66d077b1118f85da6cd990c14da0444e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66d077b1118f85da6cd990c14da0444e_JaffaCakes118
Size

1.5MB
MD5

66d077b1118f85da6cd990c14da0444e
SHA1

9769e74c28000794df6a3f5e5b36c3f46437184a
SHA256

2bb9aea2fcf58cb0d4c564e465b6ec1453e3bd08990a8241e9c1017791ad0d64
SHA512

5bb46fd31e09fc4cf95aa312f9837ba3c37e41ab270ac93277ee761bc010bcd388887a47ed1b01317d76066dda9c9b9684d6a05d7f653d8a2eec1bc2197d3f9e
SSDEEP

24576:acFl/UB2qO+A2yKyYKNWM0rxi4cXjuPP3DL7BniJgdy2bJQX5tNdZJ6trW2iGXnT:Plaw+A7KyDNWnxi4cXjuPPflniJgk2Nl

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ArmAccess.dll
unpack001/DialUp.dll
unpack001/RunAsService.exe
unpack001/RunMCRFile.exe
unpack001/UIComponents.dll
unpack001/Uninst.exe
unpack001/WhoAmI.exe
unpack001/Win98code.dll
unpack001/_Loader.exe
unpack001/_apmousedll.dll
unpack001/_b_keydll.dll
unpack001/_keydll.dll
unpack001/_prog.exe
unpack001/_prog_wd.exe
unpack001/cui.dll
unpack001/mtwbho.dll
unpack001/pk32.exe
unpack001/resdll.dll
unpack001/setup.exe

Files

66d077b1118f85da6cd990c14da0444e_JaffaCakes118
.rar
ArmAccess.dll
.dll windows:4 windows x86 arch:x86

d1e10a04ad85a14abc67c0f2a2f79aed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetLastError
SetEnvironmentVariableA
ReadFile
CreateMailslotA
CreateFileA
GetEnvironmentVariableA
CloseHandle
WriteFile
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

IsWindow
SendMessageA
GetWindowThreadProcessId

oleaut32

SysAllocStringByteLen

Exports

Exports

ChangeHardwareLock
CheckCode
CopiesRunning
Environ
Environ2
GetShellProcessID
IncrementCounter
InstallKey
InstallKeyLater
SECUREBEGIN
SECUREBEGIN_A
SECUREBEGIN_B
SECUREBEGIN_C
SECUREEND
SECUREEND_A
SECUREEND_B
SECUREEND_C
SetDefaultKey
UninstallKey
UpdateEnvironment
VerifyKey

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Custom/下载说明.htm
.html .js polyglot
DemoFile.4pk
DialUp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

202d258b7702c2b38767b7fc988b9a2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasGetConnectStatusA
RasHangUpA
RasEnumConnectionsA
RasDialA

kernel32

RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
ExitThread
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
WriteFile
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetProcessVersion
GetOEMCP
GetCPInfo
WritePrivateProfileStringA
SetLastError
GlobalFlags
TlsGetValue
MulDiv
SetErrorMode
GlobalReAlloc
LocalReAlloc
TlsSetValue
TlsAlloc
TlsFree
GlobalHandle
GetVersion
LocalFree
LocalAlloc
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
LockResource
GlobalUnlock
GlobalFree
ResumeThread
GlobalAlloc
CloseHandle
GlobalLock
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
Sleep
GetCurrentThreadId
GetTickCount
LoadLibraryA
lstrcatA
lstrcpyA
IsDBCSLeadByte
GetProcAddress
HeapDestroy
LoadLibraryExA
lstrcpynA
lstrcmpiA
LoadResource
GetLastError
FindResourceA
WideCharToMultiByte
SizeofResource
FreeLibrary
GetShortPathNameA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
lstrlenA
HeapCreate
HeapSize
GetACP

user32

GetSysColorBrush
IsDialogMessageA
SetWindowTextA
ShowWindow
LoadStringA
UnregisterClassA
GetClassNameA
PtInRect
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
CallWindowProcA
AdjustWindowRectEx
LoadCursorA
GetMessagePos
SetForegroundWindow
GetWindow
UpdateWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowRect
EndDialog
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
SendMessageA
PostQuitMessage
GetClientRect
CopyRect
EnableWindow
IsWindow
FindWindowA
PostMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
CharNextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
LoadIconA
GetForegroundWindow
RemovePropA
GetMessageTime
UnhookWindowsHookEx
GetPropA
GetWindowPlacement
IsIconic
SetWindowLongA

gdi32

SetBkColor
DeleteDC
DeleteObject
RestoreDC
SelectObject
SaveDC
GetStockObject
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
SetTextColor
GetObjectA
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
LoadTypeLi
SysAllocString
VarUI4FromStr
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OLREG.HTM
.html
README.TXT
RunAsService.exe
.exe windows:4 windows x86 arch:x86

236da76da9655f623cdb85fb8bcd33ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
CloseHandle
lstrlenA
CreateProcessA
FormatMessageA
GetModuleFileNameA
GetLastError
FreeEnvironmentStringsA
HeapDestroy
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LocalFree
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA

user32

MessageBoxA

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenSCManagerA
CreateServiceA
SetServiceStatus
DeleteService
CloseServiceHandle
StartServiceA
OpenServiceA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RunMCRFile.exe
.exe windows:4 windows x86 arch:x86

84256d121c22692e8c3c461ce237e5bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
RtlUnwind
GetStartupInfoA
GetCommandLineA
FileTimeToSystemTime
ExitProcess
HeapAlloc
HeapFree
RaiseException
TerminateProcess
SetErrorMode
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
LocalFileTimeToFileTime
HeapCreate
VirtualFree
VirtualAlloc
GetFileSize
SystemTimeToFileTime
InitializeCriticalSection
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrcatA
lstrcpyA
lstrlenA
GlobalLock
lstrcpynA
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
GetProfileStringA
GetStringTypeExA
GetShortPathNameA
GetThreadLocale
FindClose
GetVolumeInformationA
FindFirstFileA
SetEndOfFile
DeleteFileA
MoveFileA
FlushFileBuffers
UnlockFile
LockFile
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
GetOEMCP
GetCurrentDirectoryA
SizeofResource
GetProcessVersion
GetCPInfo
SetLastError
TlsGetValue
GlobalFlags
MulDiv
EnterCriticalSection
LocalReAlloc
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
IsBadWritePtr
LocalAlloc
GetLastError
WinExec
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
GlobalFree
LoadLibraryA
FreeLibrary
FindResourceA
SetUnhandledExceptionFilter
LCMapStringA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy

user32

IsDialogMessageA
SetWindowTextA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ShowOwnedPopups
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
GetClassNameA
PtInRect
ClientToScreen
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
LoadStringA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
InsertMenuA
DeleteMenu
GetMenuStringA
DestroyIcon
CharUpperA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetClientRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
MessageBoxA
IsChild
RegisterClassA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetLastActivePopup
BringWindowToTop
IsWindowVisible
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
InvalidateRect
SetWindowLongA
wsprintfA
GetKeyState
SetWindowPos
GetDlgCtrlID
UpdateWindow
GetMenuItemCount
GetSubMenu
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetMenu
LoadIconA
GetClassInfoA
LoadMenuA
DestroyMenu
SetFocus
GetParent
GetActiveWindow
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
SendMessageA
SetCursor
PeekMessageA
PostMessageA
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
EnableWindow
GetSystemMetrics
GetMessageTime
ExcludeUpdateRgn
ShowCaret
DefDlgProcA
IsWindowUnicode
CharNextA
InflateRect
UnregisterClassA
DrawFocusRect
HideCaret

gdi32

SetBkColor
CreateBitmap
DeleteObject
GetDeviceCaps
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetClipBox
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
CreateDIBitmap
CreateCompatibleDC
GetTextExtentPointA
PatBlt
BitBlt
SetTextColor
GetObjectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA

shell32

SHGetFileInfoA
DragQueryFileA
ExtractIconA
DragFinish

comctl32

ord17

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SONIC.WAV
UIComponents.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9b4fbc82b6f70167027adf47a97955ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2623
ord290
ord3237
ord4622
ord4226
ord2486
ord4003
ord434
ord5575
ord4033
ord535
ord1175
ord2629
ord1168
ord2864
ord1223
ord1206
ord2140
ord2642
ord3815
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord366
ord674
ord5282
ord4242
ord1203
ord4413
ord1200
ord4907
ord1859
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord4153
ord2383
ord4437
ord5255
ord4428
ord402
ord5284
ord4246
ord5290
ord3402
ord3610
ord656
ord567
ord2302
ord2614
ord2339
ord3092
ord4538
ord4774
ord6663
ord397
ord699
ord912
ord2301
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord3721
ord616
ord609
ord795
ord3147
ord6215
ord4160
ord536
ord2764
ord2859
ord6927
ord6877
ord4220
ord2584
ord3654
ord6270
ord1644
ord3663
ord2438
ord539
ord3317
ord2818
ord1146
ord1199
ord6648
ord6930
ord6928
ord6197
ord6380
ord2379
ord2299
ord6883
ord6143
ord4129
ord801
ord541
ord6779
ord4278
ord5861
ord4277
ord6283
ord6282
ord2086
ord6880
ord755
ord2754
ord470
ord3619
ord3626
ord2414
ord2362
ord2582
ord4402
ord3370
ord3640
ord693
ord6907
ord3998
ord3996
ord6905
ord3301
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord861
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord614
ord3579
ord4424
ord823
ord394
ord686
ord384
ord772
ord500
ord696
ord537
ord4202
ord355
ord2515
ord3499
ord858
ord6334
ord939
ord941
ord4853
ord4710
ord4234
ord2370
ord2298
ord825
ord324
ord540
ord860
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord2358
ord3259
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord6199
ord5265

msvcrt

__dllonexit
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
_CxxThrowException
__CxxFrameHandler
sprintf
_mbscmp
strcpy
strstr
_purecall
strcmp
strncpy
memset
strlen
atoi
memcpy
strcat
_except_handler3
_onexit
memcmp
realloc
malloc
free
_initterm

kernel32

lstrcatA
lstrcpyA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetModuleHandleA
GetShortPathNameA
lstrlenA
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
SearchPathA
GetTickCount
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetLastError
OpenFile
_lclose
CreateFileA
CloseHandle
LocalAlloc
LocalFree
lstrlenW
WideCharToMultiByte
GetPrivateProfileStringA

user32

EnableWindow
DestroyIcon
CopyIcon
CreatePopupMenu
GetCursorPos
PeekMessageA
GetLastActivePopup
GetFocus
LoadIconA
SetForegroundWindow
GetClassNameA
GetWindowTextA
IsWindowVisible
SetTimer
KillTimer
PostMessageA
SendMessageA
GetSysColor
GetClientRect
LoadImageA
SystemParametersInfoA
ReleaseDC
GetWindowDC
GetDesktopWindow
CharNextA
DrawTextA
InflateRect
GetWindowRect
InvalidateRect
TranslateMessage
DispatchMessageA
DrawIconEx
GetAsyncKeyState
WindowFromPoint
IsWindow
GetParent
GetWindowLongA
InsertMenuA

gdi32

MoveToEx
LineTo
CreatePen
CreateSolidBrush
GetStockObject
SelectObject
SetBkMode
Rectangle
DeleteObject
SetTextColor
GetPixel
GetTextExtentPoint32A

winspool.drv

EnumPrintersA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

shell32

SHBrowseForFolderA
FindExecutableA
SHGetFileInfoA
ExtractIconExA
ExtractIconA
ShellExecuteA
SHGetPathFromIDListA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
LoadTypeLi
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninst.exe
.exe windows:4 windows x86 arch:x86

efcfc6e7622396e9f04783b3de8ab7da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
RtlUnwind
GetStartupInfoA
ExitProcess
HeapFree
HeapAlloc
RaiseException
SetStdHandle
TerminateProcess
GetFileType
GetACP
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileTime
GetTimeZoneInformation
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
lstrlenA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
lstrcatA
GetTickCount
GetVersionExA
HeapDestroy
MulDiv
Sleep
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FindNextFileA
lstrcpyA
FindFirstFileA
SetLastError
FindClose
GetSystemDirectoryA
RemoveDirectoryA
DeleteFileA
LoadLibraryA
GetLastError
HeapCreate
VirtualFree
GetStdHandle
GetCommandLineA
GetFileAttributesA
CopyFileA
GetProfileStringA
GetCurrentDirectoryA
GetFileSize
GetEnvironmentVariableA

user32

ShowWindow
ReleaseDC
GetDC
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
DestroyMenu
InflateRect
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
CharUpperA
InvalidateRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
IsDialogMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
GetMessagePos
GetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
PostMessageA
MessageBoxA
PeekMessageA
DispatchMessageA
TranslateMessage
EnableWindow
GetSysColor
GetSystemMenu
SendDlgItemMessageA
AppendMenuA
MapWindowPoints
SetFocus
AdjustWindowRectEx
ScreenToClient
GetClientRect
CopyRect
DefWindowProcA
CreateWindowExA
GetDlgCtrlID
SendMessageA
GetWindowRect
UpdateWindow
LoadIconA
GetMessageTime
RemovePropA
GetWindow
SetForegroundWindow
UnhookWindowsHookEx
ShowCaret
IsWindowUnicode
CharNextA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
HideCaret
UnregisterClassA

gdi32

CreateFontA
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
PatBlt
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetDeviceCaps
IntersectClipRect
SetTextAlign
DeleteObject
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
ScaleWindowExtEx
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExA
SHFileOperationA
SHGetPathFromIDListA

comctl32

ord17

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WhoAmI.exe
.exe windows:4 windows x86 arch:x86

91efb78109cc58ad3ccf2c61599850bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

GetUserNameA

kernel32

GetVersionExA
HeapDestroy
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
VirtualAlloc
HeapAlloc
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetStringTypeW
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Win98code.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7942838106132cda0db44d9e93bcc63d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
GetSystemInfo
GetVersionExA
HeapCreate
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
EnterCriticalSection
InterlockedDecrement
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
DebugBreak
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
HeapFree
HeapReAlloc
HeapAlloc
LoadResource
SizeofResource
GetProcAddress

user32

BlockInput
CharNextA

advapi32

RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
SysAllocString
RegisterTypeLi
LoadTypeLi
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_Loader.exe
.exe windows:4 windows x86 arch:x86

435f8c1bc657f93fe10cafeeb0757f6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetErrorMode
GetFullPathNameA
RtlUnwind
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
HeapSize
GetTimeZoneInformation
FileTimeToLocalFileTime
UnhandledExceptionFilter
FileTimeToSystemTime
MultiByteToWideChar
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
Sleep
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
CopyFileA
GetProcessVersion
GetOEMCP
GetCPInfo
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
DeleteCriticalSection
TlsFree
GlobalHandle
LocalAlloc
TlsAlloc
InitializeCriticalSection
MulDiv
GlobalFlags
lstrcpynA
ResumeThread
lstrcmpA
CloseHandle
GlobalAlloc
LocalFree
GetCurrentThread
FreeEnvironmentStringsA
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
FindNextFileA
FindFirstFileA
GetLastError
SetLastError
FindClose
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateProcessA
GetCurrentProcess
SetPriorityClass
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetMessageA
GetClassNameA
PtInRect
ClientToScreen
ReleaseDC
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
LoadIconA
AdjustWindowRectEx
PostMessageA
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
GetKeyState
DefWindowProcA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetFocus
SetFocus
GetClientRect
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
EnableWindow
CreateWindowExA
GetWindowTextA
UnregisterClassA

gdi32

SetTextColor
GetObjectA
CreateBitmap
DeleteObject
SelectObject
GetDeviceCaps
GetStockObject
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
SetBkColor

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_apmousedll.dll
.dll windows:4 windows x86 arch:x86

38e37a124be4cc891a2ba48db749df03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
HeapFree
GetTickCount
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
LoadLibraryA
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
InterlockedIncrement
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement

user32

PostMessageA
SendMessageA
GetAsyncKeyState
CallNextHookEx

Exports

Exports

APMouseDllProc
dllDisableHook
dllIgnoreMouseMsg
dllInitMouseDLL
g_dll_hHook
g_dll_hMainWnd
g_dll_nDisableHook
g_dll_nFilterMsg
g_dll_nIgnoreMsg

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EMDLL_SE
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_b_keydll.dll
.dll windows:4 windows x86 arch:x86

5678036c53abef8e904c6373a2e0ddad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
GetAsyncKeyState
CallNextHookEx

kernel32

WriteFile
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

GetHookToDLL
GetWindowToDLL
Pt32GetMsgProc
Pt32KeyboardProc
Pt32MouseProc
dllBlockKeys
dllBlockMouse
dllGetCHAR
dllGetCanceled
dllGetKHLPARAM
dllGetKHWPARAM
dllGetKeyEvent
dllGetKeybEvent
dllGetPressEvent
dllResetCHAR
dllResetCanceled
dllResetInPause
dllSetInPause
dllSetKeybEvent
dllUnblockKeys
g_dllBlockKeys
g_dllCanceled
g_dllIsKeybEvent
g_dllKHOnly_LPARAM
g_dllKHOnly_WPARAM
g_dllKeyEvent
g_dllPressEvent
g_dll_keyhook
g_dll_mousehook
g_dll_msghook
g_dll_nBlockMouse
g_lDllCHAR

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PT32DLL_
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_keydll.dll
.dll windows:4 windows x86 arch:x86

5678036c53abef8e904c6373a2e0ddad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
GetAsyncKeyState
CallNextHookEx

kernel32

WriteFile
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

GetHookToDLL
GetWindowToDLL
Pt32GetMsgProc
Pt32KeyboardProc
Pt32MouseProc
dllBlockKeys
dllBlockMouse
dllGetCHAR
dllGetCanceled
dllGetKHLPARAM
dllGetKHWPARAM
dllGetKeyEvent
dllGetKeybEvent
dllGetPressEvent
dllResetCHAR
dllResetCanceled
dllResetInPause
dllSetInPause
dllSetKeybEvent
dllUnblockKeys
g_dllBlockKeys
g_dllCanceled
g_dllIsKeybEvent
g_dllKHOnly_LPARAM
g_dllKHOnly_WPARAM
g_dllKeyEvent
g_dllPressEvent
g_dll_keyhook
g_dll_mousehook
g_dll_msghook
g_dll_nBlockMouse
g_lDllCHAR

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PT32DLL_
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_prog.exe
.exe windows:4 windows x86 arch:x86

aaa734bdf233e7b6248c47353f08a15f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CloseHandle
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
CreateThread
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CompareStringW
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
DebugActiveProcess
GetShortPathNameA

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
SendMessageW

gdi32

DeleteDC
RealizePalette
SelectPalette
CreateDCA
CreatePalette
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap

Sections

.text
Size: - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 40KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 668KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_prog.exe.manifest
.xml
_prog_service.bat
_prog_wd.exe
.exe windows:4 windows x86 arch:x86

c43e2dc7726c9f825d40753116a72c2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
ExitProcess
GetStartupInfoA
GetCommandLineA
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetLastError
GlobalFlags
lstrcpynA
MulDiv
SetLastError
TerminateProcess
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
Sleep
GetVersionExA
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
CloseHandle
OpenProcess
GetExitCodeProcess
GetFileType

user32

ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ReleaseDC
GetDC
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetDlgItem
IsWindowEnabled
IsWindow
IsWindowVisible
MessageBoxA
IsIconic
GetClientRect
DrawIcon
SendMessageA
GetWindowLongA
SetWindowLongA
LoadIconA
EnableWindow
GetSystemMetrics
SetCursorPos
GetAsyncKeyState
KillTimer
SetWindowTextA
IsDialogMessageA
GetForegroundWindow
SetTimer
SetForegroundWindow
GetMenuItemID
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateSolidBrush
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin.ini
cui.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.chm
.chm
ic_keyb.ico
license.txt
mtwbho.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ae5d135654ad8dc6aea6afdc85cbe929

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
lstrlenW
MultiByteToWideChar
InitializeCriticalSection
lstrlenA
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
GetModuleFileNameA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
IsBadCodePtr
SetUnhandledExceptionFilter
HeapSize
RaiseException
LocalFree
DisableThreadLibraryCalls
CreateMutexA
GetCurrentThreadId
InterlockedDecrement
ReleaseMutex
WritePrivateProfileStringA
Sleep
GetLastError
LoadLibraryExA
RtlUnwind
GetCPInfo
GetStringTypeA
WriteFile
CloseHandle
ResumeThread
CreateThread
TlsSetValue
ExitThread
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VirtualFree
GetStringTypeW
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
GetFileType
VirtualAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW

user32

CharNextA
SetWindowsHookExA
IsWindow
UnhookWindowsHookEx
GetClassNameA
CallNextHookEx
EnumThreadWindows

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
options.ini
pk32.exe
.exe windows:4 windows x86 arch:x86

e06bc8177dec2c2e877d5ec941b976c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetErrorMode
GetFullPathNameA
RtlUnwind
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
HeapSize
GetTimeZoneInformation
FileTimeToLocalFileTime
UnhandledExceptionFilter
FileTimeToSystemTime
MultiByteToWideChar
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
Sleep
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
CopyFileA
GetProcessVersion
GetOEMCP
GetCPInfo
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
DeleteCriticalSection
TlsFree
GlobalHandle
LocalAlloc
TlsAlloc
InitializeCriticalSection
GlobalFlags
lstrcpynA
ResumeThread
lstrcmpA
CloseHandle
GlobalAlloc
LocalFree
GetCurrentThread
FreeEnvironmentStringsA
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
FindNextFileA
FindFirstFileA
GetLastError
SetLastError
FindClose
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
CreateProcessA
GetCurrentProcess
SetPriorityClass
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP

user32

SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetMessageA
GetClassNameA
PtInRect
ClientToScreen
ReleaseDC
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
MapWindowPoints
GetSysColor
LoadIconA
AdjustWindowRectEx
PostMessageA
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
GetKeyState
DefWindowProcA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
GetSystemMetrics
DestroyWindow
GetFocus
SetFocus
GetClientRect
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
EnableWindow
CreateWindowExA
GetWindowTextA
UnregisterClassA

gdi32

SetTextColor
GetObjectA
CreateBitmap
DeleteObject
SelectObject
GetDeviceCaps
GetStockObject
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
SetBkColor

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pkother.htm
.html
pmlt_default_listonly.htm
pmlt_default_withmacro.htm
register.txt
resdll.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:4 windows x86 arch:x86

e0e0da199723f21b51e48d3655e71fba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
HeapAlloc
TerminateProcess
HeapFree
GetFileType
GetTimeZoneInformation
RaiseException
GetACP
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapReAlloc
GetStartupInfoA
LCMapStringA
LCMapStringW
GetDriveTypeA
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
GetCommandLineA
ExitProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
WritePrivateProfileStringA
WinExec
MultiByteToWideChar
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetSystemDirectoryA
WideCharToMultiByte
lstrcpyA
GetModuleHandleA
lstrlenA
lstrcatA
GetVersionExA
MulDiv
GetModuleFileNameA
GetFileSize
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetProfileStringA
RtlUnwind
SetErrorMode
GetFileTime
FindResourceExA
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcpynA
VirtualProtect
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetTickCount
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LocalFree
FindNextFileA
FindFirstFileA
FindClose
SetLastError
GetPrivateProfileStringA
IsBadCodePtr
InterlockedDecrement
HeapCreate
VirtualFree

user32

CopyRect
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
ScreenToClient
GetTopWindow
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetCapture
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
PostThreadMessageA
GetSysColorBrush
SetCursor
PostQuitMessage
UpdateWindow
GetDlgItem
GetDC
DrawTextA
ReleaseDC
GetSysColor
GetParent
InvalidateRect
SetWindowLongA
SetForegroundWindow
GetWindow
PostMessageA
EnableWindow
GetWindowRect
OffsetRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
MessageBoxA
PtInRect
GetClassNameA
LoadCursorA
CharUpperA
InflateRect
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
LoadStringA
MapDialogRect
GetAsyncKeyState
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetWindowPlacement
RegisterClipboardFormatA
GetSubMenu
SetFocus
DefDlgProcA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
CharNextA
IsWindowUnicode

gdi32

GetDeviceCaps
CreateBitmap
GetStockObject
GetClipBox
SetTextColor
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontA
IntersectClipRect
SetTextAlign
DeleteObject
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
EnumFontFamiliesExA
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
GetTextExtentPoint32A
SelectObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA
SHChangeNotify
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CoCreateInstance
OleInitialize
CoRevokeClassObject

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.exe.manifest
.xml
users.ini
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

d1e10a04ad85a14abc67c0f2a2f79aed

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 4KB - Virtual size: 3KB

202d258b7702c2b38767b7fc988b9a2a

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

236da76da9655f623cdb85fb8bcd33ac

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

84256d121c22692e8c3c461ce237e5bb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 20KB - Virtual size: 17KB

9b4fbc82b6f70167027adf47a97955ec

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 32KB - Virtual size: 45KB

.rsrc
Size: 88KB - Virtual size: 86KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 729B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 914B

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 19KB