626ea7f278ecac6590cc0fe36a0dc8ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

626ea7f278ecac6590cc0fe36a0dc8ad_JaffaCakes118
Size

2.1MB
MD5

626ea7f278ecac6590cc0fe36a0dc8ad
SHA1

a0cf72ff73bd92e4e8adbc2621be35451dd9fdcd
SHA256

e3616f5a022c19dd7431ffef04054e5cf001bc57e6e199075dd96089ffb4f2a3
SHA512

432d43906e9953e39ef9dd3a6e2ea48b08e7284322e11a4f3a85e26b9157048413bfbfb71d6728f31c517749a045783d00878efbbbf5e06194342f792bb2add0
SSDEEP

49152:8Q7zfFZCUer9K27we9v89EevnTam/vlnUgX7z:84fFZQrwzea9EefTaOvagrz

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kugoukk.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/SimpleSC.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/AddIn/VisLrc.dll
unpack002/Codecs/ColorFilter.ax
unpack002/Codecs/RealMediaSplitter.ax
unpack002/Codecs/asfsplliter.ax
unpack002/Codecs/atrc.dll
unpack002/Codecs/cook.dll
unpack002/Codecs/drvc.dll
unpack002/Codecs/raac.dll
unpack002/NetAgent.dll
unpack002/QvodInsert.dll
unpack002/QvodPlayer.exe
unpack002/QvodTerminal.exe
unpack002/Skin/$R0
unpack002/Skin/$R2/NSIS.Library.RegTool.v2.$_3_.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/kugoukk.exe	nsis_installer_1
static1/unpack001/kugoukk.exe	nsis_installer_2

Files

626ea7f278ecac6590cc0fe36a0dc8ad_JaffaCakes118
.rar
kugoukk.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDisplayName
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceDescription
SetServiceLogon
SetServiceStartType
StartService
StopService

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 659B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
AddIn/VisLrc.dll
.dll windows:4 windows x86 arch:x86

405f85e6c10ba505edbac8ea83c4ca8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
OutputDebugStringW
GetLastError
MulDiv
FindClose
FindFirstFileW
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileA
GetCPInfo
LCMapStringW
LCMapStringA
CreateFileW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
MultiByteToWideChar
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
WriteFile
ExitProcess
SetFilePointer
ReadFile
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
lstrlenA
InterlockedDecrement
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcmpW
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleA
GetProcAddress
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapAlloc
HeapFree
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetPrivateProfileIntW
HeapCreate
SetEnvironmentVariableA

user32

SetWindowPos
CreateWindowExW
GetClientRect
SetRectEmpty
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindow
SetWindowLongW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawTextW
PostMessageW
CharLowerW
LoadStringW
CharNextW
wvsprintfW
InvalidateRgn
InvalidateRect
SetCapture
SetWindowTextW
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetParent
GetClassNameW
ReleaseCapture
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
BeginPaint
FillRect
EndPaint
CallWindowProcW
GetDlgItem
SendMessageW
GetSysColor
IsWindow
DestroyWindow
wsprintfW
LoadImageW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW

gdi32

SetBkMode
SetTextColor
GetMapMode
SetMapMode
GetWindowExtEx
GetViewportExtEx
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetTextExtentPoint32W

ole32

CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning

oleaut32

SysStringLen
OleCreateFontIndirect
OleLoadPicture
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
LoadRegTypeLi

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

VisCurTime_
VisDraw_
VisFileName_
VisFree_
VisGetProperty_
VisInit_
VisSetFormat_
VisSetProperty_
VisTotalTime_

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/ColorFilter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

7b62221aacb75e6b27bf0a69b85d624c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
??3@YAXPAX@Z
free
__CxxFrameHandler
wcslen
sscanf
strncmp
strncpy
_filelength
_read
_purecall
_open
_close
fopen
fflush
fseek
fwrite
fclose
_CIpow
strstr
atoi
sprintf
_ftol
??2@YAPAXI@Z
_onexit

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleHandleA
GetProcAddress
CreateThread
SetErrorMode
lstrcmpiA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetACP
Sleep
SystemTimeToTzSpecificLocalTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
InterlockedExchange
GetTickCount

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

user32

ShowWindow
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
InvalidateRect
SetWindowLongA
GetWindowLongA
wsprintfA
DrawTextA
SetDlgItemInt
GetDlgItemTextA
CheckRadioButton
GetParent
SetDlgItemTextA
CreateWindowExA
GetDlgItem
SendMessageA
MoveWindow
GetDesktopWindow
CreateDialogParamA

gdi32

ExtTextOutA
SelectObject
GetTextExtentPoint32A
SetBkColor
SetTextColor
CreateDIBitmap
GetDIBits
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
DeleteDC

comctl32

ord16
ord17

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/RealMediaSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

092c362fafa1e9277558c0e5612fdfba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\vcexample\guliverkli\guliverkli\trunk\guliverkli\src\filters\parser\realmediasplitter\Release\RealMediaSplitter.pdb

Imports

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcatA
SetErrorMode
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
DeleteFileA
Sleep
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
CreateThread
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
RaiseException
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualProtect

user32

DestroyMenu
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
GetClassNameA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
WinHelpA
EnableWindow
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
wsprintfA
UnregisterClassA
CharUpperA
SetWindowTextA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA
PathAddBackslashA
PathIsUNCA
PathStripToRootA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/asfsplliter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

61540ae4d5f1fe29babe6b430f77a241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateReader

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

user32

wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcrt

free
??1type_info@@UAE@XZ
_CxxThrowException
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm

kernel32

DisableThreadLibraryCalls
LocalFree
GetModuleFileNameA
lstrlenA
GetVersionExA
GetLastError
SetThreadPriority
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CreateThread
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
InterlockedIncrement
SetEvent
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/atrc.dll
.dll windows:4 windows x86 arch:x86

5132cde9ac8899a69f40dfaacc320c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_ftol
??3@YAXPAX@Z
memmove
calloc
free
malloc
_CIpow
floor
??2@YAPAXI@Z
_assert
_except_handler3
_purecall
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/f4v.swf
Codecs/raac.dll
.dll windows:4 windows x86 arch:x86

2569b16af6a5e82c06ef6aed87f5e148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
memmove
_CxxThrowException
calloc
free
malloc
exp
fputs
printf
pow
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
log10
atan
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_iob
log
_purecall
_except_handler3

kernel32

DisableThreadLibraryCalls
IsBadReadPtr

Exports

Exports

RACloseCodec
RACreateDecoderInstance
RACreateEncoderInstance
RADecode
RAFlush
RAFreeDecoder
RAGetBackend
RAGetFlavorProperty
RAGetGUID
RAInitDecoder
RAOpenCodec2
RASetComMode

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Favorite/--- ṷӰ 򲿵Ӱѿ ---.url
Favorite/---- ϲƬ ----.url
Favorite/---- սƬ ----.url
Favorite/---- Ƭ ----.url
Favorite/---- Ӿ ----.url
Favorite/---- Ƭ ----.url
Favorite/---- Ƭ ----.url
Favorite/---- Ƭ ----.url
Favorite/---- ƻƬ ----.url
Favorite/---- ֲƬ ----.url
Favorite/---- Ƭ ----.url
Favorite/---- Ƭ ----.url
Favorite/----- Ӱ -----.url
NetAgent.dll
.dll windows:4 windows x86 arch:x86

05e994e89bca2bc1de7a95f2797bfdb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSACloseEvent
recv
WSAGetLastError
send
socket
WSACreateEvent
connect
WSAEventSelect
htons
gethostbyname

kernel32

GetStartupInfoA
LCMapStringW
LCMapStringA
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
GetLastError
MoveFileA
DeleteFileA
CloseHandle
GetFileType
CreateFileA
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapAlloc
SetStdHandle
SetHandleCount
GetStdHandle
CreateDirectoryA
SetEndOfFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

CreateAndRunAgent
GetDownloadLen
GetFileLen
Seek
Terminate

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodInsert.dll
.dll regsvr32 windows:4 windows x86 arch:x86

60cb72d35ebb5bc64e3e7d919a5c2144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetLastError
TlsFree
TlsAlloc
GetModuleHandleA
HeapSize
TerminateProcess
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetVersionExW
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
GlobalLock
GlobalUnlock
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
LCMapStringW
WriteFile
FlushFileBuffers
GetModuleFileNameA
CompareStringA
GetVersionExA
HeapCreate
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CreateFileW
IsBadReadPtr
IsBadCodePtr
CreateFileA
GetACP
GetOEMCP
LoadLibraryA
SetConsoleCtrlHandler
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
LocalFree
Sleep
FindFirstFileW
FindClose
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CompareStringW
ReadFile
SetFilePointer
lstrcatW
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
LoadLibraryExW
FindResourceW
GetUserDefaultLangID
LoadResource
SizeofResource
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
OpenMutexW
CreateProcessW
GetFileAttributesW
CreateDirectoryW
CopyFileW
GetTickCount
GetProcAddress
FreeLibrary
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GetEnvironmentVariableA
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
GlobalAlloc
LCMapStringA

user32

GetDlgCtrlID
EndDialog
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
SetDlgItemTextW
KillTimer
DrawTextW
DialogBoxParamW
ClientToScreen
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
MessageBoxW
GetQueueStatus
UnregisterHotKey
CheckRadioButton
TrackPopupMenu
CreateMenu
GetKeyState
UnionRect
GetDlgItemTextW
OffsetRect
EqualRect
IntersectRect
SetCursor
CopyRect
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
wvsprintfW
CharNextW
SetDlgItemInt
SetWindowRgn
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetParent
LoadBitmapW
SetRect
GetActiveWindow
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetWindowRect
PtInRect
ScreenToClient
GetCursorPos
GetDesktopWindow
SetRectEmpty
ShowCursor
BringWindowToTop
SetWindowTextW
PostMessageW
CharLowerW
FindWindowExW
ShowWindow
InvalidateRect
MoveWindow
SetTimer
DestroyWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
CreateWindowExW
SetWindowPos
ReleaseCapture
SetCapture
IsWindow
SendMessageW
ReleaseDC
GetDC
FillRect
GetClientRect
LoadStringW
DispatchMessageW

gdi32

TextOutW
CreatePatternBrush
SetDIBits
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
Rectangle
SetTextAlign
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontA

advapi32

QueryServiceStatus
CloseServiceHandle
RegOpenKeyW
RegCloseKey
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
ControlService
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleLoadFromStream
CoUninitialize
CoFreeUnusedLibraries
WriteClassStm
OleSaveToStream
CreateDataAdviseHolder

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString
VariantInit

ws2_32

WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostbyname
htonl
connect
recv
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
inet_addr

winmm

timeSetEvent
timeGetTime

quartz

AMGetErrorTextW

comctl32

ImageList_Destroy
ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ord16

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodPlayer.exe
.exe windows:4 windows x86 arch:x86

0b3a200f972cab73f55b14b241ccf288

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
LoadLibraryA
CreateFileW
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
CompareStringW
GetOEMCP
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapAlloc
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
HeapFree
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
SetEnvironmentVariableA
LocalFree
HeapDestroy
OpenMutexW
CreateMutexW
RemoveDirectoryW
GetTempPathW
GetLocalTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceExW
CreateProcessW
GetTickCount
GlobalSize
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
SetSystemPowerState
GetSystemTime
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcpyW
GetCurrentThreadId
lstrcmpW
GetCurrentProcess
FlushInstructionCache
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
GetProcAddress
GetFileAttributesW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
InterlockedDecrement
GetVersionExW
FreeLibrary
LoadLibraryW
CompareStringA
RaiseException

user32

CheckRadioButton
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SetDlgItemInt
DialogBoxParamW
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
ClientToScreen
GetActiveWindow
DrawTextW
IsMenu
CloseClipboard
GetClipboardData
OpenClipboard
GetDlgItemInt
GetDlgItemTextA
OffsetRect
UpdateWindow
EndDialog
SetForegroundWindow
MessageBeep
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetWindowRect
GetDesktopWindow
CallNextHookEx
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
LoadMenuW
DefWindowProcW
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
SetTimer
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
InvalidateRect
FindWindowExW
DestroyWindow
CharLowerW
RegisterWindowMessageW
GetWindow
SetRect
SetMenuItemInfoW
DeleteMenu
EnableWindow
ExitWindowsEx
GetMenuItemInfoW
GetSystemMetrics
SetCursor
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
SetWindowRgn
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
LoadIconW
CheckMenuItem
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
SetWindowTextW
GetWindowTextW
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
GetSubMenu
RegisterHotKey
TranslateAcceleratorW
MapWindowPoints
TrackPopupMenuEx
IsWindowVisible
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
GetParent
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetCursorPos
ScreenToClient
PtInRect
SetRectEmpty
ShowCursor
BringWindowToTop
KillTimer
GetWindowTextLengthW

gdi32

RoundRect
CreatePatternBrush
SetViewportOrgEx
Rectangle
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
CreatePen
MoveToEx
LineTo
CreateDIBSection
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
DeleteObject
CreateFontIndirectW
DeleteDC
BitBlt
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
StretchBlt
GetObjectW
GetDeviceCaps
GetStockObject
CombineRgn
SetStretchBltMode
CreateRectRgn

comdlg32

GetSaveFileNameW
ChooseFontA
ChooseFontW
GetOpenFileNameW
ChooseColorW

advapi32

ChangeServiceConfigW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
CreateServiceW
ControlService
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenSCManagerW

shell32

SHGetPathFromIDListW
ExtractIconW
SHFileOperationW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteW
SHAppBarMessage
DragQueryFileW
DragFinish
DragAcceptFiles
SHBrowseForFolderW

ole32

CLSIDFromProgID
CoTaskMemFree
OleUninitialize
OleInitialize
CLSIDFromString
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

VariantInit
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
SysFreeString
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
GetErrorInfo
SysAllocString

ws2_32

WSAStartup
WSACleanup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_ntoa
htons
gethostbyname
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
ntohl
inet_addr

winmm

mciSendStringW
timeGetTime

quartz

AMGetErrorTextW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ord16
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
InitCommonControlsEx
ImageList_Destroy

msimg32

AlphaBlend
TransparentBlt

urlmon

CoInternetGetSession

Sections

.text
Size: 892KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodPlayer.xml
QvodTerminal.exe
.exe windows:4 windows x86 arch:x86

b26eb3e02721b71f9f3e69e4c065bccb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
ntohl
WSAGetLastError
send
WSAEventSelect
WSACreateEvent
WSASocketA
WSAJoinLeaf
getpeername
WSAStartup
gethostname
inet_ntoa
ioctlsocket
select
__WSAFDIsSet
inet_addr
gethostbyname
recvfrom
ntohs
sendto
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
htonl
connect
recv
setsockopt
socket
htons
bind
listen
closesocket

advapi32

RegCloseKey
DeleteService
ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegOpenKeyA

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
VariantClear
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
GetCPInfo
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetACP
GetOEMCP
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedExchange
VirtualFree
LocalFree
GetModuleHandleA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
SetLastError
TlsAlloc
GetCurrentThreadId
HeapFree
GetVersion
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MoveFileExA
Sleep
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetTempPathA
GetPrivateProfileStringA
WritePrivateProfileStringA
InterlockedDecrement
QueryPerformanceCounter
GetSystemTime
InterlockedIncrement
CopyFileA
CreateSemaphoreA
OpenSemaphoreA
GetModuleFileNameA
MoveFileA
LocalAlloc
GetSystemDirectoryA
GetVersionExA
GetProcAddress
LoadLibraryA
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
GetDiskFreeSpaceExA
GetLastError
GetLogicalDriveStringsA
TerminateProcess
ReadFile
PeekNamedPipe
GetWindowsDirectoryA
GetStartupInfoA
CreatePipe
lstrlenA
RtlUnwind
GetFileType
CreateFileA
CreateDirectoryA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetTimeZoneInformation
GetSystemTimeAsFileTime
RaiseException
ExitProcess
GetCurrentProcess
GetCommandLineA

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Skin/$R0
.dll regsvr32 windows:4 windows x86 arch:x86

60cb72d35ebb5bc64e3e7d919a5c2144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetLastError
TlsFree
TlsAlloc
GetModuleHandleA
HeapSize
TerminateProcess
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetVersionExW
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
GlobalLock
GlobalUnlock
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
LCMapStringW
WriteFile
FlushFileBuffers
GetModuleFileNameA
CompareStringA
GetVersionExA
HeapCreate
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
CreateFileW
IsBadReadPtr
IsBadCodePtr
CreateFileA
GetACP
GetOEMCP
LoadLibraryA
SetConsoleCtrlHandler
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
LocalFree
Sleep
FindFirstFileW
FindClose
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CompareStringW
ReadFile
SetFilePointer
lstrcatW
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
LoadLibraryExW
FindResourceW
GetUserDefaultLangID
LoadResource
SizeofResource
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
OpenMutexW
CreateProcessW
GetFileAttributesW
CreateDirectoryW
CopyFileW
GetTickCount
GetProcAddress
FreeLibrary
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GetEnvironmentVariableA
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
GlobalAlloc
LCMapStringA

user32

GetDlgCtrlID
EndDialog
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
SetDlgItemTextW
KillTimer
DrawTextW
DialogBoxParamW
ClientToScreen
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
MessageBoxW
GetQueueStatus
UnregisterHotKey
CheckRadioButton
TrackPopupMenu
CreateMenu
GetKeyState
UnionRect
GetDlgItemTextW
OffsetRect
EqualRect
IntersectRect
SetCursor
CopyRect
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
wvsprintfW
CharNextW
SetDlgItemInt
SetWindowRgn
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetParent
LoadBitmapW
SetRect
GetActiveWindow
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetWindowRect
PtInRect
ScreenToClient
GetCursorPos
GetDesktopWindow
SetRectEmpty
ShowCursor
BringWindowToTop
SetWindowTextW
PostMessageW
CharLowerW
FindWindowExW
ShowWindow
InvalidateRect
MoveWindow
SetTimer
DestroyWindow
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
CreateWindowExW
SetWindowPos
ReleaseCapture
SetCapture
IsWindow
SendMessageW
ReleaseDC
GetDC
FillRect
GetClientRect
LoadStringW
DispatchMessageW

gdi32

TextOutW
CreatePatternBrush
SetDIBits
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
Rectangle
SetTextAlign
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontA

advapi32

QueryServiceStatus
CloseServiceHandle
RegOpenKeyW
RegCloseKey
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
ControlService
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleLoadFromStream
CoUninitialize
CoFreeUnusedLibraries
WriteClassStm
OleSaveToStream
CreateDataAdviseHolder

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString
VariantInit

ws2_32

WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostbyname
htonl
connect
recv
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
inet_addr

winmm

timeSetEvent
timeGetTime

quartz

AMGetErrorTextW

comctl32

ImageList_Destroy
ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ord16

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/$R2/NSIS.Library.RegTool.v2.$_3_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Skin/Blue.xml
Skin/Blue/back.bmp
Skin/Blue/back1.bmp
Skin/Blue/bottom.bmp
Skin/Blue/bottomleft.bmp
Skin/Blue/bottomright.bmp
Skin/Blue/caption.bmp
Skin/Blue/caption1.bmp
Skin/Blue/caption_mask.bmp
Skin/Blue/close.bmp
Skin/Blue/full.bmp
Skin/Blue/icon.bmp
Skin/Blue/info.bmp
Skin/Blue/infofull.bmp
Skin/Blue/left.bmp
Skin/Blue/leftbottom.bmp
Skin/Blue/lefttop.bmp
Skin/Blue/listbutton.bmp
Skin/Blue/listbutton2.bmp
Skin/Blue/max.bmp
Skin/Blue/media_files.bmp
Skin/Blue/media_files_2.bmp
Skin/Blue/media_info.bmp
Skin/Blue/media_sham.bmp
Skin/Blue/media_sham_2.bmp
Skin/Blue/mediaback1.bmp
Skin/Blue/mediaback2.bmp
Skin/Blue/mediaback3.bmp
Skin/Blue/mediaeditdel.bmp
Skin/Blue/mediare.bmp
Skin/Blue/mediatolist.bmp
Skin/Blue/mediatree.bmp
Skin/Blue/menu.bmp
Skin/Blue/min.bmp
Skin/Blue/mtk.bmp
Skin/Blue/mute.bmp
Skin/Blue/mute2.bmp
Skin/Blue/next.bmp
Skin/Blue/nowplay.bmp
Skin/Blue/open.bmp
Skin/Blue/open1.bmp
Skin/Blue/pause.bmp
Skin/Blue/play.bmp
Skin/Blue/playlist_toolbar.bmp
Skin/Blue/pre.bmp
Skin/Blue/process_left.bmp
Skin/Blue/process_right.bmp
Skin/Blue/processp.bmp
Skin/Blue/progress.bmp
Skin/Blue/progress_point.bmp
Skin/Blue/progress_thumb.bmp
Skin/Blue/reold.bmp
Skin/Blue/right.bmp
Skin/Blue/rightbottom.bmp
Skin/Blue/righttop.bmp
Skin/Blue/scroll_back.bmp
Skin/Blue/scroll_back_h.bmp
Skin/Blue/scroll_down.bmp
Skin/Blue/scroll_left.bmp
Skin/Blue/scroll_limit.bmp
Skin/Blue/scroll_limit_h.bmp
Skin/Blue/scroll_right.bmp
Skin/Blue/scroll_up.bmp
Skin/Blue/stop.bmp
Skin/Blue/tab.bmp
Skin/Blue/tab1.bmp
Skin/Blue/tabs_left.bmp
Skin/Blue/tabs_mid.bmp
Skin/Blue/tabs_right.bmp
Skin/Blue/top.bmp
Skin/Blue/topleft.bmp
Skin/Blue/topright.bmp
Skin/Blue/volume.bmp
Skin/Blue/volumeb.bmp
Skin/Blue/volumep.bmp
Skin/Logo.bmp
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 36KB - Virtual size: 36KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 659B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 3KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 446B

405f85e6c10ba505edbac8ea83c4ca8c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

comctl32

msimg32

Exports

Exports

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 659B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 446B

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 240KB - Virtual size: 239KB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 36KB - Virtual size: 32KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB