611acf487ea2d3fc6be3dbffffa93182_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

611acf487ea2d3fc6be3dbffffa93182_JaffaCakes118
Size

1020KB
MD5

611acf487ea2d3fc6be3dbffffa93182
SHA1

d8c340345e709cc7b8476020fdf817230d6393c0
SHA256

fa33dfd4dac572c0421bbd2079982ea5fd0325139dcab9490410c58c234aa6ac
SHA512

c1aec0a73fe6c132363209b4034350ad771db2ddd1ce54d5eba036f3616f435f58c48df56694bf4fbe3c171e0e85ceafc21424a6050bb2eb175ba5c42ddbc219
SSDEEP

24576:K6zNoTSbZeCfGY+NR+5oRWJuK09yJ1oVQcJr7KkiqXc1+vi:Qwzg1RC09RVQct7Kkigc1+vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eraser_v5.8c1.3_4.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/ASUpdate.dll
unpack002/Eraser.dll
unpack002/Eraser.exe
unpack002/Eraserl.exe
unpack002/Erasext.dll
unpack002/Uninstall.exe
unpack002/Verify.exe
unpack002/eraser.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/eraser_v5.8c1.3_4.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_1

Files

611acf487ea2d3fc6be3dbffffa93182_JaffaCakes118
.rar
eraser_v5.8c1.3_4.exe
.exe windows:4 windows x86 arch:x86

8ae4c4415f8b76a5573f954408eb7f1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
CompareFileTime
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
GlobalAlloc
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
GetTempPathA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
CreateWindowExA
GetWindowLongA
DrawFocusRect
SendMessageA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
SendMessageTimeoutA
wsprintfA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
ASUpdate.dll
.dll windows:4 windows x86 arch:x86

56cbecc9df5b9c13b50d1dc6afaac7b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
WriteFile
DeleteFileA
CloseHandle
GetFileSize
SetFilePointer
GetModuleFileNameA
CreateFileA
GetTempFileNameA
GetTempPathA
MoveFileA
WritePrivateProfileStringA
CopyFileA
GetSystemDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
CreateThread
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

MessageBoxA
SendMessageA
FindWindowA

shell32

ShellExecuteA

ole32

CoCreateGuid

shlwapi

PathFileExistsA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetSetFilePointer
InternetOpenA
InternetReadFile

Exports

Exports

CheckLiveUpdate

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ERASER.HLP
Eraser.cnt
Eraser.dll
.dll windows:4 windows x86 arch:x86

bcf98506f04158dae0563f1cc6464c37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
ExitThread
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
TerminateProcess
ExitProcess
GetCommandLineA
VirtualQuery
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
FileTimeToLocalFileTime
FindResourceExA
GetFullPathNameA
DuplicateHandle
UnlockFile
LockFile
WritePrivateProfileStringA
FileTimeToSystemTime
GetCPInfo
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedDecrement
VirtualProtect
SuspendThread
ResumeThread
SetThreadPriority
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
lstrcmpA
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetProcessHeap
GlobalMemoryStatus
GetThreadTimes
GetProcessTimes
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetSystemDefaultLangID
GetSystemDefaultLCID
GetOEMCP
GetLogicalDrives
GetSystemInfo
GetStartupInfoA
CreateEventA
QueryPerformanceCounter
VirtualUnlock
VirtualLock
GetSystemTime
GetFileTime
CreateDirectoryA
GetVolumeInformationA
GetModuleFileNameA
RaiseException
GetCurrentDirectoryA
lstrlenA
GetFileAttributesA
GetFileSize
SetEndOfFile
SetLastError
FormatMessageA
LocalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
Sleep
CreateFileA
CloseHandle
DeviceIoControl
GetLastError
ReadFile
VirtualAlloc
GetShortPathNameA
VirtualFree
InterlockedExchange
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
SetFileAttributesA
DeleteFileA
GetExitCodeThread
TerminateThread
GetCurrentThreadId
SetEvent
MoveFileA
lstrcpynA
SetFilePointer
WaitForSingleObject
WriteFile
FlushFileBuffers
ResetEvent
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FreeEnvironmentStringsA

user32

ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
RegisterClassA
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GetWindow
SetMenuItemBitmaps
EnableWindow
SendMessageA
PostQuitMessage
ValidateRect
GetMessageA
WinHelpA
CharUpperA
GetCaretPos
GetActiveWindow
GetClipboardOwner
GetClipboardViewer
GetDesktopWindow
GetForegroundWindow
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetDialogBaseUnits
GetKeyboardLayout
GetKeyboardType
GetDoubleClickTime
GetCaretBlinkTime
GetKeyState
TranslateMessage
DispatchMessageA
GetWindowLongA
LoadMenuA
GetSubMenu
GetDlgItem
GetClipCursor
GetCursorPos
ClipCursor
ReleaseCapture
SetCursor
GetClassInfoA
DefWindowProcA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetParent
SetCapture
GetCapture
InvalidateRect
ScreenToClient
ClientToScreen
GetWindowRect
InvertRect
InflateRect
PtInRect
GetSysColor
UnregisterClassA
GetFocus
IsWindowEnabled
SetFocus
ExitWindowsEx
IsWindow
GetSystemMetrics
GetClientRect
PostMessageA
MessageBeep
IsCharAlphaNumericA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDC
wsprintfA
ReleaseDC
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
MapDialogRect
GetAsyncKeyState

gdi32

DeleteDC
GetStockObject
CreatePen
CreateSolidBrush
EnumFontFamiliesExA
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
DeleteObject
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetCurrentObject
BitBlt
Polygon
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

GetUserNameA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
IsValidSid
CopySid
GetLengthSid
AddAce
InitializeAcl
GetAclInformation
MakeSelfRelativeSD
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
LookupAccountSidA
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegCloseKey
LookupAccountNameA
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
GetSecurityDescriptorLength
GetSecurityDescriptorControl

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

??0CFileLockResolver@@QAE@ABV0@@Z
??0CFileLockResolver@@QAE@H@Z
??0CFileLockResolver@@QAE@KH@Z
??0CSecurityManager@@AAE@XZ
??1CFileLockResolver@@QAE@XZ
??1CSecurityManager@@AAE@XZ
??4CFileLockResolver@@QAEAAV0@ABV0@@Z
??4CSecurityManager@@QAEAAV0@ABV0@@Z
??_FCFileLockResolver@@QAEXXZ
?AskUser@CFileLockResolver@@QAEXH@Z
?Check@CSecurityManager@@SA_NPBD@Z
?CheckAccess@@YA_NK@Z
?ClearProtection@@YA_NXZ
?Close@CFileLockResolver@@QAEXXZ
?ErrorHandler@CFileLockResolver@@CAKPBDKPAX1@Z
?HandleError@CFileLockResolver@@AAEXPBDKHI@Z
?IsProtected@CSecurityManager@@SA_NXZ
?Protect@CSecurityManager@@SAXPBD@Z
?Resolve@CFileLockResolver@@SAXPBD@Z
?Resolve@CFileLockResolver@@SAXPBDAAVCStringArray@@@Z
?SetHandle@CFileLockResolver@@QAEXK@Z
?SetProtection@@YA_NXZ
?Unprotect@CSecurityManager@@SAXXZ
_eraserSetErrorHandler@12
_eraserSetFinishAction@8
eraserAddItem
eraserClearItems
eraserCompleted
eraserCreateContext
eraserCreateContextEx
eraserDestroyContext
eraserDispFlags
eraserEnd
eraserErrorString
eraserErrorStringCount
eraserFailed
eraserFailedCount
eraserFailedString
eraserGetClusterSize
eraserGetDataType
eraserGetFreeDiskSpace
eraserGetWindow
eraserGetWindowMessage
eraserInit
eraserIsRunning
eraserIsValidContext
eraserProgGetCurrentDataString
eraserProgGetCurrentPass
eraserProgGetMessage
eraserProgGetPasses
eraserProgGetPercent
eraserProgGetTimeLeft
eraserProgGetTotalPercent
eraserRemoveFile
eraserRemoveFolder
eraserSetDataType
eraserSetWindow
eraserSetWindowMessage
eraserShowOptions
eraserShowReport
eraserStart
eraserStartSync
eraserStatGetArea
eraserStatGetTime
eraserStatGetTips
eraserStatGetWiped
eraserStop
eraserTerminated
eraserTestContinueProcess
eraserTestEnable

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eraser.exe
.exe windows:4 windows x86 arch:x86

a7c91099029d534eaac0cb39aeb5129d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

eraser

eraserErrorString
eraserCompleted
eraserInit
?CheckAccess@@YA_NK@Z
eraserDestroyContext
?Close@CFileLockResolver@@QAEXXZ
eraserStart
eraserAddItem
eraserSetDataType
eraserClearItems
_eraserSetFinishAction@8
eraserSetWindowMessage
eraserSetWindow
?SetHandle@CFileLockResolver@@QAEXK@Z
eraserCreateContext
eraserIsValidContext
eraserShowReport
eraserErrorStringCount
eraserFailedCount
eraserTerminated
eraserRemoveFolder
eraserStop
eraserDispFlags
eraserProgGetMessage
eraserProgGetCurrentDataString
eraserGetDataType
eraserProgGetTimeLeft
eraserProgGetPasses
eraserProgGetCurrentPass
eraserProgGetTotalPercent
eraserProgGetPercent
eraserShowOptions
eraserGetFreeDiskSpace
??1CFileLockResolver@@QAE@XZ
??0CFileLockResolver@@QAE@H@Z
eraserIsRunning
eraserStatGetTime
eraserStatGetArea
eraserStatGetWiped
?IsProtected@CSecurityManager@@SA_NXZ
?SetProtection@@YA_NXZ
?ClearProtection@@YA_NXZ
eraserEnd
eraserFailedString

kernel32

VirtualQuery
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
GetSystemInfo
GetTimeZoneInformation
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetLocalTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
lstrcpynA
GetDriveTypeA
GetLogicalDrives
GetModuleFileNameA
FileTimeToSystemTime
GetFileAttributesA
GetCompressedFileSizeA
FindClose
FindFirstFileA
GlobalFree
lstrlenA
FindNextFileA
GetCurrentDirectoryA
GetTempPathA
FreeLibrary
MultiByteToWideChar
ResumeThread
VirtualAlloc
HeapAlloc
HeapFree
RtlUnwind
FindResourceExA
SetErrorMode
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetProfileIntA
VirtualProtect
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetFileSize
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetEvent
ResetEvent
GetProcAddress
LoadLibraryA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetVolumeInformationA
WaitForSingleObject
lstrcpyA
Sleep
GlobalReAlloc
GlobalAlloc
GetDiskFreeSpaceA
GetVersion
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SuspendThread
SetThreadPriority
CopyFileA
MulDiv
GlobalSize
FormatMessageA
LocalFree
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentThreadId
CreateEventA
CloseHandle
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetLastError
SetLastError
GetWindowsDirectoryA
lstrcatA
WinExec
IsBadWritePtr

user32

ShowOwnedPopups
CreateDialogIndirectParamA
GetNextDlgTabItem
IsClipboardFormatAvailable
EndPaint
BeginPaint
GetWindowDC
FillRect
WindowFromPoint
ValidateRect
GetMenuStringA
InsertMenuA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetScrollPos
GetScrollPos
AdjustWindowRectEx
DeferWindowPos
RegisterClassA
GetWindowPlacement
RegisterWindowMessageA
wsprintfA
SetWindowPos
WinHelpA
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
PeekMessageA
LoadAcceleratorsA
SetActiveWindow
InsertMenuItemA
IntersectRect
BringWindowToTop
SetMenu
ShowWindow
GetDesktopWindow
GetWindow
TranslateAcceleratorA
RegisterClipboardFormatA
EnumThreadWindows
EnumChildWindows
GetCaretBlinkTime
FlashWindow
GetForegroundWindow
EndDialog
GetClassNameA
CallWindowProcA
EnableMenuItem
DeleteMenu
CharUpperA
GetMenuDefaultItem
DestroyMenu
SetMenuDefaultItem
DrawIcon
PostQuitMessage
SetRectEmpty
SetWindowLongA
CopyIcon
MessageBeep
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
RedrawWindow
ReleaseDC
GetDC
EqualRect
DestroyIcon
GetTabbedTextExtentA
SystemParametersInfoA
ModifyMenuA
GetMenuState
LoadBitmapA
DrawStateA
GetMessageA
GetCursor
GetMessagePos
IsChild
GetActiveWindow
CheckMenuItem
AppendMenuA
CreatePopupMenu
DrawFrameControl
OffsetRect
SetRect
GetAsyncKeyState
MapDialogRect
GetMenuItemInfoA
SetParent
PostThreadMessageA
LockWindowUpdate
GetDCEx
GetSysColorBrush
UnionRect
IsRectEmpty
GetWindowLongA
GetDlgItem
GetClipCursor
ClipCursor
GetClassInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCapture
InvalidateRect
GetWindowRect
InvertRect
InflateRect
TranslateMessage
DispatchMessageA
ReleaseCapture
GetCursorPos
GetKeyState
SetCursor
GetMenu
SetCapture
KillTimer
SetTimer
ClientToScreen
PostMessageA
IsZoomed
WaitMessage
GetWindowThreadProcessId
SetCursorPos
MessageBoxA
LoadMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
PtInRect
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetSystemMetrics
GetParent
GetClientRect
DefWindowProcA
UnregisterClassA
LoadIconA
LoadCursorA
SetForegroundWindow
GetLastActivePopup
FindWindowA
IsWindowVisible
UpdateWindow
IsIconic
ScreenToClient
GetSysColor
SendMessageA
EnableWindow
DrawFocusRect
CopyRect
TrackPopupMenu

gdi32

SelectClipRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePen
CreateSolidBrush
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
EnumFontFamiliesExA
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetBkColor
CopyMetaFileA
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PatBlt
SelectObject
DeleteObject
CreateFontIndirectA
CreateRectRgnIndirect
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetCurrentObject
BitBlt
Polygon
CreateCompatibleDC
CreatePatternBrush
CreateCompatibleBitmap
GetObjectA
CreateRectRgn
GetTextExtentPoint32A

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
CloseServiceHandle
OpenSCManagerA
RegSetValueA
RegOpenKeyA
RegEnumKeyA
SetFileSecurityA
GetFileSecurityA

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetPathFromIDListA
DragFinish
DragQueryFileA
DragAcceptFiles
ShellExecuteA
SHChangeNotify

comctl32

ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageInfo
ord8
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_DragMove

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleGetClipboard
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarUdateFromDate
VarDateFromStr
VariantTimeToSystemTime
VarBstrFromDate
SysFreeString
SystemTimeToVariantTime

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

asupdate

ord1

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Eraserl.exe
.exe windows:4 windows x86 arch:x86

1327769c7620260ccd55346dc51e3b94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

eraser

eraserProgGetPercent
eraserProgGetTotalPercent
eraserProgGetCurrentPass
eraserProgGetPasses
eraserProgGetTimeLeft
eraserProgGetCurrentDataString
eraserProgGetMessage
eraserDispFlags
eraserIsValidContext
eraserCreateContextEx
eraserSetDataType
eraserAddItem
eraserSetWindow
eraserSetWindowMessage
eraserStart
eraserRemoveFolder
eraserTerminated
eraserFailedCount
eraserErrorStringCount
eraserShowReport
eraserDestroyContext
eraserInit
?Resolve@CFileLockResolver@@SAXPBDAAVCStringArray@@@Z
eraserEnd
eraserShowOptions

kernel32

ExitProcess
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCommandLineA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
lstrcpynA
GetDriveTypeA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
CloseHandle
ReleaseMutex
WaitForSingleObject
OpenMutexA
GetLastError
CreateMutexA
GetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVolumeInformationA
MultiByteToWideChar
GetVersion
lstrcmpiA
lstrlenA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
SetErrorMode
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThread
GetCurrentProcess
GetSystemTimeAsFileTime

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
EnableWindow
CopyRect
SendMessageA
GetSysColor
GetClientRect
IsWindow
PostQuitMessage
DrawIcon
WinHelpA
IsIconic
LoadIconA
GetSystemMetrics
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
wsprintfA
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
PtInRect
GetWindowRect
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteDC
GetStockObject
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
GetTextExtentPoint32A

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

GetTokenInformation
OpenProcessToken
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

shell32

SHChangeNotify

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Erasext.dll
.dll regsvr32 windows:4 windows x86 arch:x86

25f80ff78d75bedf7db441757bd03360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

eraser

eraserProgGetPercent
eraserProgGetTotalPercent
eraserProgGetCurrentPass
eraserProgGetPasses
eraserProgGetTimeLeft
eraserProgGetCurrentDataString
eraserProgGetMessage
eraserDispFlags
??0CFileLockResolver@@QAE@H@Z
eraserFailedCount
eraserErrorStringCount
eraserShowReport
eraserCompleted
eraserIsValidContext
eraserCreateContext
?SetHandle@CFileLockResolver@@QAEXK@Z
eraserSetDataType
eraserAddItem
eraserSetWindow
eraserSetWindowMessage
eraserStart
?Close@CFileLockResolver@@QAEXXZ
eraserDestroyContext
eraserRemoveFolder
??1CFileLockResolver@@QAE@XZ
eraserEnd
eraserInit
eraserStop
eraserShowOptions

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
VirtualProtect
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
FileTimeToSystemTime
FindClose
FindFirstFileA
LocalFree
FormatMessageA
GetFileAttributesA
GetDriveTypeA
lstrlenA
MultiByteToWideChar
lstrcpynA
GetLastError
CopyFileA
CreateDirectoryA
FindNextFileA
SetLastError
GetVersion
lstrcmpiA
lstrlenW
FreeResource
GlobalFree
GlobalUnlock
HeapFree
HeapAlloc
RtlUnwind
GetShortPathNameA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
RaiseException
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalLock
CloseHandle
GetCurrentThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
InterlockedDecrement
MulDiv
GlobalAlloc
GetTickCount

user32

DestroyIcon
DestroyMenu
LoadCursorA
GetSysColorBrush
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
SendMessageA
GetClientRect
TranslateAcceleratorA
EnableWindow
LoadAcceleratorsA
InsertMenuA
GetTopWindow
IsWindow
EndDialog
GetNextDlgTabItem
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetWindow
SetFocus
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
GetSystemMetrics
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
TabbedTextOutA
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA

gdi32

GetObjectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
ScaleViewportExtEx
GetTextExtentPoint32A

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
SHChangeNotify
SHGetFileInfoA
ExtractIconA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

ReleaseStgMedium
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoDisconnectObject

oleaut32

SysFreeString
SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SysAllocString
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

8ae4c4415f8b76a5573f954408eb7f1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
CompareFileTime
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
GlobalAlloc
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
GetTempPathA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
CreateWindowExA
GetWindowLongA
DrawFocusRect
SendMessageA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
SendMessageTimeoutA
wsprintfA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
Verify.exe
.exe windows:4 windows x86 arch:x86

65b4a3838fba42cb5ebe83d92e0417c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

eraser

eraserGetClusterSize
eraserProgGetCurrentPass
eraserProgGetPasses
eraserProgGetCurrentDataString
eraserProgGetPercent
eraserCreateContext
eraserSetDataType
eraserAddItem
eraserSetWindow
eraserSetWindowMessage
eraserTestEnable
eraserStart
eraserTestContinueProcess
eraserShowOptions
eraserDestroyContext
eraserIsValidContext
eraserStop
eraserInit
eraserEnd

kernel32

RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
ExitThread
CreateThread
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetVersionExA
lstrlenA
GetTempPathA
SetErrorMode
GetFullPathNameA
GetCurrentProcess
FlushFileBuffers
WriteFile
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
lstrcpyA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
lstrcmpA
CreateEventA
SuspendThread
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
InterlockedDecrement
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CreateFileA
GetFileSize
SetFilePointer
ReadFile
CloseHandle
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
FreeLibrary
lstrcpynA
GetLogicalDrives
WaitForSingleObject
GetVolumeInformationA
FindFirstChangeNotificationA
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
GetFileAttributesA
GetDriveTypeA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
ResetEvent
SetEvent
ResumeThread
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy

user32

EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetScrollPos
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetSysColor
AdjustWindowRectEx
GetClassInfoA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenuState
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
GetNextDlgTabItem
EndDialog
GetParent
SetFocus
IsWindow
EnableWindow
RegisterWindowMessageA
InvalidateRect
GetSystemMetrics
LoadIconA
IsIconic
DrawIcon
TranslateMessage
DispatchMessageA
ReleaseCapture
GetCursorPos
GetKeyState
ModifyMenuA
SetMenuItemBitmaps
GetDC
ReleaseDC
SetCursor
GetMenu
LoadCursorA
SetCapture
KillTimer
SetTimer
ScreenToClient
ClientToScreen
GetClientRect
PostMessageA
LoadMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
PtInRect
SendMessageA
GetFocus
IsWindowEnabled
SetWindowLongA
GetSysColorBrush
PostQuitMessage
wsprintfA
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetMessageA
ValidateRect
RegisterClassA
GetClassNameA

gdi32

DeleteObject
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetObjectA
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetDesktopFolder
SHFileOperationA
ShellExecuteExA
SHGetFileInfoA
SHGetSpecialFolderLocation

comctl32

ImageList_Draw
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_LoadImageA
ImageList_Destroy
ord17
ImageList_DragLeave
ImageList_DragEnter

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

mpr

WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eraser.exe
.exe windows:4 windows x86 arch:x86

a7c91099029d534eaac0cb39aeb5129d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

eraser

eraserErrorString
eraserCompleted
eraserInit
?CheckAccess@@YA_NK@Z
eraserDestroyContext
?Close@CFileLockResolver@@QAEXXZ
eraserStart
eraserAddItem
eraserSetDataType
eraserClearItems
_eraserSetFinishAction@8
eraserSetWindowMessage
eraserSetWindow
?SetHandle@CFileLockResolver@@QAEXK@Z
eraserCreateContext
eraserIsValidContext
eraserShowReport
eraserErrorStringCount
eraserFailedCount
eraserTerminated
eraserRemoveFolder
eraserStop
eraserDispFlags
eraserProgGetMessage
eraserProgGetCurrentDataString
eraserGetDataType
eraserProgGetTimeLeft
eraserProgGetPasses
eraserProgGetCurrentPass
eraserProgGetTotalPercent
eraserProgGetPercent
eraserShowOptions
eraserGetFreeDiskSpace
??1CFileLockResolver@@QAE@XZ
??0CFileLockResolver@@QAE@H@Z
eraserIsRunning
eraserStatGetTime
eraserStatGetArea
eraserStatGetWiped
?IsProtected@CSecurityManager@@SA_NXZ
?SetProtection@@YA_NXZ
?ClearProtection@@YA_NXZ
eraserEnd
eraserFailedString

kernel32

VirtualQuery
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
GetSystemInfo
GetTimeZoneInformation
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetLocalTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
lstrcpynA
GetDriveTypeA
GetLogicalDrives
GetModuleFileNameA
FileTimeToSystemTime
GetFileAttributesA
GetCompressedFileSizeA
FindClose
FindFirstFileA
GlobalFree
lstrlenA
FindNextFileA
GetCurrentDirectoryA
GetTempPathA
FreeLibrary
MultiByteToWideChar
ResumeThread
VirtualAlloc
HeapAlloc
HeapFree
RtlUnwind
FindResourceExA
SetErrorMode
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetProfileIntA
VirtualProtect
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetFileSize
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetEvent
ResetEvent
GetProcAddress
LoadLibraryA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetVolumeInformationA
WaitForSingleObject
lstrcpyA
Sleep
GlobalReAlloc
GlobalAlloc
GetDiskFreeSpaceA
GetVersion
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SuspendThread
SetThreadPriority
CopyFileA
MulDiv
GlobalSize
FormatMessageA
LocalFree
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentThreadId
CreateEventA
CloseHandle
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetLastError
SetLastError
GetWindowsDirectoryA
lstrcatA
WinExec
IsBadWritePtr

user32

ShowOwnedPopups
CreateDialogIndirectParamA
GetNextDlgTabItem
IsClipboardFormatAvailable
EndPaint
BeginPaint
GetWindowDC
FillRect
WindowFromPoint
ValidateRect
GetMenuStringA
InsertMenuA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetScrollPos
GetScrollPos
AdjustWindowRectEx
DeferWindowPos
RegisterClassA
GetWindowPlacement
RegisterWindowMessageA
wsprintfA
SetWindowPos
WinHelpA
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
PeekMessageA
LoadAcceleratorsA
SetActiveWindow
InsertMenuItemA
IntersectRect
BringWindowToTop
SetMenu
ShowWindow
GetDesktopWindow
GetWindow
TranslateAcceleratorA
RegisterClipboardFormatA
EnumThreadWindows
EnumChildWindows
GetCaretBlinkTime
FlashWindow
GetForegroundWindow
EndDialog
GetClassNameA
CallWindowProcA
EnableMenuItem
DeleteMenu
CharUpperA
GetMenuDefaultItem
DestroyMenu
SetMenuDefaultItem
DrawIcon
PostQuitMessage
SetRectEmpty
SetWindowLongA
CopyIcon
MessageBeep
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
RedrawWindow
ReleaseDC
GetDC
EqualRect
DestroyIcon
GetTabbedTextExtentA
SystemParametersInfoA
ModifyMenuA
GetMenuState
LoadBitmapA
DrawStateA
GetMessageA
GetCursor
GetMessagePos
IsChild
GetActiveWindow
CheckMenuItem
AppendMenuA
CreatePopupMenu
DrawFrameControl
OffsetRect
SetRect
GetAsyncKeyState
MapDialogRect
GetMenuItemInfoA
SetParent
PostThreadMessageA
LockWindowUpdate
GetDCEx
GetSysColorBrush
UnionRect
IsRectEmpty
GetWindowLongA
GetDlgItem
GetClipCursor
ClipCursor
GetClassInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetCapture
InvalidateRect
GetWindowRect
InvertRect
InflateRect
TranslateMessage
DispatchMessageA
ReleaseCapture
GetCursorPos
GetKeyState
SetCursor
GetMenu
SetCapture
KillTimer
SetTimer
ClientToScreen
PostMessageA
IsZoomed
WaitMessage
GetWindowThreadProcessId
SetCursorPos
MessageBoxA
LoadMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
PtInRect
GetFocus
IsWindowEnabled
IsWindow
SetFocus
GetSystemMetrics
GetParent
GetClientRect
DefWindowProcA
UnregisterClassA
LoadIconA
LoadCursorA
SetForegroundWindow
GetLastActivePopup
FindWindowA
IsWindowVisible
UpdateWindow
IsIconic
ScreenToClient
GetSysColor
SendMessageA
EnableWindow
DrawFocusRect
CopyRect
TrackPopupMenu

gdi32

SelectClipRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePen
CreateSolidBrush
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
EnumFontFamiliesExA
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetBkColor
CopyMetaFileA
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PatBlt
SelectObject
DeleteObject
CreateFontIndirectA
CreateRectRgnIndirect
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetCurrentObject
BitBlt
Polygon
CreateCompatibleDC
CreatePatternBrush
CreateCompatibleBitmap
GetObjectA
CreateRectRgn
GetTextExtentPoint32A

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
CloseServiceHandle
OpenSCManagerA
RegSetValueA
RegOpenKeyA
RegEnumKeyA
SetFileSecurityA
GetFileSecurityA

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetPathFromIDListA
DragFinish
DragQueryFileA
DragAcceptFiles
ShellExecuteA
SHChangeNotify

comctl32

ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageInfo
ord8
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_DragMove

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleGetClipboard
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarUdateFromDate
VarDateFromStr
VariantTimeToSystemTime
VarBstrFromDate
SysFreeString
SystemTimeToVariantTime

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

asupdate

ord1

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eraser.xml
.xml
eraserd.exe
history.txt
readme.txt
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

8ae4c4415f8b76a5573f954408eb7f1a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 296KB

.rsrc Size: 12KB - Virtual size: 12KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

56cbecc9df5b9c13b50d1dc6afaac7b9

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 4KB

bcf98506f04158dae0563f1cc6464c37

Headers

File Characteristics

Imports

kernel32

user32

gdi32

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 48KB - Virtual size: 44KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 44KB - Virtual size: 44KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 24KB