7012343bff21ffd8405488ef36030f92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7012343bff21ffd8405488ef36030f92_JaffaCakes118
Size

11.1MB
MD5

7012343bff21ffd8405488ef36030f92
SHA1

2e3841dc345fe9baf251930bdb7f93a603ffef38
SHA256

90282f6680d1835ceef6b686a4be7af08bf7ee55eadecef4f22252c2f02006b9
SHA512

dc823069c6a10afe1f867b26d13030238062bd383f79a9fe2b8d9cc28e7b9dc3ae9dbddf4f17dca6180afdce76303c0d3f97d65f76bc4a62a505c7d893da35d0
SSDEEP

196608:UcoXKKyAnFmIfPY/uaW9HHkg4plt3FqJzZ6DDl5XhWsGFsrP5UddT5fQAxUNfQlt:3ShbAG1pEg0HGzZ6DzXhWhS5UddFI1f2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 49 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/SetupLib.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/SogouPY.ime~
unpack001/$_13_/SogouPY.ime
unpack001/$_13_/SogouPY.ime~
unpack001/$_15_/ConfigMover30b2.exe
unpack001/$_15_/HWSignature.dll
unpack001/$_15_/PinyinUp.exe
unpack001/$_15_/Resource.dll
unpack001/$_15_/ScdMaker.exe
unpack001/$_15_/ScdReg.exe
unpack001/$_15_/ScdViewer.exe
unpack001/$_15_/SkinReg.exe
unpack001/$_15_/SogouTSF.dll
unpack001/$_15_/SpeedMeter.exe
unpack001/$_15_/UserPage.exe
unpack001/$_15_/UsrDictUtil.exe
unpack001/$_15_/ZipLib.dll
unpack001/$_15_/ZipLib64.dll
unpack001/$_15_/config.exe
unpack001/$_15_/plugin/SgImeWord.dll
unpack001/$_15_/plugin/SgImeWord64.dll
unpack001/$_15_/userNetSchedule.exe
unpack001/$_16_/FC_Puncture.exe
unpack001/$_16_/Install.exe
unpack001/$_16_/check.exe
unpack001/$_19_/sogoupy.ime
unpack001/InstTemp/ConfigMover30b2.exe
unpack001/InstTemp/HWSignature.dll
unpack001/InstTemp/PinyinUp.exe
unpack001/InstTemp/Plugin/SgImeWord.dll
unpack001/InstTemp/Plugin/SgImeWord64.dll
unpack001/InstTemp/Resource.dll
unpack001/InstTemp/ScdMaker.exe
unpack001/InstTemp/ScdReg.exe
unpack001/InstTemp/ScdViewer.exe
unpack001/InstTemp/SkinReg.exe
unpack001/InstTemp/SogouTSF.dll
unpack001/InstTemp/SpeedMeter.exe
unpack001/InstTemp/UserPage.exe
unpack001/InstTemp/UsrDictUtil.exe
unpack001/InstTemp/ZipLib.dll
unpack001/InstTemp/ZipLib64.dll
unpack001/InstTemp/config.exe
unpack001/InstTemp/userNetSchedule.exe
unpack001/out.upx

Files

7012343bff21ffd8405488ef36030f92_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2008, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupLib.dll
.dll windows:4 windows x86 arch:x86

cb85ba6da4703d21bc1dd256035b2c46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyW

kernel32

GetCurrentProcess
GetModuleHandleW
GlobalFree
GetSystemDefaultLangID
GlobalAlloc
GetVersion
FreeLibrary
GetVersionExW
GetProcAddress
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
FindClose
LocalFree
FindNextFileW
FindFirstFileW
CompareStringW
LoadLibraryW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryValueExW

Exports

Exports

AddAccess
AddAccessExec
AddAccessOnReg
AppVersionCheck
BeVista
BeX64
CheckAccess
CorrectFileName
Debug
Downgrade
GetHWID
GetLocaleID
InstalledIMEIsPre30b1
IsRegisteredId
NeedReboot
OSSupported
RemoveDir
SetLowLabel
SetReboot
UninstallReg
UninstallUsrReg

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/SogouPY.ime~
.dll windows:4 windows x86 arch:x86

64624a015d2d7c23a80749b7870e1f82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\forBD\sogouime31\Bin\SogouInput\sogoupy.pdb

Imports

shlwapi

StrStrIW

imm32

ImmLockIMCC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmReSizeIMCC
ImmGetIMCCSize
ImmUnlockIMC
ImmCreateIMCC
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmCreateSoftKeyboard
ImmGetIMEFileNameW
ImmUnlockIMCC

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GlobalFree
GlobalUnlock
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
OpenEventW
CloseHandle
GetModuleHandleW
CreateProcessW
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
GetFullPathNameA
GlobalAlloc
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
InterlockedExchange
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
TlsSetValue
GetLastError
TlsGetValue
GlobalLock
CreateDirectoryW
GetVersionExW
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
WaitForSingleObject
GetCurrentProcessId
LCMapStringW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
SleepEx
CopyFileW
HeapDestroy
ExitProcess
HeapSize
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
FindNextFileW
FindFirstFileW
MoveFileExW
FindClose
RemoveDirectoryW
TlsAlloc
TlsFree
GetCommandLineW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedCompareExchange
DeleteCriticalSection
ReleaseMutex
CreateMutexW
OpenMutexW
CreateEventW
LocalFree
MultiByteToWideChar
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
CreateThread
GetTickCount
Sleep
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
CompareStringW
GlobalReAlloc
LockResource
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetModuleHandleA
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA

user32

SetCursorPos
MessageBoxW
PostMessageW
MessageBeep
SendMessageW
MapVirtualKeyW
GetKeyState
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
keybd_event
GetFocus
GetCaretPos
LoadIconW
GetMenuInfo
GetMenuItemCount
ActivateKeyboardLayout
SystemParametersInfoW
GetKeyboardLayoutList
GetDC
ReleaseDC
GetCursorPos
GetDlgItem
EndDialog
SetWindowTextW
GetCursor
LoadCursorW
SetWindowLongW
UnregisterClassW
BeginPaint
DrawTextW
EndPaint
InflateRect
FillRect
CreateWindowExW
KillTimer
SubtractRect
ShowWindow
SetCapture
GetClassLongW
SetWindowRgn
GetSystemMetrics
UpdateLayeredWindow
ReleaseCapture
IntersectRect
ClientToScreen
SetRect
FindWindowW
DestroyWindow
SetClassLongW
OffsetRect
RedrawWindow
AppendMenuW
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
GetClientRect
GetDesktopWindow
LoadBitmapW
RegisterClassExW
GetWindowLongW
DefWindowProcW
SetCursor
SetTimer
GetMenuItemInfoW
GetMonitorInfoW
CheckMenuItem
GetSubMenu
LoadMenuW
DestroyMenu
PtInRect
SetMenuItemInfoW
MonitorFromPoint
TrackPopupMenuEx
IsWindow
GetWindowRect
MoveWindow
SetWindowPos
SetCaretPos

gdi32

DeleteObject
CreateSolidBrush
SetTextColor
Rectangle
GetTextExtentPointW
GetStockObject
SetROP2
GetPixel
CreateCompatibleBitmap
CreateDCW
LineTo
CreateDIBSection
BitBlt
SetPixel
DeleteDC
GetROP2
CreateCompatibleDC
GdiFlush
MoveToEx
GetTextExtentPoint32W
SetBkMode
GetObjectW
GetGlyphOutlineW
TextOutW
GetTextMetricsW
GetFontData
CreateFontIndirectW
SelectObject
CreatePen
ExtCreateRegion
StretchBlt
CombineRgn
OffsetRgn
GetKerningPairsW

advapi32

SetNamedSecurityInfoW
SetSecurityInfo
RegQueryValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
LookupAccountSidW
GetSecurityInfo
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW

oleaut32

SysAllocString

wininet

HttpSendRequestW
InternetWriteFile
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpEndRequestW
InternetCloseHandle
InternetReadFile
InternetGetCookieW
InternetSetCookieW
HttpSendRequestExW
InternetOpenW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetConnectW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 888KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SogouIn
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_13_/$_15_/Uninstall.exe.nsis
$_13_/SogouPY.ime
.dll windows:4 windows x64 arch:x64

a3328494aab8d0f28a062c27e663a138

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW

imm32

ImmUnlockIMCC
ImmReSizeIMCC
ImmGetIMCCSize
ImmCreateIMCC
ImmUnlockIMC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmDestroySoftKeyboard
ImmCreateSoftKeyboard
ImmShowSoftKeyboard
ImmLockIMCC

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GlobalUnlock
GlobalLock
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetCurrentProcess
OpenEventW
CloseHandle
CreateProcessW
GetLastError
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
GlobalAlloc
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
TlsSetValue
GetCurrentThreadId
TlsGetValue
GlobalFree
CreateDirectoryW
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
WaitForSingleObject
GetCurrentProcessId
LCMapStringW
GetVersionExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetTimeFormatA
GetDateFormatA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameW
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
CreateEventW
SetLastError
HeapSize
GetModuleFileNameA
GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
RemoveDirectoryW
TlsAlloc
TlsFree
GetCommandLineW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
DeleteCriticalSection
LocalFree
MultiByteToWideChar
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetTickCount
CreateThread
Sleep
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
CompareStringW
GlobalReAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryExW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlPcToFileHeader
HeapReAlloc
GetTimeZoneInformation
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsFree
FlsAlloc

user32

OffsetRect
MessageBoxW
PostMessageW
MessageBeep
SendMessageW
MapVirtualKeyW
GetKeyState
CloseClipboard
keybd_event
GetFocus
SetClipboardData
EmptyClipboard
OpenClipboard
SetCaretPos
LoadIconW
GetMenuInfo
GetMenuItemCount
GetKeyboardLayoutList
SystemParametersInfoW
ReleaseDC
GetDC
GetCursorPos
SetWindowTextW
GetDlgItem
EndDialog
SetCursor
DefWindowProcW
GetWindowLongPtrW
SetTimer
CreateWindowExW
EndPaint
FillRect
BeginPaint
DrawTextW
InflateRect
ReleaseCapture
IntersectRect
RedrawWindow
SetRect
SetWindowRgn
UpdateLayeredWindow
FindWindowW
DestroyWindow
ShowWindow
ClientToScreen
KillTimer
GetSystemMetrics
SetCapture
AppendMenuW
SubtractRect
SetCursorPos
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
GetDesktopWindow
SetWindowLongPtrW
GetCursor
LoadCursorW
RegisterClassExW
UnregisterClassW
TrackPopupMenuEx
GetMenuItemInfoW
GetMonitorInfoW
CheckMenuItem
GetSubMenu
LoadMenuW
DestroyMenu
MonitorFromPoint
PtInRect
SetMenuItemInfoW
IsWindow
GetWindowRect
SetWindowPos
MoveWindow
GetCaretPos

gdi32

GetTextExtentPointW
CreateSolidBrush
Rectangle
SetTextColor
SelectObject
CreateDIBSection
DeleteDC
BitBlt
CreateCompatibleDC
MoveToEx
GetPixel
CreateCompatibleBitmap
LineTo
SetBkMode
GetTextExtentPoint32W
GetObjectW
GetGlyphOutlineW
TextOutW
GetFontData
GetKerningPairsW
DeleteObject
CreateFontIndirectW
CreatePen
ExtCreateRegion
StretchBlt
OffsetRgn
CombineRgn
GetTextMetricsW

advapi32

GetNamedSecurityInfoW
GetSecurityDescriptorSacl
RegQueryValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW

oleaut32

SysAllocString

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_13_/SogouPY.ime~
.dll windows:4 windows x64 arch:x64

a3328494aab8d0f28a062c27e663a138

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW

imm32

ImmUnlockIMCC
ImmReSizeIMCC
ImmGetIMCCSize
ImmCreateIMCC
ImmUnlockIMC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmDestroySoftKeyboard
ImmCreateSoftKeyboard
ImmShowSoftKeyboard
ImmLockIMCC

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GlobalUnlock
GlobalLock
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetCurrentProcess
OpenEventW
CloseHandle
CreateProcessW
GetLastError
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
GlobalAlloc
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
TlsSetValue
GetCurrentThreadId
TlsGetValue
GlobalFree
CreateDirectoryW
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
WaitForSingleObject
GetCurrentProcessId
LCMapStringW
GetVersionExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetTimeFormatA
GetDateFormatA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameW
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
CreateEventW
SetLastError
HeapSize
GetModuleFileNameA
GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
RemoveDirectoryW
TlsAlloc
TlsFree
GetCommandLineW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
DeleteCriticalSection
LocalFree
MultiByteToWideChar
FlushFileBuffers
GetFileSize
SetFilePointer
WriteFile
ReadFile
GetTickCount
CreateThread
Sleep
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
CompareStringW
GlobalReAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryExW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlPcToFileHeader
HeapReAlloc
GetTimeZoneInformation
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsFree
FlsAlloc

user32

OffsetRect
MessageBoxW
PostMessageW
MessageBeep
SendMessageW
MapVirtualKeyW
GetKeyState
CloseClipboard
keybd_event
GetFocus
SetClipboardData
EmptyClipboard
OpenClipboard
SetCaretPos
LoadIconW
GetMenuInfo
GetMenuItemCount
GetKeyboardLayoutList
SystemParametersInfoW
ReleaseDC
GetDC
GetCursorPos
SetWindowTextW
GetDlgItem
EndDialog
SetCursor
DefWindowProcW
GetWindowLongPtrW
SetTimer
CreateWindowExW
EndPaint
FillRect
BeginPaint
DrawTextW
InflateRect
ReleaseCapture
IntersectRect
RedrawWindow
SetRect
SetWindowRgn
UpdateLayeredWindow
FindWindowW
DestroyWindow
ShowWindow
ClientToScreen
KillTimer
GetSystemMetrics
SetCapture
AppendMenuW
SubtractRect
SetCursorPos
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
GetDesktopWindow
SetWindowLongPtrW
GetCursor
LoadCursorW
RegisterClassExW
UnregisterClassW
TrackPopupMenuEx
GetMenuItemInfoW
GetMonitorInfoW
CheckMenuItem
GetSubMenu
LoadMenuW
DestroyMenu
MonitorFromPoint
PtInRect
SetMenuItemInfoW
IsWindow
GetWindowRect
SetWindowPos
MoveWindow
GetCaretPos

gdi32

GetTextExtentPointW
CreateSolidBrush
Rectangle
SetTextColor
SelectObject
CreateDIBSection
DeleteDC
BitBlt
CreateCompatibleDC
MoveToEx
GetPixel
CreateCompatibleBitmap
LineTo
SetBkMode
GetTextExtentPoint32W
GetObjectW
GetGlyphOutlineW
TextOutW
GetFontData
GetKerningPairsW
DeleteObject
CreateFontIndirectW
CreatePen
ExtCreateRegion
StretchBlt
OffsetRgn
CombineRgn
GetTextMetricsW

advapi32

GetNamedSecurityInfoW
GetSecurityDescriptorSacl
RegQueryValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW

oleaut32

SysAllocString

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/AllSkin/2008.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/ţг.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/ġް.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/-·ڽ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/-һֻ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuangpin1.bmp
shuangpin2.bmp
shuangpin3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/ں-ϲ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
ban1.bmp
ban2.bmp
ban3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quan1.bmp
quan2.bmp
quan3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin1_2.bmp
skin2.bmp
skin2_1.bmp
skin2_2.bmp
$_15_/AllSkin/ɫ.ssf
.zip
a1.bmp
a2.bmp
a3.bmp
banjiao1.bmp
banjiao2.bmp
banjiao3.bmp
bar.bmp
cn1.bmp
cn2.bmp
cn3.bmp
cn_biaodian1.bmp
cn_biaodian2.bmp
cn_biaodian3.bmp
en1.bmp
en2.bmp
en3.bmp
en_biaodian1.bmp
en_biaodian2.bmp
en_biaodian3.bmp
fan1.bmp
fan2.bmp
fan3.bmp
ie1.bmp
ie2.bmp
ie3.bmp
jian1.bmp
jian2.bmp
jian3.bmp
key1.bmp
key2.bmp
key3.bmp
menu1.bmp
menu2.bmp
menu3.bmp
pass1.bmp
pass2.bmp
pass3.bmp
passon1.bmp
passon2.bmp
passon3.bmp
quanjiao1.bmp
quanjiao2.bmp
quanjiao3.bmp
quanpin1.bmp
quanpin2.bmp
quanpin3.bmp
shuang1.bmp
shuang2.bmp
shuang3.bmp
skin.ini
skin1.bmp
skin1_1.bmp
skin2.bmp
$_15_/AllSkin/ɫռ.ssf
.zip
$_15_/AllSkin/ɫռȫť.ssf
.zip
$_15_/AllSkin/״̬ĬƤ.ssf
.zip
$_15_/AllSkin/ѹ.ssf
.zip
$_15_/AllSkin/ѹȫť.ssf
.zip
$_15_/AllSkin/˹-.ssf
.zip
$_15_/AllSkin/-͵.ssf
.zip
$_15_/ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\forBD\sogouime31\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/Correction.ini
$_15_/HWSignature.dll
.dll windows:4 windows x86 arch:x86

a802b35f2201164659ebad8c5d11ae4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/MoHuYin.ini
$_15_/PinyinUp.exe
.exe windows:4 windows x86 arch:x86

ac0bb73643e83d184cc9ec81c784b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW

comctl32

ord17

shlwapi

StrCmpIW

imm32

ImmDisableIME

kernel32

MultiByteToWideChar
ResumeThread
DeleteCriticalSection
EnterCriticalSection
CreateProcessW
CopyFileW
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
ReadFile
CreateFileW
CreateEventW
MoveFileExW
InitializeCriticalSection
WaitForSingleObject
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
LeaveCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetVersionExW
CreateDirectoryW
GetCurrentProcess
GetPrivateProfileStringW
FindNextFileW
Sleep
FindFirstFileW
CloseHandle
FindClose
UnmapViewOfFile
GetLocalTime
GetTempPathW
LocalFree
FormatMessageW
GetLastError
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SuspendThread
SetEnvironmentVariableA
WideCharToMultiByte
MapViewOfFile
GetFileType
CreateFileMappingW
OpenFileMappingW
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
OpenEventW
SetFilePointer
FlushFileBuffers
SetLastError
GetFileSize
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
GetProcAddress
FreeLibrary
LCMapStringW
GetTickCount
CreateThread
QueryPerformanceFrequency
InterlockedExchange
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
LoadLibraryA
GetSystemTimeAsFileTime
GetVersionExA
GetStartupInfoW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetEnvironmentStringsW

user32

GetClassLongW
GetWindowLongW
DispatchMessageW
TranslateMessage
ExitWindowsEx
GetMessageW
PostQuitMessage
LoadIconW
GetWindowTextW
MessageBoxW
BeginPaint
RegisterClassW
GetSystemMetrics
DefWindowProcW
SetWindowLongW
LoadCursorW
SendMessageW
CreateWindowExW
ShowWindow
SetWindowTextW
SetWindowPos
SetTimer
EndPaint

gdi32

GetStockObject
DeleteObject
CreateFontIndirectW

advapi32

RegCreateKeyExW
RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW

hwsignature

GenHWID

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/Punctures.ini
$_15_/Resource.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/ScdMaker.exe
.exe windows:4 windows x86 arch:x86

75e80bb0ee7b9af33e275abf7f2c5cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
ReleaseMutex
OpenMutexW
WaitForSingleObject
FindClose
LocalFree
FindFirstFileW
InterlockedIncrement
InterlockedCompareExchange
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
CreateFileW
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
OpenFileMappingW
CreateFileMappingW
GetVersionExW
GetCommandLineW
GetModuleFileNameW
CopyFileW
MultiByteToWideChar
GetLastError
DeleteFileW
CreateDirectoryW
GetFileType

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/ScdReg.exe
.exe windows:4 windows x86 arch:x86

64cd16d23472679e4c2525023ef37201

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

GetCommandLineW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
GetLastError
CreateFileMappingW
InterlockedIncrement
InterlockedCompareExchange
LocalFree
WriteFile
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
CreateMutexW
OpenMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleFileNameW
GetStringTypeW
LCMapStringA
GetCPInfo
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
OpenEventW
CreateEventW
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileW
DeleteFileW
FindClose
FindNextFileW
GetStringTypeA

user32

MessageBoxW

advapi32

GetSecurityDescriptorSacl
RegCloseKey
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/ScdViewer.exe
.exe windows:4 windows x86 arch:x86

6f4dad20d6d7be53e98d78b5233452f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageW
GetDlgItem
EndDialog
DialogBoxParamW
GetWindowRect
SetWindowPos
GetSystemMetrics
MessageBoxW

gdi32

GetStockObject

kernel32

CompareStringA
CreateFileA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
WriteConsoleW
CompareStringW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
GetTimeZoneInformation
ReadFile
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LoadLibraryA
GetLocaleInfoW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/ShuangPinSchemes/ABC.ini
$_15_/ShuangPinSchemes/MS2003.ini
$_15_/ShuangPinSchemes/PinyinJiaJia.ini
$_15_/ShuangPinSchemes/Sogou.ini
$_15_/ShuangPinSchemes/ZiGuang.ini
$_15_/ShuangPinSchemes/ZiRanMa.ini
$_15_/SkinReg.exe
.exe windows:4 windows x86 arch:x86

a5da2ddbbb78c710496fa13b0b7918fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
CopyFileW
GetLastError
InterlockedIncrement
InterlockedCompareExchange
FindClose
FindNextFileW
LocalFree
FindFirstFileW
GetVersionExW
GetModuleFileNameW
GetCommandLineW
CreateFileW
OpenFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenMutexW
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
GetProcAddress
FreeLibrary
LoadLibraryW
CreateProcessW
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
Sleep
HeapSize
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
EnterCriticalSection
GetLongPathNameW
GetFileSize

user32

ShowWindow
DialogBoxParamW
IsDlgButtonChecked
MessageBoxW
GetMonitorInfoW
BeginPaint
GetDlgItem
EndDialog
GetCursorPos
EndPaint
GetWindowRect
SetWindowTextW
MoveWindow
MonitorFromPoint

advapi32

SetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyExW
RegCloseKey
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/SogouTSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

54352421f3c741ba4e5b28a5fc23cdce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

749c5fa9a46e899175aba9f78918cbbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalAlloc
GlobalFree
GetLastError
GetProcAddress
CreateDirectoryW
MapViewOfFile
CreateFileW
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CloseHandle
InterlockedIncrement
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FindFirstFileW
FindClose
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
WaitForSingleObject
GetVersionExW
GetCommandLineW
GetModuleFileNameW
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
LCMapStringW
GetTickCount
CreateThread
QueryPerformanceFrequency
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock

user32

CreateDialogParamW
DialogBoxParamW
SetClipboardData
OpenClipboard
MessageBoxW
GetWindowLongW
EmptyClipboard
SetWindowTextW
GetDlgItem
EndDialog
CloseClipboard
IsIconic
FindWindowW
ShowWindow
SetForegroundWindow
DefWindowProcW
SetTimer
SetWindowLongW

comctl32

InitCommonControlsEx

advapi32

SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/UserPage.exe
.exe windows:4 windows x86 arch:x86

6415271be83593c202ebe8d99f070c27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetConversionStatus
ImmGetContext

kernel32

GetModuleHandleW
GetLastError
CreateEventW
CloseHandle
CreateThread
MultiByteToWideChar
GetModuleFileNameW
CompareStringA
SetEndOfFile
GetDriveTypeA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetConsoleMode
CreateFileA
CompareStringW
GetConsoleCP
GetCurrentDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcAddress
FreeLibrary
LoadLibraryW
CreateDirectoryW
DeleteFileW
WideCharToMultiByte
FindNextFileW
LocalFree
FindFirstFileW
FindClose
GetVersionExW
GetCommandLineW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedCompareExchange
MoveFileExW
RemoveDirectoryW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
GetTickCount
Sleep
CreateProcessW
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetFullPathNameW

user32

GetClassNameW
ReleaseCapture
GetCursorPos
GetWindowLongW
OffsetRect
GetWindowRect
SendMessageW
MoveWindow
SetWindowLongW
SetWindowTextW
GetDlgCtrlID
RedrawWindow
ShowWindow
SetCapture
SetCursorPos
ActivateKeyboardLayout
GetSystemMetrics
PtInRect
BeginPaint
SetRect
DefWindowProcW
GetCursor
GetMonitorInfoW
SetWindowRgn
UpdateLayeredWindow
RegisterClassExW
FillRect
MonitorFromPoint
DestroyWindow
EndPaint
SubtractRect
KillTimer
InflateRect
CreateDialogParamW
DialogBoxParamW
TrackMouseEvent
GetParent
CallWindowProcW
GetDlgItem
LoadBitmapW
GetKeyboardLayoutList
SetForegroundWindow
IsIconic
CreateWindowExW
SetClassLongW
SetCursor
LoadCursorW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
PostMessageW
ReleaseDC
DrawTextW
CheckDlgButton
GetDC
MessageBoxW
IntersectRect
EndDialog
FindWindowW
SetWindowPos
IsDlgButtonChecked
SetTimer
SetFocus
SetDlgItemTextW
GetWindowTextW

gdi32

GetStockObject
CreateCompatibleDC
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
SelectObject
SetBkMode
StretchBlt
CreatePen
GetTextExtentPointW
Rectangle
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap
GetPixel
BitBlt
CreateDIBSection
SetTextColor

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetCanonicalizeUrlW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

advapi32

RegQueryValueExW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey
RegQueryValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

21ee3a187e591c7ae89f82034164cdad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileW
GetLastError
FindClose
DeleteFileW
FindFirstFileW
MoveFileExW
CreateDirectoryW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
LocalFree
WriteFile
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
GetCPInfo
OpenFileMappingW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileMappingW
CloseHandle
OpenEventW
CreateEventW
GetModuleFileNameW
GetVersionExW
GetCommandLineW
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
GetModuleHandleA

user32

MessageBoxW

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/ZipLib.dll
.dll windows:4 windows x86 arch:x86

a96908fbad3debc374b157a0a2bbaa71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetDriveTypeA
GetVolumeInformationA
InterlockedExchange
ReleaseMutex
CloseHandle
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
lstrcmpiW
GetVolumeInformationW
WaitForSingleObject
lstrlenW
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
CreateFileW
SetVolumeLabelW
GetLocalTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFullPathNameW
DosDateTimeToFileTime
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CreateMutexW
CreateFileA
InitializeCriticalSection
EnterCriticalSection
GetTempPathW
LeaveCriticalSection
CreateDirectoryW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
GetLastError
WideCharToMultiByte
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileA
InterlockedDecrement
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

SetKernelObjectSecurity
GetSecurityDescriptorControl
IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetKernelObjectSecurity
OpenProcessToken
GetSecurityDescriptorSacl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/ZipLib64.dll
.dll windows:4 windows x64 arch:x64

537f48e4f2bd5228095570b534b62dc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
GetVolumeInformationA
ReleaseMutex
CreateFileA
CloseHandle
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcmpiW
GetDriveTypeW
GetProcessHeap
lstrlenW
CreateFileW
SetVolumeLabelW
GetLocalTime
GetFullPathNameW
DosDateTimeToFileTime
SetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CreateMutexW
WideCharToMultiByte
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
MultiByteToWideChar
GetTempPathA
MoveFileW
CopyFileW
GetLastError
FindNextFileW
FindFirstFileW
GetVolumeInformationW
FindClose
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
MoveFileA
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapSetInformation
HeapCreate
HeapDestroy
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorControl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/config.exe
.exe windows:4 windows x86 arch:x86

e8332a14e636fd73a98853ed20469122

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetOpenStatus
ImmGetContext

comctl32

InitCommonControlsEx

kernel32

GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
WriteConsoleA
WriteConsoleW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
CopyFileW
OpenEventW
GetExitCodeProcess
CreateProcessW
GetLastError
HeapSize
GetConsoleMode
GetConsoleCP
GetTickCount
GetLocalTime
CloseHandle
FindFirstFileW
GetConsoleOutputCP
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetProcAddress
GetCurrentThreadId
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindClose
RemoveDirectoryW
FindNextFileW
MoveFileExW
GetCommandLineW
GetModuleFileNameW
GetVersionExW
LocalFree
MultiByteToWideChar
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
CreateThread
Sleep
GlobalLock
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalReAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount

user32

GetWindowRect
GetSystemMetrics
OffsetRect
CreateWindowExW
GetWindowLongW
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
GetDlgItemTextW
ScreenToClient
GetUpdateRect
ReleaseDC
GetDC
InvalidateRect
CheckRadioButton
GetDlgItem
PostMessageW
SetDlgItemTextW
LoadStringW
CreateDialogParamW
DialogBoxParamW
DefWindowProcW
MonitorFromPoint
DestroyWindow
SubtractRect
GetCursorPos
SetWindowPos
ReleaseCapture
PtInRect
LoadCursorW
SetCapture
IntersectRect
RedrawWindow
IsDlgButtonChecked
GetCursor
SetWindowRgn
GetMonitorInfoW
UpdateLayeredWindow
SetCursor
SetCursorPos
LoadImageW
CharNextW
InflateRect
GetDesktopWindow
EnableWindow
CheckDlgButton
SetTimer
EndDialog
SetWindowTextW
KillTimer
FillRect
DrawTextW
BeginPaint
EndPaint
SetForegroundWindow
FindWindowW
IsIconic
SetWindowLongW
MoveWindow
ShowWindow
LoadIconW
GetClientRect
MessageBoxW
SetFocus
SendMessageW
SetRect

gdi32

GetTextExtentPoint32W
CreateSolidBrush
SetViewportOrgEx
GetDeviceCaps
EnumFontFamiliesExW
SelectClipRgn
GetTextExtentPointW
CreatePen
CreateRectRgn
ExtCreateRegion
CombineRgn
OffsetRgn
GetKerningPairsW
GetTextMetricsW
GetFontData
GetGlyphOutlineW
BitBlt
CreateDIBSection
CreateCompatibleBitmap
GetPixel
GetObjectW
SetTextColor
MoveToEx
SetBkMode
Rectangle
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
StretchBlt
TextOutW
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCreateKeyExW
SetNamedSecurityInfoW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

msimg32

TransparentBlt
AlphaBlend

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_15_/phrases.ini
$_15_/plugin/SgImeWord.dll
.dll windows:4 windows x86 arch:x86

f91f5cbdb7900bcd01edd1ba46fa5f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
MulDiv
lstrlenA
lstrcpynW
DebugBreak
Sleep
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadResource
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeLibrary
GetFileAttributesW
GetVersion
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
FindResourceW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
EnterCriticalSection
SizeofResource
lstrlenW
SetLastError
GetLastError
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
RaiseException
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate

user32

CharNextW
IsWindow
ShowWindow
GetClassLongW
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
keybd_event
EmptyClipboard
GetClipboardData
PtInRect
ScreenToClient
SetCursor
LoadCursorW
GetCursorPos
LoadStringW
DrawTextW
GetSystemMetrics
GetWindow
GetClientRect
DestroyWindow
GetParent
SetFocus
GetDC
ReleaseDC
SendMessageW
GetDlgItem
GetWindowLongW
LoadImageW
DestroyIcon
MapWindowPoints
SetWindowTextW
GetWindowTextW
CallWindowProcW
DefWindowProcW
GetKeyState
SystemParametersInfoW
wvsprintfW
GetWindowRect
InvalidateRect
CreateDialogParamW
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetTextColor
SetBkMode
LineTo
CreateFontIndirectW
ExtTextOutW
MoveToEx
SelectObject
DPtoLP
CreateCompatibleBitmap
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetBkColor
DeleteObject
GetDeviceCaps

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/plugin/SgImeWord.exp
$_15_/plugin/SgImeWord.lib
$_15_/plugin/SgImeWord.map
$_15_/plugin/SgImeWord64.dll
.dll windows:4 windows x64 arch:x64

7d6cc627ddd88bb160fc8dfaa92b1e87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrlenA
MulDiv
DebugBreak
OutputDebugStringW
GlobalUnlock
Sleep
GlobalLock
GlobalAlloc
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
RtlPcToFileHeader
ExitProcess
HeapSize
FlsAlloc
FlushInstructionCache
lstrcmpiW
LoadLibraryA
FreeLibrary
FindResourceW
InitializeCriticalSection
LoadLibraryExW
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
lstrlenW
LoadLibraryW
DeleteCriticalSection
SetLastError
MultiByteToWideChar
SizeofResource
GetLastError
GetVersion
RaiseException
GetModuleHandleA
TlsSetValue
FlsFree
TlsFree
FlsGetValue
HeapDestroy
HeapCreate
HeapSetInformation
RtlCaptureContext
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapReAlloc
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

user32

CharNextW
GetClassLongW
ShowWindow
SetWindowPos
SetClassLongW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardData
keybd_event
SetCursor
ScreenToClient
PtInRect
LoadCursorW
GetCursorPos
DrawTextW
LoadStringW
SystemParametersInfoW
GetSystemMetrics
GetParent
GetWindowLongPtrW
SendMessageW
GetClientRect
DestroyIcon
SetWindowTextW
SetFocus
LoadImageW
GetDC
MapWindowPoints
GetDlgItem
CallWindowProcW
DefWindowProcW
ReleaseDC
GetWindowLongW
wvsprintfW
GetKeyState
GetWindow
SetWindowLongW
DestroyWindow
GetWindowTextW
IsWindow
GetWindowRect
SetWindowLongPtrW
CreateDialogParamW
InvalidateRect
UnregisterClassA

gdi32

SetTextColor
CreateCompatibleBitmap
LineTo
SetBkColor
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
DeleteObject
BitBlt
SelectObject
ExtTextOutW
CreatePen
DeleteDC
DPtoLP
MoveToEx
SetBkMode

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_15_/plugin/SgImeWord64.exp
$_15_/plugin/SgImeWord64.lib
$_15_/scd/ʫ.scel
$_15_/scd/¸top180.scel
$_15_/scd/δʾѡ.scel
$_15_/scd/йƱ.scel
$_15_/scd/ʫ300.scel
$_15_/scd/´.scel
$_15_/scdlist.ini
$_15_/sgim_annex.bin
$_15_/sgim_bigram.bin
$_15_/sgim_hz.bin
$_15_/sgim_py.bin
$_15_/sgim_pytip.bin
$_15_/sgim_sys.bin
$_15_/sgim_tra.bin
$_15_/sgim_url.bin
$_15_/userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

8815cac9fe44dd11c43aee4a684bca17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

GetCommandLineA
GetModuleHandleW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
DeleteFileW
FreeLibrary
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
LoadLibraryW
InterlockedIncrement
InterlockedCompareExchange
FindNextFileW
FindFirstFileW
FindClose
RemoveDirectoryW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenMutexW
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
ReleaseMutex
GetCommandLineW
GetVersionExW
GetModuleFileNameW
GetTickCount
SleepEx
CreateEventW
OpenEventW
LocalFree
SetLastError
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
LCMapStringW
Sleep
CreateThread
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
InterlockedDecrement
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RaiseException
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
CopyFileW
LoadLibraryA
InitializeCriticalSection
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLastError
CloseHandle
CreateProcessW

user32

GetSystemMetrics
LoadCursorW
GetLastInputInfo
DrawTextW
GetCursorPos
SetWindowPos
PostQuitMessage
MonitorFromPoint
GetMessageW
InvalidateRect
GetWindowRect
IntersectRect
SetTimer
SubtractRect
SetCursor
TranslateMessage
DispatchMessageW
EndPaint
FindWindowW
DefWindowProcW
BeginPaint
GetMonitorInfoW
PtInRect
LoadIconW
DestroyWindow
CreateWindowExW
AdjustWindowRect
RegisterClassExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW

wininet

InternetSetOptionW
InternetCloseHandle
InternetGetCookieW
InternetQueryOptionW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetOpenUrlW
HttpOpenRequestW
InternetReadFile
InternetCanonicalizeUrlW
InternetSetCookieW
InternetOpenW
HttpEndRequestW
InternetWriteFile
InternetConnectW
HttpSendRequestW

ziplib

UnZip
ZipFolder

gdi32

SetBkMode
SelectObject
CreateSolidBrush
MoveToEx
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectW
CreatePen
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/FC_Puncture.exe
.exe windows:4 windows x86 arch:x86

cd8484c5ab9a00c7c024b36bf56fa7bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CloseHandle
InterlockedIncrement
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
LocalFree
CreateMutexW
GetCurrentThreadId
ReleaseMutex
OpenMutexW
WaitForSingleObject
GetModuleFileNameW
GetCommandLineW
GetVersionExW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
Sleep
HeapSize
SetStdHandle
InitializeCriticalSection
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateDirectoryW
FindFirstFileW
FindClose
WideCharToMultiByte
GetEnvironmentStringsW
MultiByteToWideChar

user32

MessageBoxW

advapi32

RegCloseKey
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/Install.exe
.exe windows:4 windows x86 arch:x86

ecd614d365036c60cca8416288449c89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmInstallIMEW
ImmGetIMEFileNameW

kernel32

CloseHandle
FlushFileBuffers
GlobalFree
GetLastError
GetSystemDirectoryW
GlobalAlloc
CreateFileA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
Sleep
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
ReadFile

user32

UnloadKeyboardLayout
MessageBoxW
GetKeyboardLayoutList
LoadKeyboardLayoutW

advapi32

RegEnumValueW
RegFlushKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_16_/check.exe
.exe windows:4 windows x86 arch:x86

a700d2b44e57167a082b1ea05b531095

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

advapi32

RegQueryValueExA
RegFlushKey
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA

kernel32

Process32First
GetVersionExA
CloseHandle
GetCurrentProcessId
Module32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
Module32Next
TerminateProcess
FlushFileBuffers
CreateFileA
ReadFile
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

DialogBoxParamA
GetDlgItem
EndDialog
SendMessageA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_19_/sogoupy.ime
.dll windows:4 windows x86 arch:x86

64624a015d2d7c23a80749b7870e1f82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\forBD\sogouime31\Bin\SogouInput\sogoupy.pdb

Imports

shlwapi

StrStrIW

imm32

ImmLockIMCC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmReSizeIMCC
ImmGetIMCCSize
ImmUnlockIMC
ImmCreateIMCC
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmCreateSoftKeyboard
ImmGetIMEFileNameW
ImmUnlockIMCC

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GlobalFree
GlobalUnlock
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
OpenEventW
CloseHandle
GetModuleHandleW
CreateProcessW
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
GetFullPathNameA
GlobalAlloc
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
InterlockedExchange
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
TlsSetValue
GetLastError
TlsGetValue
GlobalLock
CreateDirectoryW
GetVersionExW
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
WaitForSingleObject
GetCurrentProcessId
LCMapStringW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
SleepEx
CopyFileW
HeapDestroy
ExitProcess
HeapSize
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
FindNextFileW
FindFirstFileW
MoveFileExW
FindClose
RemoveDirectoryW
TlsAlloc
TlsFree
GetCommandLineW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedCompareExchange
DeleteCriticalSection
ReleaseMutex
CreateMutexW
OpenMutexW
CreateEventW
LocalFree
MultiByteToWideChar
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
CreateThread
GetTickCount
Sleep
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
CompareStringW
GlobalReAlloc
LockResource
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetModuleHandleA
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA

user32

SetCursorPos
MessageBoxW
PostMessageW
MessageBeep
SendMessageW
MapVirtualKeyW
GetKeyState
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
keybd_event
GetFocus
GetCaretPos
LoadIconW
GetMenuInfo
GetMenuItemCount
ActivateKeyboardLayout
SystemParametersInfoW
GetKeyboardLayoutList
GetDC
ReleaseDC
GetCursorPos
GetDlgItem
EndDialog
SetWindowTextW
GetCursor
LoadCursorW
SetWindowLongW
UnregisterClassW
BeginPaint
DrawTextW
EndPaint
InflateRect
FillRect
CreateWindowExW
KillTimer
SubtractRect
ShowWindow
SetCapture
GetClassLongW
SetWindowRgn
GetSystemMetrics
UpdateLayeredWindow
ReleaseCapture
IntersectRect
ClientToScreen
SetRect
FindWindowW
DestroyWindow
SetClassLongW
OffsetRect
RedrawWindow
AppendMenuW
CreateDialogParamW
DialogBoxParamW
LoadImageW
CharNextW
GetClientRect
GetDesktopWindow
LoadBitmapW
RegisterClassExW
GetWindowLongW
DefWindowProcW
SetCursor
SetTimer
GetMenuItemInfoW
GetMonitorInfoW
CheckMenuItem
GetSubMenu
LoadMenuW
DestroyMenu
PtInRect
SetMenuItemInfoW
MonitorFromPoint
TrackPopupMenuEx
IsWindow
GetWindowRect
MoveWindow
SetWindowPos
SetCaretPos

gdi32

DeleteObject
CreateSolidBrush
SetTextColor
Rectangle
GetTextExtentPointW
GetStockObject
SetROP2
GetPixel
CreateCompatibleBitmap
CreateDCW
LineTo
CreateDIBSection
BitBlt
SetPixel
DeleteDC
GetROP2
CreateCompatibleDC
GdiFlush
MoveToEx
GetTextExtentPoint32W
SetBkMode
GetObjectW
GetGlyphOutlineW
TextOutW
GetTextMetricsW
GetFontData
CreateFontIndirectW
SelectObject
CreatePen
ExtCreateRegion
StretchBlt
CombineRgn
OffsetRgn
GetKerningPairsW

advapi32

SetNamedSecurityInfoW
SetSecurityInfo
RegQueryValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
LookupAccountSidW
GetSecurityInfo
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW

oleaut32

SysAllocString

wininet

HttpSendRequestW
InternetWriteFile
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetOpenUrlW
HttpEndRequestW
InternetCloseHandle
InternetReadFile
InternetGetCookieW
InternetSetCookieW
HttpSendRequestExW
InternetOpenW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetConnectW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 888KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SogouIn
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AllSkin/tmp/2008.ssf
.zip
AllSkin/tmp/ţг.ssf
.zip
AllSkin/tmp/ġް.ssf
.zip
AllSkin/tmp/-·ڽ.ssf
.zip
AllSkin/tmp/-һֻ.ssf
.zip
AllSkin/tmp/.ssf
.zip
AllSkin/tmp/ں-ϲ.ssf
.zip
AllSkin/tmp/ɫ.ssf
.zip
AllSkin/tmp/ɫռ.ssf
.zip
AllSkin/tmp/ɫռȫť.ssf
.zip
AllSkin/tmp/״̬ĬƤ.ssf
.zip
AllSkin/tmp/ѹ.ssf
.zip
AllSkin/tmp/ѹȫť.ssf
.zip
AllSkin/tmp/˹-.ssf
.zip
AllSkin/tmp/-͵.ssf
.zip
InstTemp/ConfigMover30b2.exe
.exe windows:4 windows x86 arch:x86

23c66f324e0bfa41a56200360ba3ef41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\forBD\sogouime31\Bin\SogouInput\ConfigMover30b2.pdb

Imports

imm32

ImmDisableIME

kernel32

CreateDirectoryW
GetVersionExW
CompareStringW
CompareStringA
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
RtlUnwind
LoadLibraryA
WideCharToMultiByte
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

SHFileOperationW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/HWSignature.dll
.dll windows:4 windows x86 arch:x86

a802b35f2201164659ebad8c5d11ae4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
FreeLibrary
HeapReAlloc
SetLastError
GlobalFree
GetTickCount
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
VirtualAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/PinyinUp.exe
.exe windows:4 windows x86 arch:x86

ac0bb73643e83d184cc9ec81c784b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW

comctl32

ord17

shlwapi

StrCmpIW

imm32

ImmDisableIME

kernel32

MultiByteToWideChar
ResumeThread
DeleteCriticalSection
EnterCriticalSection
CreateProcessW
CopyFileW
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
ReadFile
CreateFileW
CreateEventW
MoveFileExW
InitializeCriticalSection
WaitForSingleObject
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
LeaveCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetVersionExW
CreateDirectoryW
GetCurrentProcess
GetPrivateProfileStringW
FindNextFileW
Sleep
FindFirstFileW
CloseHandle
FindClose
UnmapViewOfFile
GetLocalTime
GetTempPathW
LocalFree
FormatMessageW
GetLastError
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SuspendThread
SetEnvironmentVariableA
WideCharToMultiByte
MapViewOfFile
GetFileType
CreateFileMappingW
OpenFileMappingW
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
OpenEventW
SetFilePointer
FlushFileBuffers
SetLastError
GetFileSize
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
GetProcAddress
FreeLibrary
LCMapStringW
GetTickCount
CreateThread
QueryPerformanceFrequency
InterlockedExchange
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
LoadLibraryA
GetSystemTimeAsFileTime
GetVersionExA
GetStartupInfoW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetEnvironmentStringsW

user32

GetClassLongW
GetWindowLongW
DispatchMessageW
TranslateMessage
ExitWindowsEx
GetMessageW
PostQuitMessage
LoadIconW
GetWindowTextW
MessageBoxW
BeginPaint
RegisterClassW
GetSystemMetrics
DefWindowProcW
SetWindowLongW
LoadCursorW
SendMessageW
CreateWindowExW
ShowWindow
SetWindowTextW
SetWindowPos
SetTimer
EndPaint

gdi32

GetStockObject
DeleteObject
CreateFontIndirectW

advapi32

RegCreateKeyExW
RegQueryValueW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW

hwsignature

GenHWID

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/Plugin/SgImeWord.dll
.dll windows:4 windows x86 arch:x86

f91f5cbdb7900bcd01edd1ba46fa5f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
MulDiv
lstrlenA
lstrcpynW
DebugBreak
Sleep
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadResource
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeLibrary
GetFileAttributesW
GetVersion
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
FindResourceW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
EnterCriticalSection
SizeofResource
lstrlenW
SetLastError
GetLastError
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
RaiseException
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate

user32

CharNextW
IsWindow
ShowWindow
GetClassLongW
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
keybd_event
EmptyClipboard
GetClipboardData
PtInRect
ScreenToClient
SetCursor
LoadCursorW
GetCursorPos
LoadStringW
DrawTextW
GetSystemMetrics
GetWindow
GetClientRect
DestroyWindow
GetParent
SetFocus
GetDC
ReleaseDC
SendMessageW
GetDlgItem
GetWindowLongW
LoadImageW
DestroyIcon
MapWindowPoints
SetWindowTextW
GetWindowTextW
CallWindowProcW
DefWindowProcW
GetKeyState
SystemParametersInfoW
wvsprintfW
GetWindowRect
InvalidateRect
CreateDialogParamW
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

SetTextColor
SetBkMode
LineTo
CreateFontIndirectW
ExtTextOutW
MoveToEx
SelectObject
DPtoLP
CreateCompatibleBitmap
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetBkColor
DeleteObject
GetDeviceCaps

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/Plugin/SgImeWord64.dll
.dll windows:4 windows x64 arch:x64

7d6cc627ddd88bb160fc8dfaa92b1e87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrlenA
MulDiv
DebugBreak
OutputDebugStringW
GlobalUnlock
Sleep
GlobalLock
GlobalAlloc
WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
RtlPcToFileHeader
ExitProcess
HeapSize
FlsAlloc
FlushInstructionCache
lstrcmpiW
LoadLibraryA
FreeLibrary
FindResourceW
InitializeCriticalSection
LoadLibraryExW
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
lstrlenW
LoadLibraryW
DeleteCriticalSection
SetLastError
MultiByteToWideChar
SizeofResource
GetLastError
GetVersion
RaiseException
GetModuleHandleA
TlsSetValue
FlsFree
TlsFree
FlsGetValue
HeapDestroy
HeapCreate
HeapSetInformation
RtlCaptureContext
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapReAlloc
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

user32

CharNextW
GetClassLongW
ShowWindow
SetWindowPos
SetClassLongW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardData
keybd_event
SetCursor
ScreenToClient
PtInRect
LoadCursorW
GetCursorPos
DrawTextW
LoadStringW
SystemParametersInfoW
GetSystemMetrics
GetParent
GetWindowLongPtrW
SendMessageW
GetClientRect
DestroyIcon
SetWindowTextW
SetFocus
LoadImageW
GetDC
MapWindowPoints
GetDlgItem
CallWindowProcW
DefWindowProcW
ReleaseDC
GetWindowLongW
wvsprintfW
GetKeyState
GetWindow
SetWindowLongW
DestroyWindow
GetWindowTextW
IsWindow
GetWindowRect
SetWindowLongPtrW
CreateDialogParamW
InvalidateRect
UnregisterClassA

gdi32

SetTextColor
CreateCompatibleBitmap
LineTo
SetBkColor
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
DeleteObject
BitBlt
SelectObject
ExtTextOutW
CreatePen
DeleteDC
DPtoLP
MoveToEx
SetBkMode

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

msimg32

TransparentBlt

Exports

Exports

fnCreateMain
fnCreateSimple
fnDestroyMain
fnDestroySimple
fnGetMainWindowPos
fnGetSimpleWindowPos
fnPutWords
fnPutWordsSimple
fnSetCloseMainCb
fnSetMainIMEWnd
fnSetMainPutInWnd
fnSetSimpleIMEWnd
fnSetSimplePutInWnd
fnSetWindowPos
fnSetWindowWords
fnShowMain
fnShowSimple

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/Resource.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ScdMaker.exe
.exe windows:4 windows x86 arch:x86

75e80bb0ee7b9af33e275abf7f2c5cd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
ReleaseMutex
OpenMutexW
WaitForSingleObject
FindClose
LocalFree
FindFirstFileW
InterlockedIncrement
InterlockedCompareExchange
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
GetTimeZoneInformation
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
CreateFileW
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
OpenFileMappingW
CreateFileMappingW
GetVersionExW
GetCommandLineW
GetModuleFileNameW
CopyFileW
MultiByteToWideChar
GetLastError
DeleteFileW
CreateDirectoryW
GetFileType

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdReg.exe
.exe windows:4 windows x86 arch:x86

64cd16d23472679e4c2525023ef37201

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

GetCommandLineW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
GetLastError
CreateFileMappingW
InterlockedIncrement
InterlockedCompareExchange
LocalFree
WriteFile
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
CreateMutexW
OpenMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleFileNameW
GetStringTypeW
LCMapStringA
GetCPInfo
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
OpenEventW
CreateEventW
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileW
DeleteFileW
FindClose
FindNextFileW
GetStringTypeA

user32

MessageBoxW

advapi32

GetSecurityDescriptorSacl
RegCloseKey
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ScdViewer.exe
.exe windows:4 windows x86 arch:x86

6f4dad20d6d7be53e98d78b5233452f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageW
GetDlgItem
EndDialog
DialogBoxParamW
GetWindowRect
SetWindowPos
GetSystemMetrics
MessageBoxW

gdi32

GetStockObject

kernel32

CompareStringA
CreateFileA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
WriteConsoleW
CompareStringW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
GetTimeZoneInformation
ReadFile
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LoadLibraryA
GetLocaleInfoW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SkinReg.exe
.exe windows:4 windows x86 arch:x86

a5da2ddbbb78c710496fa13b0b7918fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
CopyFileW
GetLastError
InterlockedIncrement
InterlockedCompareExchange
FindClose
FindNextFileW
LocalFree
FindFirstFileW
GetVersionExW
GetModuleFileNameW
GetCommandLineW
CreateFileW
OpenFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenMutexW
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
ReleaseMutex
WaitForSingleObject
GetProcAddress
FreeLibrary
LoadLibraryW
CreateProcessW
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
Sleep
HeapSize
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
EnterCriticalSection
GetLongPathNameW
GetFileSize

user32

ShowWindow
DialogBoxParamW
IsDlgButtonChecked
MessageBoxW
GetMonitorInfoW
BeginPaint
GetDlgItem
EndDialog
GetCursorPos
EndPaint
GetWindowRect
SetWindowTextW
MoveWindow
MonitorFromPoint

advapi32

SetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyExW
RegCloseKey
GetSecurityInfo
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/SogouTSF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

54352421f3c741ba4e5b28a5fc23cdce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/SpeedMeter.exe
.exe windows:4 windows x86 arch:x86

749c5fa9a46e899175aba9f78918cbbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalAlloc
GlobalFree
GetLastError
GetProcAddress
CreateDirectoryW
MapViewOfFile
CreateFileW
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
CloseHandle
InterlockedIncrement
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FindFirstFileW
FindClose
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
WaitForSingleObject
GetVersionExW
GetCommandLineW
GetModuleFileNameW
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
WriteFile
LCMapStringW
GetTickCount
CreateThread
QueryPerformanceFrequency
Sleep
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetCPInfo
LCMapStringA
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock

user32

CreateDialogParamW
DialogBoxParamW
SetClipboardData
OpenClipboard
MessageBoxW
GetWindowLongW
EmptyClipboard
SetWindowTextW
GetDlgItem
EndDialog
CloseClipboard
IsIconic
FindWindowW
ShowWindow
SetForegroundWindow
DefWindowProcW
SetTimer
SetWindowLongW

comctl32

InitCommonControlsEx

advapi32

SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UserPage.exe
.exe windows:4 windows x86 arch:x86

6415271be83593c202ebe8d99f070c27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetConversionStatus
ImmGetContext

kernel32

GetModuleHandleW
GetLastError
CreateEventW
CloseHandle
CreateThread
MultiByteToWideChar
GetModuleFileNameW
CompareStringA
SetEndOfFile
GetDriveTypeA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetConsoleMode
CreateFileA
CompareStringW
GetConsoleCP
GetCurrentDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcAddress
FreeLibrary
LoadLibraryW
CreateDirectoryW
DeleteFileW
WideCharToMultiByte
FindNextFileW
LocalFree
FindFirstFileW
FindClose
GetVersionExW
GetCommandLineW
CreateFileMappingW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedCompareExchange
MoveFileExW
RemoveDirectoryW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
GetTickCount
Sleep
CreateProcessW
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
LCMapStringA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentProcessId
GetFullPathNameW

user32

GetClassNameW
ReleaseCapture
GetCursorPos
GetWindowLongW
OffsetRect
GetWindowRect
SendMessageW
MoveWindow
SetWindowLongW
SetWindowTextW
GetDlgCtrlID
RedrawWindow
ShowWindow
SetCapture
SetCursorPos
ActivateKeyboardLayout
GetSystemMetrics
PtInRect
BeginPaint
SetRect
DefWindowProcW
GetCursor
GetMonitorInfoW
SetWindowRgn
UpdateLayeredWindow
RegisterClassExW
FillRect
MonitorFromPoint
DestroyWindow
EndPaint
SubtractRect
KillTimer
InflateRect
CreateDialogParamW
DialogBoxParamW
TrackMouseEvent
GetParent
CallWindowProcW
GetDlgItem
LoadBitmapW
GetKeyboardLayoutList
SetForegroundWindow
IsIconic
CreateWindowExW
SetClassLongW
SetCursor
LoadCursorW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
PostMessageW
ReleaseDC
DrawTextW
CheckDlgButton
GetDC
MessageBoxW
IntersectRect
EndDialog
FindWindowW
SetWindowPos
IsDlgButtonChecked
SetTimer
SetFocus
SetDlgItemTextW
GetWindowTextW

gdi32

GetStockObject
CreateCompatibleDC
DeleteDC
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
SelectObject
SetBkMode
StretchBlt
CreatePen
GetTextExtentPointW
Rectangle
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap
GetPixel
BitBlt
CreateDIBSection
SetTextColor

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetCanonicalizeUrlW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

advapi32

RegQueryValueExW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegOpenKeyExW
RegCloseKey
RegQueryValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/UsrDictUtil.exe
.exe windows:4 windows x86 arch:x86

21ee3a187e591c7ae89f82034164cdad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileW
GetLastError
FindClose
DeleteFileW
FindFirstFileW
MoveFileExW
CreateDirectoryW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
CreateMutexW
GetCurrentThreadId
LocalFree
WriteFile
ReadFile
FlushFileBuffers
SetLastError
GetFileSize
SetFilePointer
LCMapStringW
GetTickCount
QueryPerformanceFrequency
CreateThread
Sleep
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RaiseException
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
GetCPInfo
OpenFileMappingW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileMappingW
CloseHandle
OpenEventW
CreateEventW
GetModuleFileNameW
GetVersionExW
GetCommandLineW
InterlockedIncrement
InterlockedCompareExchange
CopyFileW
GetModuleHandleA

user32

MessageBoxW

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/ZipLib.dll
.dll windows:4 windows x86 arch:x86

a96908fbad3debc374b157a0a2bbaa71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetDriveTypeA
GetVolumeInformationA
InterlockedExchange
ReleaseMutex
CloseHandle
FindFirstFileA
GetFileType
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
lstrcmpiW
GetVolumeInformationW
WaitForSingleObject
lstrlenW
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
CreateFileW
SetVolumeLabelW
GetLocalTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFullPathNameW
DosDateTimeToFileTime
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CreateMutexW
CreateFileA
InitializeCriticalSection
EnterCriticalSection
GetTempPathW
LeaveCriticalSection
CreateDirectoryW
MultiByteToWideChar
MoveFileW
CopyFileW
GetTempPathA
GetLastError
WideCharToMultiByte
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileA
InterlockedDecrement
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

SetKernelObjectSecurity
GetSecurityDescriptorControl
IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetKernelObjectSecurity
OpenProcessToken
GetSecurityDescriptorSacl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/ZipLib64.dll
.dll windows:4 windows x64 arch:x64

537f48e4f2bd5228095570b534b62dc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
GetVolumeInformationA
ReleaseMutex
CreateFileA
CloseHandle
GetFileTime
FileTimeToLocalFileTime
GetVersion
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcmpiW
GetDriveTypeW
GetProcessHeap
lstrlenW
CreateFileW
SetVolumeLabelW
GetLocalTime
GetFullPathNameW
DosDateTimeToFileTime
SetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetLocaleInfoW
GetFileAttributesW
lstrcpyW
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
CreateMutexW
WideCharToMultiByte
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
MultiByteToWideChar
GetTempPathA
MoveFileW
CopyFileW
GetLastError
FindNextFileW
FindFirstFileW
GetVolumeInformationW
FindClose
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
MoveFileA
GetCPInfo
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapSetInformation
HeapCreate
HeapDestroy
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
Sleep
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesA
SetEnvironmentVariableW

user32

CharToOemA
OemToCharA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
GetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorControl

Exports

Exports

UnZip
ZipFolder

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstTemp/config.exe
.exe windows:4 windows x86 arch:x86

e8332a14e636fd73a98853ed20469122

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetOpenStatus
ImmGetContext

comctl32

InitCommonControlsEx

kernel32

GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileA
WriteConsoleA
WriteConsoleW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
CopyFileW
OpenEventW
GetExitCodeProcess
CreateProcessW
GetLastError
HeapSize
GetConsoleMode
GetConsoleCP
GetTickCount
GetLocalTime
CloseHandle
FindFirstFileW
GetConsoleOutputCP
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentProcessId
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
CreateDirectoryW
GetProcAddress
GetCurrentThreadId
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindClose
RemoveDirectoryW
FindNextFileW
MoveFileExW
GetCommandLineW
GetModuleFileNameW
GetVersionExW
LocalFree
MultiByteToWideChar
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
SetLastError
LCMapStringW
CreateThread
Sleep
GlobalLock
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalReAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
RaiseException
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount

user32

GetWindowRect
GetSystemMetrics
OffsetRect
CreateWindowExW
GetWindowLongW
ClientToScreen
GetWindowTextLengthW
GetWindowTextW
GetDlgItemTextW
ScreenToClient
GetUpdateRect
ReleaseDC
GetDC
InvalidateRect
CheckRadioButton
GetDlgItem
PostMessageW
SetDlgItemTextW
LoadStringW
CreateDialogParamW
DialogBoxParamW
DefWindowProcW
MonitorFromPoint
DestroyWindow
SubtractRect
GetCursorPos
SetWindowPos
ReleaseCapture
PtInRect
LoadCursorW
SetCapture
IntersectRect
RedrawWindow
IsDlgButtonChecked
GetCursor
SetWindowRgn
GetMonitorInfoW
UpdateLayeredWindow
SetCursor
SetCursorPos
LoadImageW
CharNextW
InflateRect
GetDesktopWindow
EnableWindow
CheckDlgButton
SetTimer
EndDialog
SetWindowTextW
KillTimer
FillRect
DrawTextW
BeginPaint
EndPaint
SetForegroundWindow
FindWindowW
IsIconic
SetWindowLongW
MoveWindow
ShowWindow
LoadIconW
GetClientRect
MessageBoxW
SetFocus
SendMessageW
SetRect

gdi32

GetTextExtentPoint32W
CreateSolidBrush
SetViewportOrgEx
GetDeviceCaps
EnumFontFamiliesExW
SelectClipRgn
GetTextExtentPointW
CreatePen
CreateRectRgn
ExtCreateRegion
CombineRgn
OffsetRgn
GetKerningPairsW
GetTextMetricsW
GetFontData
GetGlyphOutlineW
BitBlt
CreateDIBSection
CreateCompatibleBitmap
GetPixel
GetObjectW
SetTextColor
MoveToEx
SetBkMode
Rectangle
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
StretchBlt
TextOutW
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

GetSecurityInfo
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
RegCreateKeyExW
SetNamedSecurityInfoW

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

msimg32

TransparentBlt
AlphaBlend

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstTemp/sgim_annex.bin
InstTemp/sgim_bigram.bin
InstTemp/sgim_hz.bin
InstTemp/sgim_py.bin
InstTemp/sgim_pytip.bin
InstTemp/sgim_sys.bin
InstTemp/sgim_tra.bin
InstTemp/sgim_url.bin
InstTemp/userNetSchedule.exe
.exe windows:4 windows x86 arch:x86

8815cac9fe44dd11c43aee4a684bca17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

GetCommandLineA
GetModuleHandleW
GetTempFileNameW
MoveFileExW
CreateDirectoryW
DeleteFileW
FreeLibrary
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
LoadLibraryW
InterlockedIncrement
InterlockedCompareExchange
FindNextFileW
FindFirstFileW
FindClose
RemoveDirectoryW
OpenFileMappingW
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenMutexW
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
ReleaseMutex
GetCommandLineW
GetVersionExW
GetModuleFileNameW
GetTickCount
SleepEx
CreateEventW
OpenEventW
LocalFree
SetLastError
GetFileSize
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
LCMapStringW
Sleep
CreateThread
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
InterlockedDecrement
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RaiseException
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
CopyFileW
LoadLibraryA
InitializeCriticalSection
HeapSize
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLastError
CloseHandle
CreateProcessW

user32

GetSystemMetrics
LoadCursorW
GetLastInputInfo
DrawTextW
GetCursorPos
SetWindowPos
PostQuitMessage
MonitorFromPoint
GetMessageW
InvalidateRect
GetWindowRect
IntersectRect
SetTimer
SubtractRect
SetCursor
TranslateMessage
DispatchMessageW
EndPaint
FindWindowW
DefWindowProcW
BeginPaint
GetMonitorInfoW
PtInRect
LoadIconW
DestroyWindow
CreateWindowExW
AdjustWindowRect
RegisterClassExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW

wininet

InternetSetOptionW
InternetCloseHandle
InternetGetCookieW
InternetQueryOptionW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetOpenUrlW
HttpOpenRequestW
InternetReadFile
InternetCanonicalizeUrlW
InternetSetCookieW
InternetOpenW
HttpEndRequestW
InternetWriteFile
InternetConnectW
HttpSendRequestW

ziplib

UnZip
ZipFolder

gdi32

SetBkMode
SelectObject
CreateSolidBrush
MoveToEx
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectW
CreatePen
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShuangPinSchemes/ABC.ini
ShuangPinSchemes/MS2003.ini
ShuangPinSchemes/PinyinJiaJia.ini
ShuangPinSchemes/Sogou.ini
ShuangPinSchemes/ZiGuang.ini
ShuangPinSchemes/ZiRanMa.ini
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
scd/ʫ.scel
scd/¸top180.scel
scd/δʾѡ.scel
scd/йƱ.scel
scd/ʫ300.scel
scd/´.scel
scdlist.ini

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 220KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 7KB - Virtual size: 8KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 22KB

.reloc Size: 1024B - Virtual size: 734B

cb85ba6da4703d21bc1dd256035b2c46

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 8KB

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

UPX0
Size: - Virtual size: 220KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 22KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 888KB - Virtual size: 887KB

.rdata
Size: 172KB - Virtual size: 169KB

.data
Size: 148KB - Virtual size: 177KB

.SogouIn
Size: 4KB - Virtual size: 4B

.rsrc
Size: 124KB - Virtual size: 122KB

.reloc
Size: 44KB - Virtual size: 40KB