7361ef8270f5d3abb2a384a689eb66b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7361ef8270f5d3abb2a384a689eb66b3_JaffaCakes118
Size

3.4MB
MD5

7361ef8270f5d3abb2a384a689eb66b3
SHA1

aa4acdc8d8597e786444b5f4c62425b47379012c
SHA256

5fdb85d8cc5bd0bf41fe1fafe668c5a5d734c4de80f609aabf76ab9729d0f064
SHA512

57ba5c9ce61680fe3e100475d2458f8eb5533524de1766218d0585cd0191e0ca6dd9a8622b8f278191b73528c35de1a5376e6cc01b3a155802483e4a2be6540d
SSDEEP

49152:qXnKE9U0UFmKhpNWS+jc+7UjNih+L7KdG/0P9NgZrBjubxx9tZNaePsX8jnmlpua:qaZ0kRZHL7KUcP9+ZrE7TZLnjn0Qa

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/冰盾8.2安装程序.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/BdFwSvc.exe
unpack002/PSAPI.DLL
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsExec.dll
unpack002/bdfw.exe
unpack002/bin/efwinstall.exe
unpack002/driver/2k/enetfilt2k.sys
unpack002/driver/xp/enetfilt.sys
unpack002/easydb.dll
unpack002/lang/BdFwChs.dll
unpack002/libcurl.dll
unpack001/冰盾8.2破解补丁.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/冰盾8.2安装程序.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_1

Files

7361ef8270f5d3abb2a384a689eb66b3_JaffaCakes118
.rar
冰盾8.2安装程序.exe
.exe windows:4 windows x86 arch:x86

1776ef176e821fae67f5fb6eb56cce45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

1f17b0b6882d6afd1cf8c1e07e5acc0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
HeapFree
HeapAlloc
WideCharToMultiByte
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
SetStdHandle
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetStdHandle
FlushFileBuffers
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetFilePointer
SetLastError
GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
GlobalAlloc
lstrcpynA

advapi32

GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
IsValidSid

Exports

Exports

GetAccountType
GetName
GetSidString

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

0a429a757fe850cda370ca04651f8539

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetExitCodeProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
CloseHandle
GlobalAlloc
GetModuleFileNameA
lstrcmpiA
GetCommandLineA
DeleteFileA
GlobalLock
GlobalFree

user32

SendMessageA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BdFwSvc.exe
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: 292KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PSAPI.DLL
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SysConf.dat
Uninstall.exe
.exe windows:4 windows x86 arch:x86

1776ef176e821fae67f5fb6eb56cce45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

1f17b0b6882d6afd1cf8c1e07e5acc0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
HeapFree
HeapAlloc
WideCharToMultiByte
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
SetStdHandle
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetStdHandle
FlushFileBuffers
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetFilePointer
SetLastError
GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
GlobalAlloc
lstrcpynA

advapi32

GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
IsValidSid

Exports

Exports

GetAccountType
GetName
GetSidString

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

0a429a757fe850cda370ca04651f8539

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetExitCodeProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
CloseHandle
GlobalAlloc
GetModuleFileNameA
lstrcmpiA
GetCommandLineA
DeleteFileA
GlobalLock
GlobalFree

user32

SendMessageA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdfw.exe
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: 308KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/efwinstall.exe
.exe windows:5 windows x86 arch:x86

42333f0c9a25e176038c934a8d62661e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_except_handler3
_controlfp
_initterm
_c_exit
wcslen
vwprintf
_iob
fflush
wprintf
iswprint
wcscpy
exit
wcschr
__wgetmainargs
__winitenv
_cexit
_XcptFilter
__set_app_type
tolower

kernel32

GetTickCount
CreateThread
GetLastError
Sleep

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

user32

GetWindowInfo
SetFocus
SendInput
FindWindowW

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/unicode.map
driver/2k/bdwrap2k.inf
driver/2k/bdwrap2k_m.inf
driver/2k/enetfilt2k.sys
.sys windows:5 windows x86 arch:x86

f45440b92c92d461d027c85373e2e6fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DevCode\src\driver\objfre_w2K_x86\i386\enetfilt2k.pdb

Imports

ntoskrnl.exe

ExSystemTimeToLocalTime
RtlTimeToTimeFields
RtlUshortByteSwap
RtlUlongByteSwap
IoAllocateMdl
InterlockedDecrement
MmBuildMdlForNonPagedPool
IoFreeMdl
KeSetEvent
IoCreateNotificationEvent
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeClearEvent
MmMapLockedPagesSpecifyCache
InterlockedCompareExchange
_except_handler3
ExfInterlockedRemoveHeadList
IofCompleteRequest
RtlInitUnicodeString
InterlockedIncrement
KeInitializeSpinLock
ExfInterlockedInsertTailList
ZwClose
_alldiv
_allrem
_allmul
KeQuerySystemTime
ExFreePool
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
DbgPrint

hal

KeQueryPerformanceCounter

ndis.sys

NdisDprReleaseSpinLock
NdisAllocateMemoryWithTag
NdisQueryBufferSafe
NdisQueryBuffer
NdisReturnPackets
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisFreeBuffer
NdisTransferData
NdisAllocatePacket
NdisIMCopySendPerPacketInfo
NdisSend
NdisDprAcquireSpinLock
NdisFreePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisReset
NdisGetCurrentProcessorCounts
NdisFreeSpinLock
NdisInterlockedDecrement
NdisFreePacketPool
NdisFreeMemory
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisDeregisterProtocol
NdisOpenProtocolConfiguration
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterDevice
NdisSetEvent
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisRequest
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMCancelTimer
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisIMDeregisterLayeredMiniport
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisInitUnicodeString
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisSystemProcessorCount
NdisAllocateBufferPool
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisCloseConfiguration
NdisReadConfiguration

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/bdwrap.inf
driver/xp/bdwrap_m.inf
driver/xp/enetfilt.sys
.sys windows:5 windows x86 arch:x86

850bf775059535252def33df3fb7619d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DevCode\src\driver\objfre_wxp_x86\i386\enetfilt.pdb

Imports

ntoskrnl.exe

ExSystemTimeToLocalTime
RtlTimeToTimeFields
IoAllocateMdl
InterlockedDecrement
MmBuildMdlForNonPagedPool
IoFreeMdl
KeSetEvent
IoCreateNotificationEvent
KeInitializeEvent
InterlockedExchange
KeWaitForSingleObject
KeClearEvent
MmMapLockedPagesSpecifyCache
InterlockedCompareExchange
_except_handler3
ExfInterlockedRemoveHeadList
IofCompleteRequest
RtlInitUnicodeString
InterlockedIncrement
KeInitializeSpinLock
ExfInterlockedInsertTailList
ZwClose
_alldiv
_allrem
_allmul
KeQuerySystemTime
ExFreePool
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExAllocatePoolWithTag
DbgPrint

hal

KeQueryPerformanceCounter

ndis.sys

NdisDprReleaseSpinLock
NdisAllocateMemoryWithTag
NdisQueryBufferSafe
NdisReturnPackets
NdisGetPoolFromPacket
NdisUnchainBufferAtFront
NdisAllocateBuffer
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisFreeBuffer
NdisTransferData
NdisIMGetCurrentPacketStack
NdisSend
NdisDprAcquireSpinLock
NdisIMCopySendPerPacketInfo
NdisIMCopySendCompletePerPacketInfo
NdisFreePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisReset
NdisGetCurrentProcessorCounts
NdisFreeSpinLock
NdisInterlockedDecrement
NdisFreePacketPool
NdisFreeMemory
NdisInterlockedIncrement
NdisIMCancelInitializeDeviceInstance
NdisIMDeInitializeDeviceInstance
NdisAllocatePacket
NdisIMDeregisterLayeredMiniport
NdisSetEvent
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisRequest
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMCancelTimer
NdisCancelSendPackets
NdisAllocateSpinLock
NdisMRegisterDevice
NdisMSleep
NdisMDeregisterDevice
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisInitUnicodeString
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisSystemProcessorCount
NdisAllocateBufferPool
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisCloseConfiguration
NdisReadConfiguration
NdisOpenProtocolConfiguration
NdisDeregisterProtocol
NdisIMNotifyPnPEvent
NdisReEnumerateProtocolBindings

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
easydb.dll
.dll windows:4 windows x86 arch:x86

65238d542ed63889203e85026185205d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
MapViewOfFile
CreateFileMappingA
FlushFileBuffers
UnmapViewOfFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetStdHandle
GetLastError
GetFileType
CreateFileA
HeapReAlloc
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ReadFile
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualProtect
GetSystemInfo

Exports

Exports

??0c4_Bytes@@QAE@ABV0@@Z
??0c4_Bytes@@QAE@PBXH@Z
??0c4_Bytes@@QAE@PBXH_N@Z
??0c4_Bytes@@QAE@XZ
??0c4_BytesProp@@QAE@ABV0@@Z
??0c4_BytesProp@@QAE@PBD@Z
??0c4_BytesRef@@QAE@ABVc4_Reference@@@Z
??0c4_Cursor@@QAE@AAVc4_Sequence@@H@Z
??0c4_CustomViewer@@IAE@XZ
??0c4_CustomViewer@@QAE@ABV0@@Z
??0c4_DoubleProp@@QAE@ABV0@@Z
??0c4_DoubleProp@@QAE@PBD@Z
??0c4_DoubleRef@@QAE@ABVc4_Reference@@@Z
??0c4_FileStrategy@@QAE@ABV0@@Z
??0c4_FileStrategy@@QAE@PAU_iobuf@@@Z
??0c4_FileStream@@QAE@ABV0@@Z
??0c4_FileStream@@QAE@PAU_iobuf@@_N@Z
??0c4_FloatProp@@QAE@ABV0@@Z
??0c4_FloatProp@@QAE@PBD@Z
??0c4_FloatRef@@QAE@ABVc4_Reference@@@Z
??0c4_IntProp@@QAE@ABV0@@Z
??0c4_IntProp@@QAE@PBD@Z
??0c4_IntRef@@QAE@ABVc4_Reference@@@Z
??0c4_LongRef@@QAE@ABVc4_Reference@@@Z
??0c4_Property@@QAE@ABV0@@Z
??0c4_Property@@QAE@DH@Z
??0c4_Property@@QAE@DPBD@Z
??0c4_Reference@@QAE@ABVc4_RowRef@@ABVc4_Property@@@Z
??0c4_Row@@QAE@ABV0@@Z
??0c4_Row@@QAE@ABVc4_RowRef@@@Z
??0c4_Row@@QAE@XZ
??0c4_RowRef@@IAE@Vc4_Cursor@@@Z
??0c4_Sequence@@QAE@XZ
??0c4_Storage@@QAE@AAVc4_Strategy@@_NH@Z
??0c4_Storage@@QAE@ABV0@@Z
??0c4_Storage@@QAE@ABVc4_View@@@Z
??0c4_Storage@@QAE@PBDH@Z
??0c4_Storage@@QAE@XZ
??0c4_Strategy@@QAE@ABV0@@Z
??0c4_Strategy@@QAE@XZ
??0c4_Stream@@QAE@ABV0@@Z
??0c4_Stream@@QAE@XZ
??0c4_String@@QAE@ABV0@@Z
??0c4_String@@QAE@DH@Z
??0c4_String@@QAE@PBD@Z
??0c4_String@@QAE@PBE@Z
??0c4_String@@QAE@PBXH@Z
??0c4_String@@QAE@XZ
??0c4_StringProp@@QAE@ABV0@@Z
??0c4_StringProp@@QAE@PBD@Z
??0c4_StringRef@@QAE@ABVc4_Reference@@@Z
??0c4_View@@QAE@ABV0@@Z
??0c4_View@@QAE@ABVc4_Property@@@Z
??0c4_View@@QAE@PAVc4_CustomViewer@@@Z
??0c4_View@@QAE@PAVc4_Sequence@@@Z
??0c4_View@@QAE@PAVc4_Stream@@@Z
??0c4_ViewProp@@QAE@ABV0@@Z
??0c4_ViewProp@@QAE@PBD@Z
??0c4_ViewRef@@QAE@ABVc4_Reference@@@Z
??1c4_Bytes@@QAE@XZ
??1c4_BytesProp@@QAE@XZ
??1c4_CustomViewer@@UAE@XZ
??1c4_DoubleProp@@QAE@XZ
??1c4_FileStrategy@@UAE@XZ
??1c4_FileStream@@UAE@XZ
??1c4_FloatProp@@QAE@XZ
??1c4_IntProp@@QAE@XZ
??1c4_Property@@QAE@XZ
??1c4_Row@@QAE@XZ
??1c4_Sequence@@MAE@XZ
??1c4_Storage@@QAE@XZ
??1c4_Strategy@@UAE@XZ
??1c4_Stream@@UAE@XZ
??1c4_String@@QAE@XZ
??1c4_StringProp@@QAE@XZ
??1c4_View@@QAE@XZ
??1c4_ViewProp@@QAE@XZ
??4c4_Bytes@@QAEAAV0@ABV0@@Z
??4c4_BytesProp@@QAEAAV0@ABV0@@Z
??4c4_BytesRef@@QAEAAV0@ABV0@@Z
??4c4_BytesRef@@QAEAAV0@ABVc4_Bytes@@@Z
??4c4_Cursor@@QAEAAV0@ABV0@@Z
??4c4_CustomViewer@@QAEAAV0@ABV0@@Z
??4c4_DoubleProp@@QAEAAV0@ABV0@@Z
??4c4_DoubleRef@@QAEAAV0@ABV0@@Z
??4c4_DoubleRef@@QAEAAV0@N@Z
??4c4_FileStrategy@@QAEAAV0@ABV0@@Z
??4c4_FileStream@@QAEAAV0@ABV0@@Z
??4c4_FloatProp@@QAEAAV0@ABV0@@Z
??4c4_FloatRef@@QAEAAV0@ABV0@@Z
??4c4_FloatRef@@QAEAAV0@N@Z
??4c4_IntProp@@QAEAAV0@ABV0@@Z
??4c4_IntRef@@QAEAAV0@ABV0@@Z
??4c4_IntRef@@QAEAAV0@J@Z
??4c4_LongRef@@QAEAAV0@ABV0@@Z
??4c4_LongRef@@QAEAAV0@_J@Z
??4c4_Property@@QAEXABV0@@Z
??4c4_Reference@@QAEAAV0@ABV0@@Z
??4c4_Row@@QAEAAV0@ABV0@@Z
??4c4_Row@@QAEAAV0@ABVc4_RowRef@@@Z
??4c4_RowRef@@QAE?AV0@ABV0@@Z
??4c4_Storage@@QAEAAV0@ABV0@@Z
??4c4_Strategy@@QAEAAV0@ABV0@@Z
??4c4_Stream@@QAEAAV0@ABV0@@Z
??4c4_String@@QAEABV0@ABV0@@Z
??4c4_StringProp@@QAEAAV0@ABV0@@Z
??4c4_StringRef@@QAEAAV0@ABV0@@Z
??4c4_StringRef@@QAEAAV0@PBD@Z
??4c4_View@@QAEAAV0@ABV0@@Z
??4c4_ViewProp@@QAEAAV0@ABV0@@Z
??4c4_ViewRef@@QAEAAV0@ABV0@@Z
??4c4_ViewRef@@QAEAAV0@ABVc4_View@@@Z
??8@YA_NABVc4_Bytes@@0@Z
??8@YA_NABVc4_Reference@@0@Z
??8@YA_NABVc4_RowRef@@0@Z
??8@YA_NABVc4_String@@0@Z
??8@YA_NABVc4_String@@PBD@Z
??8@YA_NABVc4_View@@0@Z
??8@YA_NPBDABVc4_String@@@Z
??8@YA_NVc4_Cursor@@0@Z
??9@YA_NABVc4_Bytes@@0@Z
??9@YA_NABVc4_Reference@@0@Z
??9@YA_NABVc4_RowRef@@0@Z
??9@YA_NABVc4_String@@0@Z
??9@YA_NABVc4_String@@PBD@Z
??9@YA_NABVc4_View@@0@Z
??9@YA_NPBDABVc4_String@@@Z
??9@YA_NVc4_Cursor@@0@Z
??Ac4_BytesProp@@QBE?AVc4_Row@@ABVc4_Bytes@@@Z
??Ac4_Cursor@@QBE?AVc4_RowRef@@H@Z
??Ac4_DoubleProp@@QBE?AVc4_Row@@N@Z
??Ac4_FloatProp@@QBE?AVc4_Row@@N@Z
??Ac4_IntProp@@QBE?AVc4_Row@@J@Z
??Ac4_String@@QBEDH@Z
??Ac4_StringProp@@QBE?AVc4_Row@@PBD@Z
??Ac4_View@@QBE?AVc4_RowRef@@H@Z
??Ac4_ViewProp@@QBE?AVc4_Row@@ABVc4_View@@@Z
??Bc4_BytesRef@@QBE?AVc4_Bytes@@XZ
??Bc4_DoubleRef@@QBENXZ
??Bc4_FloatRef@@QBENXZ
??Bc4_IntRef@@QBEJXZ
??Bc4_LongRef@@QBE_JXZ
??Bc4_String@@QBEPBDXZ
??Bc4_String@@QBEPBEXZ
??Bc4_StringRef@@QBEPBDXZ
??Bc4_ViewRef@@QBE?AVc4_View@@XZ
??Dc4_Cursor@@QBE?AVc4_RowRef@@XZ
??Ec4_Cursor@@QAE?AV0@H@Z
??Ec4_Cursor@@QAEAAV0@XZ
??Fc4_Cursor@@QAE?AV0@H@Z
??Fc4_Cursor@@QAEAAV0@XZ
??Gc4_Cursor@@QBE?AV0@H@Z
??Gc4_Cursor@@QBEHV0@@Z
??H@YA?AVc4_Cursor@@HV0@@Z
??H@YA?AVc4_Cursor@@V0@H@Z
??H@YA?AVc4_Row@@ABVc4_RowRef@@0@Z
??H@YA?AVc4_String@@ABV0@0@Z
??H@YA?AVc4_String@@ABV0@PBD@Z
??H@YA?AVc4_String@@PBDABV0@@Z
??Ic4_RowRef@@QBE?AVc4_Cursor@@XZ
??M@YA_NABVc4_RowRef@@0@Z
??M@YA_NABVc4_View@@0@Z
??M@YA_NVc4_Cursor@@0@Z
??Mc4_String@@QBE_NABV0@@Z
??N@YA_NABVc4_RowRef@@0@Z
??N@YA_NABVc4_View@@0@Z
??N@YA_NVc4_Cursor@@0@Z
??O@YA_NABVc4_RowRef@@0@Z
??O@YA_NABVc4_View@@0@Z
??O@YA_NVc4_Cursor@@0@Z
??P@YA_NABVc4_RowRef@@0@Z
??P@YA_NABVc4_View@@0@Z
??P@YA_NVc4_Cursor@@0@Z
??Qc4_Property@@QBE?AVc4_View@@ABV0@@Z
??Qc4_View@@QBE?AV0@ABVc4_Property@@@Z
??Rc4_BytesProp@@QBE?AVc4_BytesRef@@ABVc4_RowRef@@@Z
??Rc4_DoubleProp@@QBE?AVc4_DoubleRef@@ABVc4_RowRef@@@Z
??Rc4_FloatProp@@QBE?AVc4_FloatRef@@ABVc4_RowRef@@@Z
??Rc4_IntProp@@QBE?AVc4_IntRef@@ABVc4_RowRef@@@Z
??Rc4_Property@@QBE?AVc4_Reference@@ABVc4_RowRef@@@Z
??Rc4_StringProp@@QBE?AVc4_StringRef@@ABVc4_RowRef@@@Z
??Rc4_ViewProp@@QBE?AVc4_ViewRef@@ABVc4_RowRef@@@Z
??Yc4_Cursor@@QAEAAV0@H@Z
??Yc4_String@@QAEABV0@ABV0@@Z
??Yc4_String@@QAEABV0@PBD@Z
??Zc4_Cursor@@QAEAAV0@H@Z
??_7c4_CustomViewer@@6B@
??_7c4_FileStrategy@@6B@
??_7c4_FileStream@@6B@
??_7c4_Sequence@@6B@
??_7c4_Strategy@@6B@
??_7c4_Stream@@6B@
??_Fc4_FileStrategy@@QAEXXZ
??_Fc4_View@@QAEXXZ
?Access@c4_BytesRef@@QBE?AVc4_Bytes@@JH@Z
?Add@c4_View@@QAEHABVc4_RowRef@@@Z
?AddProperty@c4_View@@QAEHABVc4_Property@@@Z
?Allocate@c4_Row@@CA?AVc4_Cursor@@XZ
?AsRow@c4_BytesProp@@QBE?AVc4_Row@@ABVc4_Bytes@@@Z
?AsRow@c4_DoubleProp@@QBE?AVc4_Row@@N@Z
?AsRow@c4_FloatProp@@QBE?AVc4_Row@@N@Z
?AsRow@c4_IntProp@@QBE?AVc4_Row@@J@Z
?AsRow@c4_StringProp@@QBE?AVc4_Row@@PBD@Z
?AsRow@c4_ViewProp@@QBE?AVc4_Row@@ABVc4_View@@@Z
?Attach@c4_Sequence@@QAEXPAV1@@Z
?AutoCommit@c4_Storage@@QAE_N_N@Z
?Blocked@c4_View@@QBE?AV1@XZ
?Buffer@c4_Sequence@@QAEAAVc4_Bytes@@XZ
?CleanupInternalData@c4_Property@@SAXXZ
?ClearCache@c4_Sequence@@IAEXXZ
?Clone@c4_View@@QBE?AV1@XZ
?Commit@c4_Storage@@QAE_N_N@Z
?Compare@c4_Sequence@@UBEHHVc4_Cursor@@@Z
?Compare@c4_String@@QBEHPBD@Z
?Compare@c4_View@@QBEHABV1@@Z
?CompareNoCase@c4_String@@QBEHPBD@Z
?Concat@c4_View@@QBE?AV1@ABV1@@Z
?ConcatRow@c4_Row@@QAEXABVc4_RowRef@@@Z
?Container@c4_RowRef@@QBE?AVc4_View@@XZ
?Contents@c4_Bytes@@QBEPBEXZ
?Counts@c4_View@@QBE?AV1@ABV1@ABVc4_IntProp@@@Z
?Data@c4_String@@ABEPBDXZ
?DataCommit@c4_FileStrategy@@UAEXJ@Z
?DataCommit@c4_Strategy@@UAEXJ@Z
?DataOpen@c4_FileStrategy@@UAE_NPBDH@Z
?DataRead@c4_FileStrategy@@UAEHJPAXH@Z
?DataRead@c4_Strategy@@UAEHJPAXH@Z
?DataWrite@c4_FileStrategy@@UAEXJPBXH@Z
?DataWrite@c4_Strategy@@UAEXJPBXH@Z
?DecRef@c4_Sequence@@QAEXXZ
?Description@c4_Sequence@@UAEPBDXZ
?Description@c4_Storage@@QAEPBDPBD@Z
?Description@c4_View@@QBEPBDXZ
?Detach@c4_Sequence@@QAEXPAV1@@Z
?Different@c4_View@@QBE?AV1@ABV1@@Z
?Duplicate@c4_View@@QBE?AV1@XZ
?ElementAt@c4_View@@QAE?AVc4_RowRef@@H@Z
?Empty@c4_String@@QAEXXZ
?EndOfData@c4_Strategy@@QAEJJ@Z
?FileSize@c4_FileStrategy@@UAEJXZ
?FileSize@c4_Strategy@@UAEJXZ
?Find@c4_String@@QBEHD@Z
?Find@c4_String@@QBEHPBD@Z
?Find@c4_View@@QBEHABVc4_RowRef@@H@Z
?FindOneOf@c4_String@@QBEHPBD@Z
?FindPropIndexByName@c4_View@@QBEHPBD@Z
?FindProperty@c4_View@@QAEHH@Z
?FreshGeneration@c4_FileStrategy@@UAEJXZ
?FreshGeneration@c4_Strategy@@UAEJXZ
?FullLength@c4_String@@ABEHXZ
?Get@c4_BytesProp@@QBE?AVc4_Bytes@@ABVc4_RowRef@@@Z
?Get@c4_DoubleProp@@QBENABVc4_RowRef@@@Z
?Get@c4_FloatProp@@QBENABVc4_RowRef@@@Z
?Get@c4_IntProp@@QBEJABVc4_RowRef@@@Z
?Get@c4_Sequence@@UAE_NHHAAVc4_Bytes@@@Z
?Get@c4_StringProp@@QBEPBDABVc4_RowRef@@@Z
?Get@c4_ViewProp@@QBE?AVc4_View@@ABVc4_RowRef@@@Z
?GetAs@c4_Storage@@QAE?AVc4_View@@PBD@Z
?GetAside@c4_Storage@@QBEPAV1@XZ
?GetAt@c4_View@@QBE?AVc4_RowRef@@H@Z
?GetData@c4_Reference@@QBE_NAAVc4_Bytes@@@Z
?GetDependencies@c4_Sequence@@QBEPAVc4_Dependencies@@XZ
?GetId@c4_Property@@QBEHXZ
?GetIndexOf@c4_View@@QBEHABVc4_RowRef@@@Z
?GetItem@c4_View@@QBE_NHHAAVc4_Bytes@@@Z
?GetLength@c4_String@@QBEHXZ
?GetSize@c4_Reference@@QBEHXZ
?GetSize@c4_View@@QBEHXZ
?GroupBy@c4_View@@QBE?AV1@ABV1@ABVc4_ViewProp@@@Z
?Hash@c4_View@@QBE?AV1@ABV1@H@Z
?IncRef@c4_Sequence@@QAEXXZ
?Indexed@c4_View@@QBE?AV1@ABV1@0_N@Z
?Init@c4_String@@AAEXPBXH@Z
?Initialize@c4_Storage@@AAEXAAVc4_Strategy@@_NH@Z
?InsertAt@c4_Sequence@@UAEXHVc4_Cursor@@H@Z
?InsertAt@c4_View@@QAEXHABV1@@Z
?InsertAt@c4_View@@QAEXHABVc4_RowRef@@H@Z
?InsertRows@c4_CustomViewer@@QAE_NHABVc4_RowRef@@H@Z
?InsertRows@c4_CustomViewer@@UAE_NHVc4_Cursor@@H@Z
?Intersect@c4_View@@QBE?AV1@ABV1@@Z
?IsCompatibleWith@c4_View@@QBE_NABV1@@Z
?IsEmpty@c4_String@@QBE_NXZ
?IsValid@c4_FileStrategy@@UBE_NXZ
?IsValid@c4_Strategy@@UBE_NXZ
?ItemSize@c4_Sequence@@UAEHHH@Z
?Join@c4_View@@QBE?AV1@ABV1@0_N@Z
?JoinProp@c4_View@@QBE?AV1@ABVc4_ViewProp@@_N@Z
?Left@c4_String@@QBE?AV1@H@Z
?LoadFrom@c4_Storage@@QAE_NAAVc4_Stream@@@Z
?Locate@c4_View@@QBEHABVc4_RowRef@@PAH@Z
?Lookup@c4_CustomViewer@@QAEHABVc4_RowRef@@AAH@Z
?Lookup@c4_CustomViewer@@UAEHVc4_Cursor@@AAH@Z
?Mid@c4_String@@QBE?AV1@HH@Z
?Minus@c4_View@@QBE?AV1@ABV1@@Z
?Modify@c4_BytesRef@@QBE_NABVc4_Bytes@@JH@Z
?Move@c4_Sequence@@UAEXHH@Z
?Name@c4_Property@@QBEPBDXZ
?NthPropId@c4_Sequence@@QBEHH@Z
?NthProperty@c4_View@@QBEABVc4_Property@@H@Z
?NumProperties@c4_View@@QBEHXZ
?NumRefs@c4_Sequence@@QBEHXZ
?Ordered@c4_View@@QBE?AV1@H@Z
?Pair@c4_View@@QBE?AV1@ABV1@@Z
?Persist@c4_Sequence@@UBEPAVc4_Persist@@XZ
?Persist@c4_View@@QBEPAVc4_Persist@@XZ
?PostChange@c4_Sequence@@UAEXAAVc4_Notifier@@@Z
?PreChange@c4_Sequence@@UAEPAVc4_Notifier@@AAV2@@Z
?Product@c4_View@@QBE?AV1@ABV1@@Z
?Project@c4_View@@QBE?AV1@ABV1@@Z
?ProjectWithout@c4_View@@QBE?AV1@ABV1@@Z
?PropIndex@c4_Sequence@@QAEHABVc4_Property@@@Z
?PropIndex@c4_Sequence@@QAEHH@Z
?Read@c4_FileStream@@UAEHPAXH@Z
?ReadOnly@c4_View@@QBE?AV1@XZ
?Refs@c4_Property@@QBEXH@Z
?Release@c4_Row@@CAXVc4_Cursor@@@Z
?RelocateRows@c4_View@@QAEXHHAAV1@H@Z
?RemapIndex@c4_Sequence@@UBEHHPBV1@@Z
?RemapWith@c4_View@@QBE?AV1@ABV1@@Z
?RemoveAll@c4_View@@QAEXXZ
?RemoveAt@c4_Sequence@@UAEXHH@Z
?RemoveAt@c4_View@@QAEXHH@Z
?RemoveRows@c4_CustomViewer@@UAE_NHH@Z
?Rename@c4_View@@QBE?AV1@ABVc4_Property@@0@Z
?ResetFileMapping@c4_FileStrategy@@UAEXXZ
?ResetFileMapping@c4_Strategy@@UAEXXZ
?Resize@c4_Sequence@@QAEXHH@Z
?RestrictSearch@c4_Sequence@@UAE_NVc4_Cursor@@AAH1@Z
?RestrictSearch@c4_View@@QAEHABVc4_RowRef@@AAH1@Z
?ReverseFind@c4_String@@QBEHD@Z
?Right@c4_String@@QBE?AV1@H@Z
?Rollback@c4_Storage@@QAE_N_N@Z
?SaveTo@c4_Storage@@QAEXAAVc4_Stream@@@Z
?Search@c4_View@@QBEHABVc4_RowRef@@@Z
?Select@c4_View@@QBE?AV1@ABVc4_RowRef@@@Z
?SelectRange@c4_View@@QBE?AV1@ABVc4_RowRef@@0@Z
?Set@c4_BytesProp@@QBEXABVc4_RowRef@@ABVc4_Bytes@@@Z
?Set@c4_DoubleProp@@QBEXABVc4_RowRef@@N@Z
?Set@c4_FloatProp@@QBEXABVc4_RowRef@@N@Z
?Set@c4_IntProp@@QBEXABVc4_RowRef@@J@Z
?Set@c4_Sequence@@UAEXHABVc4_Property@@ABVc4_Bytes@@@Z
?Set@c4_StringProp@@QBEXABVc4_RowRef@@PBD@Z
?Set@c4_ViewProp@@QBEXABVc4_RowRef@@ABVc4_View@@@Z
?SetAside@c4_Storage@@QAE_NAAV1@@Z
?SetAt@c4_Sequence@@QAEXHVc4_Cursor@@@Z
?SetAt@c4_View@@QAEXHABVc4_RowRef@@@Z
?SetAtGrow@c4_View@@QAEXHABVc4_RowRef@@@Z
?SetBase@c4_Strategy@@QAEXJ@Z
?SetBuffer@c4_Bytes@@QAEPAEH@Z
?SetBufferClear@c4_Bytes@@QAEPAEH@Z
?SetData@c4_Reference@@QBEXABVc4_Bytes@@@Z
?SetItem@c4_CustomViewer@@UAE_NHHABVc4_Bytes@@@Z
?SetItem@c4_View@@QBEXHHABVc4_Bytes@@@Z
?SetSize@c4_View@@QAEXHH@Z
?SetStructure@c4_Storage@@QAEXPBD@Z
?Size@c4_Bytes@@QBEHXZ
?Slice@c4_View@@QBE?AV1@HHH@Z
?Sort@c4_View@@QBE?AV1@XZ
?SortOn@c4_View@@QBE?AV1@ABV1@@Z
?SortOnReverse@c4_View@@QBE?AV1@ABV1@0@Z
?SpanExcluding@c4_String@@QBE?AV1@PBD@Z
?SpanIncluding@c4_String@@QBE?AV1@PBD@Z
?Strategy@c4_Storage@@QBEAAVc4_Strategy@@XZ
?Swap@c4_Bytes@@QAEXAAV1@@Z
?Type@c4_Property@@QBEDXZ
?Union@c4_View@@QBE?AV1@ABV1@@Z
?Unique@c4_View@@QBE?AV1@XZ
?UseTempBuffer@c4_Sequence@@QAEPBDPBD@Z
?View@c4_Storage@@QAE?AVc4_ViewRef@@PBD@Z
?Write@c4_FileStream@@UAE_NPBXH@Z
?_DecSeqRef@c4_View@@IAEXXZ
?_IncSeqRef@c4_View@@IAEXXZ
?_LoseCopy@c4_Bytes@@AAEXXZ
?_MakeCopy@c4_Bytes@@AAEXXZ

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/BdFwChs.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:4 windows x86 arch:x86

80f4d520a8db2b21744b76b5ea02b06b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\mystuff\prgm\c\libcurl\Release\libcurl.pdb

Imports

wsock32

recv
send
ntohl
gethostbyname
WSAGetLastError
WSASetLastError
htonl
ntohs
listen
gethostbyaddr
inet_addr
accept
WSAStartup
WSACleanup
socket
htons
connect
closesocket
ioctlsocket
bind
getsockname
select
__WSAFDIsSet
inet_ntoa

winmm

timeGetTime

kernel32

VirtualFree
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
InterlockedExchange
RtlUnwind
InitializeCriticalSection
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLastError
ExpandEnvironmentStringsA
GetExitCodeThread
TerminateThread
WaitForSingleObject
GetTickCount
CreateThread
SetLastError
ReadFile
WaitForMultipleObjects
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
ExitProcess
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
HeapDestroy
HeapCreate
PeekNamedPipe
VirtualAlloc
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
CloseHandle
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_escape
curl_formadd
curl_formfree
curl_formparse
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_mvfprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
冰盾8.2破解补丁.exe
.exe windows:4 windows x86 arch:x86

87b324a67e18fb2e1d12308b06fa8d4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.txt
说明.url
.url

Sharing

General

Malware Config

Signatures

Files

1776ef176e821fae67f5fb6eb56cce45

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

1f17b0b6882d6afd1cf8c1e07e5acc0b

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

0a429a757fe850cda370ca04651f8539

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 340B

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 292KB - Virtual size: 493KB

.rdata Size: 156KB - Virtual size: 154KB

.data Size: 4KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 4KB

.perplex Size: 94KB - Virtual size: 94KB

3b5b4bad881057af15fc35648ebcf206

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 340B

.text
Size: 292KB - Virtual size: 493KB

.rdata
Size: 156KB - Virtual size: 154KB

.data
Size: 4KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 4KB

.perplex
Size: 94KB - Virtual size: 94KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1024B - Virtual size: 914B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB