCPInfo
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringA
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
IsBadWritePtr
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
GetCommandLineA
GetVersion
GetCurrentThreadId
SetLastError
ExitProcess
TerminateProcess
HeapSize
VirtualFree
VirtualAlloc

user32

LoadStringW
CharNextW
FindWindowW
wsprintfW
CharUpperW
CharLowerW
SendMessageTimeoutW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ws2_32

gethostbyname
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
WSASetLastError
WSCEnumProtocols
WSCGetProviderPath

shlwapi

PathFindFileNameW
SHGetValueW
SHSetValueW

wininet

InternetCrackUrlW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Resume
WSPStartup

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e0110c3cf49bf434e10503922b2ffaa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenW
lstrlenA
CompareStringA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
MultiByteToWideChar
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
OutputDebugStringA
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetModuleHandleA
GetProcAddress
lstrcmpA
lstrcpyA
lstrcpynA
CreateFileA
CloseHandle
HeapDestroy

user32

GetCapture
UpdateWindow
SetRectEmpty
CallWindowProcA
GetParent
LoadStringA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
CreateWindowExA
DefWindowProcA
SetWindowPos
GetWindowRect
SetWindowRgn
wvsprintfA
SetWindowTextA
IsWindowEnabled
DestroyIcon
DestroyWindow
GetSysColor
SetFocus
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetDlgCtrlID
GetCursorPos
ReleaseCapture
PtInRect
ScreenToClient
SetCursor
InvalidateRect
EndPaint
SetCapture
GetDC
InflateRect
DrawIconEx
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
GetWindowTextA
DrawTextA
SetWindowLongA
GetWindowLongA
BeginPaint
KillTimer
SendMessageA
GetClientRect
OffsetRect
CharLowerA
LoadImageA
CharUpperA
GetDesktopWindow
IsWindow
CharNextA

gdi32

CreateRoundRectRgn
CombineRgn
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetBkMode
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
ExtractIconA

ole32

CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
OleLoadPicture
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VariantClear

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathIsURLA

msvcrt

_purecall
memset
_vsnprintf
_mbscmp
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Help.chm
.chm
JpgVSbmp.dll
.dll windows:4 windows x86 arch:x86

f0b9ed64fde0f3e55899eb4261aaed7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetTimeZoneInformation
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetACP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
RtlUnwind
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
WritePrivateProfileStringA
GlobalFlags
GetFileTime
GetFileAttributesA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
HeapFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
WideCharToMultiByte
InterlockedIncrement
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
SetLastError
InterlockedDecrement
lstrlenA
lstrcmpA
LocalAlloc
LocalFree
LocalLock
LocalUnlock
GlobalSize
WriteFile
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
CreateFileA
CloseHandle
GlobalHandle
GetStringTypeW

user32

GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuItemCount
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
WinHelpA
GetDlgItem
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SendMessageA
PostMessageA
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
GetSystemMetrics
CharUpperA
wsprintfA
UnhookWindowsHookEx
GetActiveWindow
MessageBoxA
ScreenToClient
GetClientRect
ClientToScreen
GetClassInfoA
RegisterClassA
GetWindowRect
IsRectEmpty
GetSysColor
LoadCursorA
SetCursor
GetDC
ReleaseDC
UnregisterClassA
SetMenuItemBitmaps

gdi32

CreatePalette
GetObjectA
BitBlt
RealizePalette
CreateCompatibleDC
StretchBlt
GetPaletteEntries
GetDeviceCaps
GetSystemPaletteEntries
CreateDIBitmap
SelectPalette
GetStockObject
DeleteObject
GdiFlush
DeleteDC
SetStretchBltMode
SetDIBColorTable
SelectObject
CreateDIBSection
CreateHalftonePalette
CreateCompatibleBitmap
CreateDCA
StretchDIBits
SetPaletteEntries
ResizePalette
SetSystemPaletteUse
GetNearestPaletteIndex
SetBkColor
SetMapMode
CreateBitmap
SaveDC
RestoreDC
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDIBits

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

BmpToJpg
CopyClientRectToBitmap
CopyClientRectToDIB
CopyScreenToBitmap
CopyScreenToDIB
CopyWindowToBitmap
CopyWindowToDIB
DIBToJpg
DitherDisplayDIB
JpgToBmp
PaintBitmap
PaintDIB
PaintJPG
PaintJPG2
PaintJPG3
PaintJPG4

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Message.dll
.dll regsvr32 windows:4 windows x86 arch:x86

841400684750123fe2230490ae5073e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionNamesA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
lstrlenW
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetTickCount
WideCharToMultiByte
lstrcatA
GetModuleFileNameA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetLocalTime
GetPrivateProfileStringA
lstrcmpiA
GetPrivateProfileIntA
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateThread

user32

wsprintfA
GetClassNameA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
PostQuitMessage
GetDesktopWindow
wvsprintfA
CharNextA
LoadStringA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
KillTimer
SetTimer
ShowWindow
PostMessageA
CharLowerA
DispatchMessageA
SystemParametersInfoA
GetWindowRect
OffsetRect
SetWindowRgn
AnimateWindow
TranslateMessage
GetDC
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
IsWindow
GetSysColor
SetFocus
IsChild
GetFocus
CallWindowProcA
EndPaint
ReleaseDC
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
GetMessageA

gdi32

CreateRoundRectRgn
CombineRgn
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
DispCallFunc
OleCreateFontIndirect
SysFreeString

shlwapi

PathIsURLA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

msvcrt

time
_mbscmp
difftime
abs
??3@YAXPAX@Z
__CxxFrameHandler
atoi
memset
_vsnprintf
_ftol
memcpy
??2@YAPAXI@Z
_mbsstr
wcslen
_ismbcdigit
realloc
free
memcmp
_mbschr
atol
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NMSashok.dll
.dll windows:4 windows x86 arch:x86

b2dab1fd7df64cc23633a26d5b7ede88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\网络监护\Release\NMSashok.pdb

Imports

kernel32

lstrcmpA
CloseHandle
OutputDebugStringA
GetModuleFileNameA
HeapSize
ExitProcess
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LoadLibraryA
RtlUnwind
InterlockedExchange
HeapReAlloc
InitializeCriticalSection

user32

OpenDesktopA
EnumDesktopWindows
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetAsyncKeyState
CallNextHookEx
CallWindowProcA
GetWindowTextA

Exports

Exports

DisableHotKey

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Share
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/$FAVORITES/ɫַ.url
.url
backup/$WINDIR/report.htm
.html .js polyglot
backup/$WINDIR/res.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/FT_ET99_API.cab
.cab
FT_ET99_API.dll
.dll windows:4 windows x86 arch:x86

e2d1b2ffa4a28c81124f88c56ed492a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/05/2007, 00:00

Not After

02/06/2010, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Feitian Technologies Co.\, Ltd.,L=Beijing\,China,ST=Beijing\,China,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

Actual PE Digest

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetVersionExA
TerminateProcess
WideCharToMultiByte
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
IsBadReadPtr
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetFeature
HidD_GetAttributes
HidD_SetFeature

Exports

Exports

MD5_HMAC
et_ChangeUserPIN
et_CloseToken
et_FindToken
et_GenPID
et_GenRandom
et_GenSOPIN
et_GetSN
et_HMAC_MD5
et_OpenToken
et_Read
et_ResetPIN
et_ResetSecurityState
et_SetKey
et_SetupToken
et_TurnOffLED
et_TurnOnLED
et_Verify
et_Write

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/MonUrlExt.cab
.cab
MonUrlExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5ea75c942dede06496baf009be6181fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\Ft3\Release\MonUrlExt.pdb

Imports

kernel32

LoadLibraryA
LoadLibraryW
GetModuleHandleA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
lstrcpyW
WriteFile
SetFilePointer
CreateFileW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WideCharToMultiByte
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLastError
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcmpW
GetLocalTime
LCMapStringW
FreeLibrary
MultiByteToWideChar
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
InitializeCriticalSection
RaiseException
VirtualProtect
VirtualQuery
GetProcAddress
GetCurrentProcess
FlushInstructionCache
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringA
GetSystemInfo
SetUnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

CharNextW
GetClassNameW
DestroyWindow
SendMessageTimeoutW
FindWindowW
RegisterWindowMessageW
CreateWindowExW

advapi32

RegQueryInfoKeyW
GetUserNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
VariantInit
LoadTypeLi
VariantClear
DispCallFunc
LoadRegTypeLi
VarBstrCmp
SysAllocStringLen
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFindExtensionW
SHGetValueW
SHSetValueW

wininet

InternetCrackUrlW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftcomdll.cab
.cab
ftcomdll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2501306361fa4123dc2892db79d9a553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
lstrcmpW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetLocalTime
CompareStringW
lstrlenA
MultiByteToWideChar
DebugBreak
GetCurrentProcess
CreateProcessW
WritePrivateProfileStringW
WritePrivateProfileSectionW
FlushInstructionCache
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetProcAddress
FreeLibrary
GetShortPathNameW
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynW
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
LoadLibraryW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

UpdateWindow
DefWindowProcW
SetRectEmpty
PtInRect
ReleaseCapture
GetCapture
DestroyWindow
BeginPaint
SetCursor
ScreenToClient
GetCursorPos
WaitForInputIdle
wvsprintfW
CreateWindowExW
GetWindow
GetDlgCtrlID
FillRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
EndPaint
SystemParametersInfoW
MapWindowPoints
CallWindowProcW
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
ReleaseDC
IsWindow
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
LoadCursorW
GetParent
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
GetWindowRect
GetDlgItemTextA
SetDlgItemTextW
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
EndDialog
LoadStringW
CharLowerW
SendMessageW
MessageBoxA
MessageBoxW
SetWindowLongW
CharNextW
GetActiveWindow
DialogBoxParamW
FindWindowW
SendMessageTimeoutW
SetCapture

gdi32

SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject
SelectObject
DeleteDC

advapi32

GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
SHDeleteValueW
SHGetValueA
SHGetValueW
SHSetValueW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

msvcrt

strcmp
?terminate@@YAXXZ
__dllonexit
wcschr
realloc
_onexit
_initterm
_adjust_fdiv
iswdigit
swprintf
_wcsicmp
wcslen
strlen
strcat
sprintf
time
_vsnwprintf
memset
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_purecall
??2@YAPAXI@Z
_except_handler3
wcsstr
wcscmp
strchr
malloc
free
_wtoi
_wcsicoll

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftct.cab
.cab
ftct.exe
.exe windows:4 windows x86 arch:x86

fcd926a2bddace6ba385c583ff86ca00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
CreateThread
SetFileAttributesW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
GetPrivateProfileStringW
Sleep
lstrcmpiW
WaitForMultipleObjects
CreateEventW
FindCloseChangeNotification
WaitForSingleObject
FindFirstChangeNotificationW
lstrcpynA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
ExitProcess
GetModuleFileNameA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
DeleteFileW
GetProcAddress
OpenEventW
GetLocalTime
GetPrivateProfileIntW
TerminateProcess
DebugBreak
lstrlenA
WritePrivateProfileStringW
GetModuleHandleW
HeapFree
HeapAlloc
CreateDirectoryW
CopyFileW
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetCurrentProcessId
VirtualAllocEx
MultiByteToWideChar
GetOEMCP
GetACP
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
SetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RtlUnwind
GetSystemTime
GetTimeZoneInformation
LoadLibraryW
InterlockedDecrement
FreeLibrary
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeviceIoControl
GetVersionExW
lstrcpynW
GetLastError
OutputDebugStringW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
WriteProcessMemory
CloseHandle

user32

DispatchMessageW
RegisterWindowMessageW
SendMessageTimeoutW
wvsprintfW
CharNextW
CharUpperW
FindWindowW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowPos
KillTimer
SetWindowTextW
SetTimer
TranslateAcceleratorW
GetActiveWindow
MessageBoxA
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
RegisterClassExW
SetWindowLongW
InvalidateRect
GetWindowRect
RemoveMenu
PtInRect
MapWindowPoints
IsWindow
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
CreatePopupMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
MessageBeep
CreateWindowExW
LoadMenuW
LoadAcceleratorsW
SendMessageW
LoadStringW
SetFocus
GetWindowLongW
PostQuitMessage
LoadStringA
PostMessageW
DefWindowProcW
DestroyWindow
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetClientRect
CallWindowProcW

advapi32

InitializeAcl
RegCreateKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountNameW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
AddAccessAllowedAce

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHGetValueW
SHGetValueA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueW

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
backup/ftdrv.cab
.cab
ftdrv.sys
.sys windows:4 windows x86 arch:x86

cbb6ac3046cb27b3f7a4c55c101f9e81

Code Sign

2c:af:b3:66:64:4d:3a:7d:d2:ce:93:33:d0:5e:54:14
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15/10/2009, 00:00

Not After

15/10/2010, 23:59

Subject

CN=广州梦飞网络科技有限公司,O=广州梦飞网络科技有限公司,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
ExFreePoolWithTag
PsGetCurrentProcessId
wcscat
ExAllocatePoolWithTag
wcslen
wcsrchr
wcsstr
RtlCompareUnicodeString
_strlwr
_stricmp
_wcsicmp
ZwQueryInformationProcess
ExGetPreviousMode
DbgPrint
RtlInitUnicodeString
_except_handler3
strncmp
IoGetCurrentProcess
strncpy
wcscpy
swprintf
ZwClose
ZwQueryValueKey
ZwOpenKey
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ZwQuerySystemInformation
ZwDeleteKey
ZwSetValueKey
ZwDeleteValueKey
ZwSetSystemTime
ZwTerminateProcess
ZwQueryDirectoryFile
ZwCreateFile
ZwWriteFile
KeServiceDescriptorTable
ZwSetInformationFile
MmGetSystemRoutineAddress
IofCompleteRequest
ObReferenceObjectByHandle
ExEventObjectType
MmIsAddressValid
ObfDereferenceObject
ObQueryNameString
ZwCreateKey
RtlCopyUnicodeString
ZwEnumerateValueKey
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
wcsncpy

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftgzip.cab
.cab
ftgzip.dll
.dll windows:4 windows x86 arch:x86

86d97ce1716c56a2b13af0c237b5f5da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock

msvcrt

free
malloc
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
calloc
_initterm
_adjust_fdiv

Exports

Exports

Gzip2A
Gzip2AEx
deflate_uncompress

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftlive.cab
.cab
ftlive.dll
.dll windows:4 windows x86 arch:x86

470584955592f98a3db1034aa474ff4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
OpenMutexW
OutputDebugStringW
GetLastError
MoveFileExW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
lstrcmpiW
SetThreadPriority
GetCurrentThread
CreateMutexW
Thread32Next
ResumeThread
OpenThread
Thread32First
GetPrivateProfileIntW
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
VirtualAllocEx
ExitProcess
GetWindowsDirectoryW
FreeLibrary
GetCurrentProcessId
CreateProcessW
FindClose
FindFirstFileW
ReadFile
FindNextFileW
DeleteFileW
GetSystemDirectoryW
lstrcmpW
SetLastError
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
lstrlenA
GetLocalTime
CreateEventW
SetFileAttributesW
GetTempPathW
TerminateThread
CreateDirectoryW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
lstrlenW
lstrcpynW
VirtualProtect
FlushInstructionCache
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleFileNameA

user32

SendMessageTimeoutW
GetWindowThreadProcessId
RegisterHotKey
PostMessageW
SetTimer
UnregisterHotKey
KillTimer
DefWindowProcW
PostQuitMessage
RegisterClassExW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
MessageBoxA
GetActiveWindow
WaitForInputIdle
GetSystemMetrics
ExitWindowsEx
LoadIconW
FindWindowW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

shlwapi

SHDeleteValueW
PathFindExtensionW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW
PathGetArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRenameExtensionW
PathFindFileNameW
SHDeleteKeyW

wininet

InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

msvcrt

free
wcscmp
_snwprintf
__CxxFrameHandler
_beginthreadex
_wcslwr
_wtoi
_strtime
_vsnwprintf
time
sprintf
wcslen
wcsncpy
wcsstr
??2@YAPAXI@Z
swprintf
??3@YAXPAX@Z
realloc
_except_handler3
_wtol
_strnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
malloc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backup/ftopt.cab
.cab
backup/ftslsp.cab
.cab
backup/ftsurfmon.cab
.cab
configcenter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

842c529f9f14982a310653c9c7d436df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
WideCharToMultiByte
GetLastError
lstrcpynW
WaitForSingleObject
InterlockedIncrement
lstrlenA
MultiByteToWideChar
DebugBreak
MoveFileExW
FreeLibrary
DeviceIoControl
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
WritePrivateProfileStringW
GetTempPathW
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CopyFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateThread
Sleep
WritePrivateProfileSectionW
lstrlenW
DisableThreadLibraryCalls
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CloseHandle
GetVersionExW

user32

MessageBoxW
GetWindowLongW
GetActiveWindow
CharNextW
SetWindowLongW
LoadStringW
wvsprintfW
MessageBoxA
SetDlgItemTextW
EndDialog
GetDlgItemTextW
GetDlgCtrlID
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
CharUpperW
DialogBoxParamW

gdi32

SetTextColor
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHCreateDirectoryExW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi

shlwapi

SHGetValueW
PathFileExistsW
SHDeleteValueW
PathRemoveFileSpecW
SHSetValueW

msvcrt

_onexit
__dllonexit
memmove
_wcsnicmp
_adjust_fdiv
malloc
wcsstr
swprintf
strncat
_strlwr
_wtoi
iswdigit
_vsnwprintf
??2@YAPAXI@Z
memcmp
??3@YAXPAX@Z
wcscmp
__CxxFrameHandler
memcpy
memset
_snprintf
time
sprintf
strcat
strcmp
strcpy
strlen
wcslen
free
_initterm

wininet

InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetReadFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftgzip.dll
.dll windows:4 windows x86 arch:x86

86d97ce1716c56a2b13af0c237b5f5da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock

msvcrt

free
malloc
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
calloc
_initterm
_adjust_fdiv

Exports

Exports

Gzip2A
Gzip2AEx
deflate_uncompress

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftmsgbk.bmp
ftupdate.dll
.dll windows:4 windows x86 arch:x86

88154e8742331f7d19c1458a9a9cde99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\Ft3\Release\SoftUpdate.pdb

Imports

kernel32

WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
MultiByteToWideChar
lstrcatA
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
WritePrivateProfileStringA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
OutputDebugStringA
WriteFile
SetFilePointer
FlushFileBuffers
SetStdHandle
lstrcpynA
GetCurrentProcessId
GetModuleFileNameA
DeviceIoControl
CloseHandle
CreateFileA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateDirectoryA
GetVersionExA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocalTime
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
InitializeSecurityDescriptor

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA
SHSetValueA
PathRemoveFileSpecA
SHGetValueA
PathFileExistsA

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

GetPEFileVersion
RebootUpdate
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
game.ini
hint.ini
img/bk.bmp
img/msgSkin.ini
lockscr.exe
.exe windows:4 windows x86 arch:x86

f73c366d7ecb80927e6d6fa4ecad54d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetModuleFileNameW
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStartupInfoA
GetFileType
TerminateProcess
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetVersion
GetStartupInfoW
GetModuleHandleA
RtlUnwind
GetCurrentProcessId
GetWindowsDirectoryW
GetModuleFileNameA
ExitProcess
FreeLibrary
LoadLibraryW
FlushInstructionCache
DeleteCriticalSection
CloseHandle
HeapDestroy
InitializeCriticalSection
CreateMutexW
lstrcpyW
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
lstrcmpiW
Module32NextW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
CreateRemoteThread
VirtualFreeEx
OpenProcess
DeviceIoControl
GetVersionExW
LocalAlloc
LocalLock
LocalUnlock
GlobalSize
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
DebugBreak
lstrlenA
MultiByteToWideChar
InterlockedIncrement
WaitForSingleObject
lstrcatW
GetLastError
FormatMessageW
LocalFree
CreateFileW
WideCharToMultiByte
SetFilePointer
WriteFile
OutputDebugStringW
HeapAlloc
HeapFree
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrlenW
InterlockedDecrement
GetStdHandle

user32

FindWindowW
LoadStringW
ReleaseDC
GetDC
MessageBoxW
wvsprintfW
CharNextW
SetCursor
LoadCursorW
IsRectEmpty
GetWindowRect
SendMessageTimeoutW
DestroyWindow
DialogBoxParamW
GetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
MessageBoxA
ExitWindowsEx
GetTopWindow
GetWindowThreadProcessId
BeginPaint
InflateRect
DrawTextW
GetClientRect
KillTimer
MoveWindow
GetWindowLongW
GetParent
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
LoadImageW
SendMessageW
SetForegroundWindow
GetDlgItem
ShowWindow
InvalidateRect
SetTimer
SetWindowLongW
LoadBitmapW
EndDialog
GetSystemMetrics
SetCursorPos
DefWindowProcW
GetActiveWindow
EndPaint

gdi32

ExtTextOutW
SetTextColor
CreateFontW
SetBkMode
SetBkColor
GetNearestPaletteIndex
SetSystemPaletteUse
ResizePalette
SetPaletteEntries
StretchDIBits
CreateDCW
CreateCompatibleBitmap
GetPaletteEntries
CreateCompatibleDC
SelectObject
SetStretchBltMode
StretchBlt
BitBlt
DeleteObject
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetDeviceCaps
GetSystemPaletteEntries
GetObjectW
GetDIBits
CreatePalette
DeleteDC

advapi32

GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

SHGetValueW
PathFileExistsW
SHSetValueW

winmm

PlaySoundW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
log.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7ca484139343905079f69b79ba175dcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
DeviceIoControl
GetModuleFileNameW
DisableThreadLibraryCalls
FindClose
FindNextFileW
FindFirstFileW
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
ExitProcess
MultiByteToWideChar
GetModuleFileNameA
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
ProcessIdToSessionId
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
CreateDirectoryW
TerminateProcess
WritePrivateProfileStringW
MoveFileExW
GetTempFileNameW
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetFileSize
ReadFile
DeleteFileW
GetLocalTime
CreateThread
WaitForSingleObject
lstrcpynW
GetLastError
FormatMessageW
LocalFree
OutputDebugStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenMutexW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
lstrcpyW
lstrcatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetWindowsDirectoryW
CloseHandle

user32

GetWindow
SendMessageTimeoutW
FindWindowW
MessageBoxW
CharNextW
LoadStringW
GetActiveWindow
SetCursor
GetForegroundWindow
GetSystemMetrics
CloseDesktop
OpenInputDesktop
wvsprintfW
LoadCursorW
MessageBoxA
WaitForInputIdle
GetWindowThreadProcessId
CharLowerW
SendMessageW
GetClientRect
DefWindowProcW
CreateWindowExW
DestroyWindow
CallWindowProcW
SetWindowLongW
GetWindowLongW
SetWindowPos
MapWindowPoints
GetWindowRect
CharUpperW
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
SetDlgItemInt
GetDlgItem
CheckRadioButton
SetDlgItemTextW
GetParent
SystemParametersInfoW

gdi32

GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityInfo
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
CreateProcessAsUserW
RegQueryValueExW
AddAccessAllowedAce
InitializeAcl
LookupAccountNameW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW

shell32

ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

shlwapi

PathRemoveFileSpecW
SHGetValueA
PathFindFileNameW
SHSetValueW
SHGetValueW
PathFileExistsW
SHDeleteKeyW
SHDeleteValueW

msvcrt

_except_handler3
_onexit
__dllonexit
strcmp
localtime
memmove
realloc
wcsstr
_wcslwr
swprintf
_snwprintf
_snprintf
strncat
_strlwr
_adjust_fdiv
malloc
free
memcmp
_ftol
difftime
wcscmp
_wcsicmp
swscanf
abs
_wtoi
iswdigit
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_strtime
__CxxFrameHandler
memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
wcsncpy
?terminate@@YAXXZ
_initterm

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
Recover
Setting
UnInit

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
messageconfig.ini
msgSkin.ini
networksoft.ini
pgkl.cab
plm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ffdc6b3ae18c75b4d60369c511ff5a74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
GetVersionExW
DeviceIoControl
ExitProcess
GetWindowsDirectoryW
GetModuleFileNameA
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
TerminateProcess
WritePrivateProfileStringW
GetModuleFileNameW
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
WritePrivateProfileSectionW
DisableThreadLibraryCalls
lstrcmpiW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetPrivateProfileSectionNamesW
WaitForSingleObject
lstrcpynW
OutputDebugStringW
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileSectionW
GetPrivateProfileIntW
lstrlenW
WideCharToMultiByte
CreateFileW
SetFilePointer
GetCurrentThreadId
lstrlenA
WriteFile
lstrcpyW
lstrcatW
CloseHandle

user32

EndDialog
UnhookWindowsHookEx
SetWindowsHookExW
GetCursorPos
CharUpperW
wvsprintfW
MessageBoxW
LoadStringW
FindWindowW
SendMessageTimeoutW
GetClassNameW
GetWindowTextW
ShowWindow
CallNextHookEx
GetDlgItemTextW
SetDlgItemTextW
SetFocus
IsWindowEnabled
CheckRadioButton
EnableWindow
IsDlgButtonChecked
DialogBoxParamW
LoadIconW
DestroyIcon
GetDlgItem
CheckDlgButton
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
GetWindowLongW
SetWindowLongW
CallWindowProcW
DestroyWindow
CreateWindowExW
DefWindowProcW
GetClientRect
SendMessageW
GetWindowThreadProcessId
GetActiveWindow
MessageBoxA
CharNextW
ScreenToClient

gdi32

GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ExtractIconW
SHGetPathFromIDListW
SHCreateDirectoryExW

ole32

CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysFreeString

comctl32

ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
DestroyPropertySheetPage

shlwapi

PathMatchSpecW
SHDeleteValueW
PathFindFileNameW
PathFileExistsW
SHGetValueW
SHSetValueW

msvcrt

wcschr
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memset
_vsnwprintf
time
sprintf
strcat
strlen
wcslen
free
??2@YAPAXI@Z
iswdigit
_wtoi
_strlwr
strncat
_snprintf
swprintf
_wcslwr
wcsstr
memmove
wcscmp
memcmp
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
realloc

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

Exports

Exports

Command
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Init
NeedBlock
Recover
Setting
UnInit

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
security.exe
.exe windows:4 windows x86 arch:x86

91696d44c81dc0ab8158aacd72d9a603

Code Sign

2c:af:b3:66:64:4d:3a:7d:d2:ce:93:33:d0:5e:54:14
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15/10/2009, 00:00

Not After

15/10/2010, 23:59

Subject

CN=广州梦飞网络科技有限公司,O=广州梦飞网络科技有限公司,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GetLastError
lstrcpynA
GetVersionExA
DeviceIoControl
LockResource
SizeofResource
LoadResource
FindResourceA
LocalFree
GetModuleFileNameA
DeleteFileA
GetWindowsDirectoryA
lstrlenA
QueryDosDeviceA
MoveFileExA
SetEndOfFile
LoadLibraryA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringA
CreateDirectoryA
lstrcpyA
GetSystemDirectoryA
lstrcatA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
ReadFile
VirtualAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree

user32

MessageBoxA

advapi32

DeleteService
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHSetValueA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecA
SHDeleteKeyA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssi.dat
surfctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e40e53657222a8ff553f1d333dde5c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapReAlloc
GetCommandLineA
RaiseException
ExitThread
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindResourceExW
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThread
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetVersion
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetTimeZoneInformation
SetTimeZoneInformation
SystemTimeToFileTime
GetSystemDirectoryW
GetExitCodeProcess
MulDiv
GlobalUnlock
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalLock
GetTempPathW
CopyFileW
GetPrivateProfileSectionNamesW
lstrlenA
MultiByteToWideChar
SetSystemTime
SetLastError
GetSystemTime
Sleep
CreateProcessW
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
lstrcmpW
GetTickCount
TerminateProcess
MoveFileExW
GetModuleFileNameW
GetCurrentProcessId
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GlobalFree
GlobalAlloc
GetCurrentProcess
lstrcmpiW
GetModuleHandleW
GetProcAddress
OpenProcess
WritePrivateProfileSectionW
WritePrivateProfileStringW
DeviceIoControl
GetVersionExW
DeleteFileW
CreateThread
WaitForSingleObject
GetLocalTime
GetLastError
LocalFree
OutputDebugStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenMutexW
lstrlenW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
LCMapStringW
CloseHandle

user32

GetSysColorBrush
UnregisterClassW
DestroyMenu
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
MapDialogRect
GetAsyncKeyState
DrawFocusRect
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
GetFocus
SetFocus
AdjustWindowRectEx
IsWindowVisible
GetTopWindow
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetLastActivePopup
GetWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
CreateWindowExW
CopyRect
ReleaseCapture
SetCapture
GetParent
InvalidateRect
IsRectEmpty
SetRect
GetSysColor
CreatePopupMenu
AppendMenuW
CheckMenuItem
PtInRect
GetSystemMetrics
DestroyWindow
LoadCursorW
SetCursor
GetCursorPos
ScreenToClient
OffsetRect
ExitWindowsEx
SetWindowPos
SetTimer
KillTimer
EqualRect
InflateRect
FillRect
UpdateLayeredWindow
GetWindowRect
GetClientRect
GetDesktopWindow
GetActiveWindow
MessageBoxA
GetForegroundWindow
GetWindowLongW
SetForegroundWindow
EnumWindows
PostMessageW
GetClassNameW
GetWindowThreadProcessId
GetLastInputInfo
LoadStringW
GetDlgItem
SendMessageW
LoadBitmapW
IsWindow
MessageBoxW
FindWindowW
SendMessageTimeoutW
EnableWindow
GetMessagePos

gdi32

ExtTextOutW
Escape
GetTextMetricsW
EnumFontFamiliesExW
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
TextOutW
SetStretchBltMode
SetBkMode
RestoreDC
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectW
CreateFontIndirectW
ScaleWindowExtEx
SetWindowExtEx
SetMapMode
CreateFontW
GetPixel
SetPixelV
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
EnumFontsW
GetStockObject
ScaleViewportExtEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHCreateDirectoryExW

comctl32

InitCommonControlsEx
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy

ole32

CoUninitialize
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
SHGetValueW
SHSetValueW
SHGetValueA

setupapi

SetupIterateCabinetW

gdiplus

GdipCreateFont
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipGetInterpolationMode
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipGetImageHeight
GdipDrawString
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipCloneBrush
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeleteBrush
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipFree
GdipSetInterpolationMode
GdipAlloc
GdipGetImageWidth
GdipGetGenericFontFamilySansSerif
GdipDrawImageRectI
GdipDeleteFontFamily

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recv
ntohl
htonl
socket
WSAStartup
WSACleanup
select
closesocket
WSCEnumProtocols
send
connect
htons
inet_addr
gethostbyname

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Exports

Exports

Command
DllRegisterServer
DllUnregisterServer
FltLayTimeSetting
Init
IsLimitGame
Recover
RunTimeSecSetting
Setting
UnInit

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 400KB

.rsrc Size: 6KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 730B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 912B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 400KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 134B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cf
Certificate

76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8
Signer

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB