4e0c9cf2a3fd22e40c4c1840c3c149da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4e0c9cf2a3fd22e40c4c1840c3c149da_JaffaCakes118
Size

7.0MB
MD5

4e0c9cf2a3fd22e40c4c1840c3c149da
SHA1

64af5da5a72f2caeb47d6b199073d04d738f94a9
SHA256

d6569c04a68d036002aa42cc1c41f1fcd967aaf9283fc37b3b992f4bbfa77ae7
SHA512

49fb002af7e06d1275414e6559f83e2b4679ada5661108e6bbe08afa869bf8e8f6f07ef2adf71272ed0cb7ebb92b29c3d68092ad81596146d9e598b695a0850f
SSDEEP

196608:J6ZxifkqvfnK8SLvvdpBZsPQGVuetA5cTPwOxd:J6ZxfsadrS/tkGPTxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mpbooksetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/advsplash.dll
unpack002/API_COM.DLL
unpack002/BCLW32.DLL
unpack002/MPbook.exe
unpack002/POS.exe
unpack002/WINPPLA.dll
unpack002/WINPPLB.dll
unpack002/WinPort.dll
unpack002/client/view/list.exe
unpack002/data.exe
unpack002/mpsoftup.exe
unpack002/mpweb.exe
unpack002/msshell.dll
unpack002/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/mpbooksetup.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

4e0c9cf2a3fd22e40c4c1840c3c149da_JaffaCakes118
.rar
mpbooksetup.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/advsplash.dll
.dll windows:4 windows x86 arch:x86

41e025c99a5f731479582ce64a2527f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeKillEvent
timeSetEvent
PlaySoundA

kernel32

GetVersion
lstrcpyA
GlobalAlloc
lstrcatA
GetProcAddress
GlobalFree
lstrcpynA
GetModuleHandleA

user32

IsWindow
PostMessageA
DefWindowProcA
CreateWindowExA
UnregisterClassA
DispatchMessageA
BeginPaint
GetClientRect
wsprintfA
EnumDisplaySettingsA
SetWindowRgn
GetMessageA
DestroyWindow
EndPaint
SystemParametersInfoA
LoadImageA
LoadCursorA
RegisterClassA
SetWindowLongA
SetWindowPos

gdi32

BitBlt
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
CombineRgn
CreateRectRgn
GetObjectA
DeleteObject

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/spltmp.bmp
API_COM.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

com_init
com_rest
com_send

Sections

CODE
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BCLW32.DLL
.dll windows:4 windows x86 arch:x86

6af904140697ae3556e8a49ab1996229

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcmpA
lstrcpyA
_lwrite
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
OpenFile
_lclose
lstrlenA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
GetACP
MulDiv
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
HeapAlloc
GetStringTypeA
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
CloseHandle
GetOEMCP
IsBadCodePtr
IsBadWritePtr
FreeEnvironmentStringsW
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
GetLastError
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
HeapReAlloc
HeapSize
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
RaiseException
FlushFileBuffers

user32

ReleaseDC
GetDC
GetDesktopWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

gdi32

SelectObject
GetTextExtentPointA
GetDIBits
SelectPalette
RealizePalette
LPtoDP
SaveDC
GetViewportExtEx
GetWindowExtEx
SetMapMode
RestoreDC
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
Ellipse
BitBlt
Polygon
CreatePen
StretchBlt
GetObjectA
GetStockObject
DeleteObject
GetMapMode
PatBlt
CreateFontIndirectA
GetDeviceCaps
GetTextFaceA
GetCharABCWidthsA
SetTextAlign
TextOutA
GetTextAlign
SetTextColor
CreateSolidBrush

Exports

Exports

BuildMaxicodeData
BuildMaxicodeShippingData
CreateBarCode
CreateBarCodeIndirect
DeleteBarCode
DrawBarCodeToClipboard
DrawBarCodeToFile
DrawBarCodeToHDC
GetBarCodeSize
_BuildMaxicodeData@24
_BuildMaxicodeShippingData@64
_CreateBarCode@68
_CreateBarCodeIndirect@4
_DeleteBarCode@4
_DrawBarCodeToClipboard@20
_DrawBarCodeToFile@28
_DrawBarCodeToHDC@28
_GetBarCodeSize@16
_LibMain@16

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HZK24
MPbook.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.7MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 11KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 910KB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
POS.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 870KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WINPPLA.dll
.dll windows:4 windows x86 arch:x86

e6753436fec72b7e5831bef0d2bdd60f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winport

_PortClose_Entry@0
_CloseProcessDlg@0
_OpenProcessDlg@0
_PortOpen_Entry@40
_PortSerialSet_Entry@28
_PortWrite_Entry@16
_PortTimeSet_Entry@20

bclw32

_CreateBarCodeIndirect@4
_DrawBarCodeToFile@28
_DeleteBarCode@4

kernel32

GetCPInfo
GetOEMCP
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
ExitProcess
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeLibrary
GetProcessVersion
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFlags
lstrcmpA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
CreateFileA
LocalFree
ReadFile
CloseHandle
GetFileTime
GetFileSize
GetFileAttributesA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
lstrlenA
LCMapStringW
LCMapStringA
SetHandleCount

user32

LoadBitmapA
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
DestroyWindow
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadStringA
GetLastActivePopup
SetFocus
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowLongA
GetDlgItem
GetParent
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MessageBoxA
GetWindowTextA
GetWindowLongA
PtInRect
GetFocus

gdi32

GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
GetTextExtentPoint32A
CreateFontIndirectA
Ellipse
CreatePenIndirect
CreateBrushIndirect
GetBitmapBits
GetObjectA
CreateDCA
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
PatBlt
SetDIBits
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
StretchDIBits

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPrintersA

comctl32

ord17

Exports

Exports

A_Bar2d_DataMatrix
A_Bar2d_Maxi
A_Bar2d_Maxi_Ori
A_Bar2d_PDF417
A_Bar2d_PDF417_ABar
A_Bar2d_PDF417_Ori
A_Clear_Memory
A_ClosePrn
A_CreatePrn
A_Del_Graphic
A_Draw_Box
A_Draw_Diagonal
A_Draw_Ellipse
A_Draw_Line
A_Feed_Label
A_Get_DLL_Version
A_Get_DLL_VersionA
A_Get_Graphic
A_Get_Graphic_ColorBMP
A_Get_Graphic_ColorBMP_Mem
A_Initial_Setting
A_Load_Graphic
A_Open_ChineseFont
A_Print_Form
A_Print_Out
A_Print_Out_ARGOBAR
A_Prn_Barcode
A_Prn_Barcode_ARGOBAR
A_Prn_Text
A_Prn_Text_ARGOBAR
A_Prn_Text_Chinese
A_Prn_Text_TrueType
A_Prn_Text_TrueType_ABar
A_Prn_Text_TrueType_W
A_Set_BMPSave
A_Set_Backfeed
A_Set_Cutting
A_Set_Darkness
A_Set_DebugDialog
A_Set_Feed
A_Set_FlashMemory
A_Set_Form
A_Set_Gap
A_Set_LabelVer
A_Set_Logic
A_Set_Margin
A_Set_PrinterDC
A_Set_Prncomport
A_Set_Prncomport_PC
A_Set_ProcessDlg
A_Set_Sensor_Mode
A_Set_Speed
A_Set_Syssetting
A_Set_Unit
Bar2d_Maxi
Bar2d_PDF417
Clear_Memory
ClosePrn
CreatePrn
Del_Graphic
Draw_Box
Draw_Line
Feed_Label
Get_Graphic
Get_Graphic_ColorBMP
Initial_Setting
Load_Graphic
Print_Form
Print_Out
Prn_Barcode
Prn_Text
Prn_Text_TrueType
Set_Backfeed
Set_Cutting
Set_Darkness
Set_Feed
Set_Form
Set_Margin
Set_Sensor_Mode
Set_Speed
Set_Syssetting
Set_Unit

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WINPPLB.dll
.dll windows:4 windows x86 arch:x86

1f036c7408a1693b0a838f23591b334b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winport

_PortClose_Entry@0
_CloseProcessDlg@0
_OpenProcessDlg@0
_PortOpen_Entry@40
_PortSerialSet_Entry@28
_PortWrite_Entry@16
_PortTimeSet_Entry@20

bclw32

_CreateBarCodeIndirect@4
_DrawBarCodeToFile@28
_DeleteBarCode@4

kernel32

GetCPInfo
GetOEMCP
GetProcessVersion
FreeLibrary
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
ExitProcess
TerminateProcess
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFlags
lstrcmpA
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalAlloc
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentThreadId
CreateFileA
HeapDestroy
LocalFree
ReadFile
CloseHandle
GetFileTime
GetFileSize
GetFileAttributesA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
MultiByteToWideChar
LoadLibraryA
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
GetLastError
GlobalLock
GlobalUnlock
GetModuleHandleA
GetProcAddress
SetLastError
lstrcpynA
lstrlenA
HeapCreate
LCMapStringA

user32

LoadBitmapA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
CreateWindowExA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadStringA
GetLastActivePopup
SetFocus
EnableWindow
IsWindowEnabled
SetWindowPos
SetWindowLongA
GetDlgItem
GetFocus
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
MessageBoxA
SetWindowTextA
GetWindowTextA
GetClassNameA
GetWindowLongA
GetParent

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
GetTextExtentPoint32A
CreateFontIndirectA
Ellipse
CreatePenIndirect
CreateBrushIndirect
GetBitmapBits
GetObjectA
CreateDCA
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
MoveToEx
LineTo
GetStockObject
PatBlt
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
StretchDIBits

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPrintersA

comctl32

ord17

Exports

Exports

B_Bar2d_Maxi
B_Bar2d_PDF417
B_Bar2d_PDF417_ABar
B_ClosePrn
B_CreatePrn
B_Define_Date
B_Define_Time
B_Del_Form
B_Del_Pcx
B_Draw_Box
B_Draw_Diagonal
B_Draw_Ellipse
B_Draw_Line
B_Error_Reporting
B_Get_DLL_Version
B_Get_DLL_VersionA
B_Get_Graphic_ColorBMP
B_Get_Graphic_ColorBMP_Mem
B_Get_Pcx
B_Initial_Setting
B_Load_Pcx
B_Open_ChineseFont
B_Print_Form
B_Print_Form_Save
B_Print_MCopy
B_Print_Out
B_Print_Out_ARGOBAR
B_Prn_Barcode
B_Prn_Barcode_ARGOBAR
B_Prn_Barcode_Form
B_Prn_Configuration
B_Prn_Text
B_Prn_Text_ARGOBAR
B_Prn_Text_Chinese
B_Prn_Text_Form
B_Prn_Text_TrueType
B_Prn_Text_TrueType_ABar
B_Prn_Text_TrueType_W
B_Select_Option
B_Select_Option2
B_Select_Symbol
B_Set_BMPSave
B_Set_Backfeed
B_Set_Darkness
B_Set_DebugDialog
B_Set_Direction
B_Set_FlashMemory
B_Set_Form
B_Set_Form_New
B_Set_Labgap
B_Set_Labwidth
B_Set_Originpoint
B_Set_PrinterDC
B_Set_Prncomport
B_Set_Prncomport_PC
B_Set_ProcessDlg
B_Set_Speed
Bar2d_Maxi
Bar2d_PDF417
ClosePrn
CreatePrn
Del_Form
Del_Pcx
Draw_Box
Draw_Line
Error_Reporting
Get_Pcx
Initial_Setting
Load_Pcx
Open_ChineseFont
Print_Form
Print_MCopy
Print_Out
Prn_Barcode
Prn_Configuration
Prn_Text
Prn_Text_Chinese
Prn_Text_TrueType
Select_Option
Select_Symbol
Set_Backfeed
Set_Darkness
Set_Direction
Set_Form
Set_Labgap
Set_Labwidth
Set_Originpoint
Set_Prncomport
Set_Speed

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinPort.dll
.dll windows:4 windows x86 arch:x86

f6863bb03bfdb6d6d98dec20d97f12a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
FileTimeToLocalFileTime
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
FileTimeToSystemTime
CreateThread
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
ExitProcess
GetEnvironmentVariableA
TerminateProcess
MulDiv
GetModuleHandleA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCommState
SetCommState
SetEvent
GetProcessVersion
GetFileAttributesA
GetFileTime
GetFileSize
LocalReAlloc
SetErrorMode
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
lstrcmpA
LocalAlloc
GlobalAlloc
SetThreadPriority
GetCurrentThread
SuspendThread
GetVersion
ResumeThread
FreeLibrary
GlobalGetAtomNameA
lstrcatA
GetCurrentThreadId
GetVersionExA
GlobalDeleteAtom
ReadFile
GlobalAddAtomA
GlobalFindAtomA
HeapDestroy
WaitForSingleObject
SetLastError
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
HeapCreate
VirtualFree
GetEnvironmentStringsW
CreateEventA
OutputDebugStringA
SetCommTimeouts
CreateFileA
CloseHandle
ExitThread
ClearCommError
GetOverlappedResult
GetLastError
WriteFile

user32

SetMenuItemBitmaps
IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetCursorPos
ValidateRect
CheckMenuItem
TranslateMessage
ReleaseDC
GetDC
PostQuitMessage
SetCursor
UnregisterClassA
LoadCursorA
GetSysColorBrush
GetClassNameA
PtInRect
ClientToScreen
GetMessageA
TabbedTextOutA
DrawTextA
GrayStringA
DestroyMenu
AdjustWindowRectEx
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
GetCapture
DispatchMessageA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetLastActivePopup
MessageBoxA
LoadStringA
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
GetParent
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetSystemMetrics
CharUpperA
UpdateWindow
SetActiveWindow
PeekMessageA
SendMessageA
EnableWindow
KillTimer
SetTimer
PostMessageA
wsprintfA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
GetSubMenu
WinHelpA
GetClassInfoA
GetMessagePos
UnhookWindowsHookEx

gdi32

SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetStockObject
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetClipBox

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Exports

Exports

_CloseErrorDlg@0
_CloseProcessDlg@0
_DebugMessage@4
_OpenErrorDlg@0
_OpenProcessDlg@0
_PortClose_Entry@0
_PortOpen_Entry@40
_PortRead_Entry@8
_PortSerialSet_Entry@28
_PortTimeSet_Entry@20
_PortWrite_Entry@16
_ReadDataWaiting@0
_SetFilter_PathEntry@8

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
client/index.html
.html
client/view/list.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 190KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 177KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data/mpdata.mdb
help/Snap1.jpg
.jpg
help/Snap10.jpg
.jpg
help/Snap11.jpg
.jpg
help/Snap12.jpg
.jpg
help/Snap13.jpg
.jpg
help/Snap14.jpg
.jpg
help/Snap15.jpg
.jpg
help/Snap16.jpg
.jpg
help/Snap17.jpg
.jpg
help/Snap18.jpg
.jpg
help/Snap19.jpg
.jpg
help/Snap2.jpg
.jpg
help/Snap20.jpg
.jpg
help/Snap21.jpg
.jpg
help/Snap22.jpg
.jpg
help/Snap23.jpg
.jpg
help/Snap24.jpg
.jpg
help/Snap25.jpg
.jpg
help/Snap26.jpg
.jpg
help/Snap27.jpg
.jpg
help/Snap28.jpg
.jpg
help/Snap29.jpg
.jpg
help/Snap3.jpg
.jpg
help/Snap30.jpg
.jpg
help/Snap31.jpg
.jpg
help/Snap32.jpg
.jpg
help/Snap33.jpg
.jpg
help/Snap34.jpg
.jpg
help/Snap35.jpg
.jpg
help/Snap36.jpg
.jpg
help/Snap37.jpg
.jpg
help/Snap38.jpg
.jpg
help/Snap39.jpg
.jpg
help/Snap4.jpg
.jpg
help/Snap40.jpg
.jpg
help/Snap41.jpg
.jpg
help/Snap42.jpg
.jpg
help/Snap43.jpg
.jpg
help/Snap44.jpg
.jpg
help/Snap45.jpg
.jpg
help/Snap46.jpg
.jpg
help/Snap47.jpg
.jpg
help/Snap48.jpg
.jpg
help/Snap49.jpg
.jpg
help/Snap5.jpg
.jpg
help/Snap50.jpg
.jpg
help/Snap51.jpg
.jpg
help/Snap52.jpg
.jpg
help/Snap6.jpg
.jpg
help/Snap7.jpg
.jpg
help/Snap8.jpg
.jpg
help/Snap9.jpg
.jpg
help/Thumbs.db
help/about.bmp
help/about.jpg
.jpg
help/before.gif
.gif
help/boxset.jpg
.jpg
help/rjdj.gif
.gif
help/rjqy.gif
.gif
mpsoftup.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 122KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mpsoftup.ini
mpweb.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 41KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
msshell.dll
.dll windows:4 windows x86 arch:x86

f78f3b8eb01a81b8c4d6c1b70f38c1fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
WaitForSingleObject
OpenMutexA
CreateMutexA
CreateFileA
DeleteCriticalSection
GetVersionExA
GetEnvironmentVariableA
GetCommandLineA
GetVersion
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetOEMCP
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetStringTypeW
InterlockedDecrement
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
InterlockedIncrement

user32

wsprintfA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetHidGuid
HidD_GetAttributes
HidD_SetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetSerialNumberString
HidD_GetFeature
HidD_FreePreparsedData
HidD_GetProductString
HidD_FlushQueue

Exports

Exports

RY2_Close
RY2_Find
RY2_GenUID
RY2_GetVersion
RY2_Open
RY2_Read
RY2_Write

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.htm
.html
report/RMcf.mtf
report/RMcgjh.mtf
report/RMcgth.mtf
report/RMfy.mtf
report/RMghsfk.mtf
report/RMghssp.mtf
report/RMkb.mtf
report/RMkcdb.mtf
report/RMkhfk.mtf
report/RMkhjh.mtf
report/RMlsxs.mtf
report/RMpfxs.mtf
report/RMposthd.mtf
report/RMposxs.mtf
report/RMposxsd.mtf
report/RMspbs.mtf
report/RMspby.mtf
report/RMsr.mtf
report/RMxsth.mtf
report/Rmdhd.mtf
report/rmbjc.mtf
uninst.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 13KB - Virtual size: 16KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

41e025c99a5f731479582ce64a2527f4

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 132B

.reloc Size: 512B - Virtual size: 406B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 253KB - Virtual size: 252KB

DATA Size: 3KB - Virtual size: 3KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 109B

.reloc Size: 17KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 12KB

6af904140697ae3556e8a49ab1996229

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 13KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 132B

.reloc
Size: 512B - Virtual size: 406B

CODE
Size: 253KB - Virtual size: 252KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 109B

.reloc
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 40KB - Virtual size: 54KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

CODE
Size: 1.7MB - Virtual size: 5.9MB

DATA
Size: 11KB - Virtual size: 32KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 372KB

.rsrc
Size: 910KB - Virtual size: 6.8MB

.aspack
Size: 15KB - Virtual size: 16KB

.data
Size: - Virtual size: 4KB

CODE
Size: 870KB - Virtual size: 2.6MB

DATA
Size: 8KB - Virtual size: 24KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 172KB

.rsrc
Size: 174KB - Virtual size: 480KB

.aspack
Size: 13KB - Virtual size: 16KB

.data
Size: - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 22KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 20KB - Virtual size: 30KB