779bb3727ed51b4ff77ec1aedd362b1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

779bb3727ed51b4ff77ec1aedd362b1b_JaffaCakes118
Size

728KB
MD5

779bb3727ed51b4ff77ec1aedd362b1b
SHA1

27465e35e2f166c8f5988f92f76a5ff5e21fe250
SHA256

0ecf0fc029bf621ee3e363da73b2a4a4c95a4d11d7704c60b6eae5230891ea4b
SHA512

d9ed238d86b24ddc6c1055faeaed3e0b184921f2ebbe2d4067f8f9be5aaa982edc2edd7312fa673ed6a3eb82cc6a9920507ace8da8d935039f9e2c820ce574a8
SSDEEP

12288:h5wwk2Ip//qpDTyMqrY30ZKy+eXkksCzy6zsly57hsBnooV/3QIHVLwDRVzC9fMl:h5bkUDTyY5Okln6zsly5cooJQI1LwDRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/huoxingyu.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$WINDIR/msgctl.dll
unpack002/SoftUpdate.dll
unpack002/huoxingyu.dll
unpack002/huoxingyu.exe
unpack002/msgctl.dll
unpack002/th.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/huoxingyu.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

779bb3727ed51b4ff77ec1aedd362b1b_JaffaCakes118
.rar
huoxingyu.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$WINDIR/msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dd432091605a17a4686161d8ca6f83fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrlenW
DebugBreak
OutputDebugStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrcmpA
DisableThreadLibraryCalls
WideCharToMultiByte
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
lstrcpyA
InterlockedIncrement

user32

GetClassInfoExA
LoadStringA
CharLowerA
wvsprintfA
LoadImageA
GetWindowTextA
GetDlgCtrlID
GetParent
GetCursorPos
ScreenToClient
SetCursor
ReleaseDC
wsprintfA
CreateWindowExA
InvalidateRect
SetFocus
GetCapture
UpdateWindow
SetRectEmpty
SetWindowPos
GetWindowLongA
GetWindowRect
RegisterClassExA
GetWindowTextLengthA
DefWindowProcA
DestroyWindow
CallWindowProcA
CharNextA
SetWindowTextA
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetWindowRgn
ReleaseCapture
FillRect
GetClassNameA
EndPaint
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow
LoadCursorA

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveFileSpecA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
realloc
atoi
memcpy
wcslen
memset
_purecall
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftUpdate.dll
.dll windows:4 windows x86 arch:x86

7a1ecdc0d45651cd7d33a946c9103a57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\自动升级系统\SoftUpdate\Release\SoftUpdate.pdb

Imports

kernel32

CreateFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WritePrivateProfileStringA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileA
MoveFileExA
DeleteFileA
CreateDirectoryA
GetShortPathNameA
FlushFileBuffers
SetStdHandle
SetFilePointer
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
SHDeleteKeyA

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetPEFileVersion
RebootUpdate
SetReplaceFileMode
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bk.bmp
fh.dat
fh_tj.html
.html .vbs polyglot
filter.dat
ft.bin
html/help.html
.html
html/hxw.js
.js
html/hxw_ui.css
html/images/Thumbs.db
html/images/bg_00.gif
.gif
html/images/bg_01.gif
.gif
html/images/bg_02.gif
.gif
html/images/bg_03.gif
.gif
html/images/bg_04.gif
.gif
html/images/bg_05.gif
.gif
html/images/bg_06.gif
.gif
html/images/bg_07.gif
.gif
html/images/bg_08.gif
.gif
html/images/bg_09.gif
.gif
html/images/bg_10.gif
.gif
html/images/button_bg_01.gif
.gif
html/images/button_bg_02.gif
.gif
html/images/button_bg_03.gif
.gif
html/images/button_bg_04.gif
.gif
html/images/button_help.gif
.gif
html/images/button_login.gif
.gif
html/images/button_tool_01_a.gif
.gif
html/images/button_tool_01_b.gif
.gif
html/images/button_tool_02_a.gif
.gif
html/images/button_tool_02_b.gif
.gif
html/images/button_tool_03_a.gif
.gif
html/images/button_tool_03_b.gif
.gif
html/images/button_tool_04_a.gif
.gif
html/images/button_tool_04_b.gif
.gif
html/images/button_tool_more.gif
.gif
html/images/greyline.gif
.gif
html/images/ico_arrow_01.gif
.gif
html/images/ico_arrow_02.gif
.gif
html/images/ico_bbs_01.gif
.gif
html/images/ico_bbs_02.gif
.gif
html/images/ico_email.gif
.gif
html/images/ico_feedback.gif
.gif
html/images/ico_help_a.gif
.gif
html/images/ico_help_b.gif
.gif
html/images/ico_home.gif
.gif
html/images/ico_light.gif
.gif
html/images/ico_qq.gif
.gif
html/images/ico_settings_a.gif
.gif
html/images/ico_settings_b.gif
.gif
html/images/ico_tool_a.gif
.gif
html/images/ico_tool_b.gif
.gif
html/images/ico_update.gif
.gif
html/images/logo_hxw.gif
.gif
html/main.html
.html
html/tool_01.html
.html .js polyglot
html/tool_02.html
.html .js polyglot
html/tool_03.html
.html .js polyglot
html/tool_04.html
.html .js polyglot
html/top.html
.html
huoxingyu.dll
.dll windows:4 windows x86 arch:x86

e77eafe766464ba59d62e057d6b9a5ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
LoadLibraryExW
GetProcAddress
Module32Next
Module32First
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
lstrcmpiA
VirtualQuery
FlushInstructionCache
GetLastError
GetModuleFileNameA
VirtualProtect
OutputDebugStringA
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
LocalFree
FormatMessageA
lstrcpynA
GetCurrentThreadId
lstrcatA
lstrcpyA
GetPrivateProfileSectionA
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
WritePrivateProfileStringA
WritePrivateProfileSectionA
lstrcmpA
LoadLibraryW
GetFileSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
Sleep
SetStdHandle
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLocaleInfoW
LoadLibraryA
ReadFile
GetModuleHandleA
SetUnhandledExceptionFilter
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
HeapAlloc
RaiseException
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection

user32

IsWindowUnicode
SendMessageTimeoutA
RegisterWindowMessageA
FindWindowA
CallNextHookEx
GetFocus
CallWindowProcA
UnhookWindowsHookEx
IsCharAlphaNumericW
CallWindowProcW
GetClassNameA
IsWindow
IsCharAlphaNumericA
GetWindowLongW
SetWindowLongW
GetWindowLongA
SetWindowLongA
MessageBoxA
SetWindowsHookExA

ole32

StgCreateDocfile
CoInitialize
CoUninitialize
StgOpenStorage

oleaut32

SysFreeString
SysAllocStringLen

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFileExistsA
SHGetValueA

imm32

ImmGetCompositionStringA
ImmGetCompositionStringW

imagehlp

ImageDirectoryEntryToData

oleacc

ObjectFromLresult

Exports

Exports

EnableConversion

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
huoxingyu.exe
.exe windows:4 windows x86 arch:x86

6a905409085ee19d838d7f4472df93db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\火星语输入法\Release\52hxy.pdb

Imports

kernel32

RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
InterlockedExchange
SetErrorMode
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetCurrentDirectoryA
GetProfileIntA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomA
SetLastError
GlobalFree
GlobalSize
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetFileSize
ReadFile
CreateThread
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
lstrlenW
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
InterlockedDecrement
Sleep
InterlockedIncrement
FreeLibrary
LoadLibraryA
DeviceIoControl
GetPrivateProfileIntA
FindFirstFileA
RemoveDirectoryA
lstrcmpiA
DeleteFileA
FindNextFileA
FindClose
GetModuleHandleA
GetProcAddress
GetTempFileNameA
MoveFileExA
MulDiv
lstrcpynA
FormatMessageA
LocalFree
CreateFileA
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringA
lstrcmpA
GetPrivateProfileSectionNamesA
lstrlenA
CopyFileA
GetLastError
RaiseException
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WritePrivateProfileStringA
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
lstrcatA
GetPrivateProfileStringA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadWritePtr

user32

WindowFromPoint
SetRectEmpty
DrawFocusRect
wsprintfA
DestroyMenu
EndPaint
BeginPaint
GetDC
DrawTextExA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckRadioButton
CheckDlgButton
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
IsRectEmpty
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
GetWindow
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetFocus
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
MessageBoxA
PostMessageA
FindWindowA
ReleaseCapture
PtInRect
OffsetRect
LoadBitmapA
EnableMenuItem
SendMessageA
GetSystemMenu
IsIconic
SetWindowRgn
GetWindowRect
GetMenuItemCount
PostQuitMessage
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
UnregisterClassA
CharUpperA
GetKeyState
GetParent
RegisterWindowMessageA
GetMenuStringA
CharNextA
CopyAcceleratorTableA
PostThreadMessageA
SetParent
DestroyIcon
BringWindowToTop
DrawTextA
MessageBeep
LoadImageA
IsWindow
KillTimer
SetTimer
UpdateWindow
GetDlgItem
IsWindowVisible
CheckMenuRadioItem
RegisterClipboardFormatA
LockWindowUpdate
GetNextDlgGroupItem
SetActiveWindow
InvalidateRgn
GetClientRect
ClientToScreen
SetCapture
SetForegroundWindow
EnableWindow
LoadIconA
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
SystemParametersInfoA
GetDCEx
InflateRect
GetSubMenu
LoadMenuA
InvalidateRect
SetWindowPos
CopyRect
ReleaseDC
GetWindowDC
GetSysColor
FillRect
GetSysColorBrush
SetRect
ScreenToClient
GetCapture
GetDesktopWindow
GetClassInfoA
SetCursor
LoadCursorA
GetCursorPos
DeleteMenu
CheckMenuItem
ModifyMenuA
GrayStringA

gdi32

CreateRectRgnIndirect
SetRectRgn
PatBlt
GetTextMetricsA
StretchDIBits
GetCharWidthA
CreateFontA
GetTextColor
GetRgnBox
SelectClipRgn
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetBkColor
CreateFontIndirectA
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CopyMetaFileA
GetDeviceCaps
GetTextExtentPoint32A
StretchBlt
Rectangle
CreateSolidBrush
CreatePen
SelectObject
GetObjectA
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
DeleteObject
DeleteDC
GetStockObject
BitBlt
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateCompatibleBitmap

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

comctl32

ord17
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
ImageList_Create

shlwapi

PathUnquoteSpacesA
SHSetValueA
PathRemoveArgsA
PathRemoveFileSpecA
SHGetValueA
SHDeleteValueA
PathFileExistsA
SHDeleteKeyA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoUninitialize
CoInitialize
StgOpenStorage
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CoFreeUnusedLibraries

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysAllocStringLen
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

huoxingyu

EnableConversion

wininet

InternetOpenA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetGetConnectedState

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

Netbios

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hxw.bin
msgSkin.ini
msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dd432091605a17a4686161d8ca6f83fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrlenW
DebugBreak
OutputDebugStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrcmpA
DisableThreadLibraryCalls
WideCharToMultiByte
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
lstrcpyA
InterlockedIncrement

user32

GetClassInfoExA
LoadStringA
CharLowerA
wvsprintfA
LoadImageA
GetWindowTextA
GetDlgCtrlID
GetParent
GetCursorPos
ScreenToClient
SetCursor
ReleaseDC
wsprintfA
CreateWindowExA
InvalidateRect
SetFocus
GetCapture
UpdateWindow
SetRectEmpty
SetWindowPos
GetWindowLongA
GetWindowRect
RegisterClassExA
GetWindowTextLengthA
DefWindowProcA
DestroyWindow
CallWindowProcA
CharNextA
SetWindowTextA
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetWindowRgn
ReleaseCapture
FillRect
GetClassNameA
EndPaint
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow
LoadCursorA

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveFileSpecA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
realloc
atoi
memcpy
wcslen
memset
_purecall
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pf.ini
skins/skin1/Thumbs.db
skins/skin1/bg.bmp
skins/skin1/fh.bmp
skins/skin1/ft.bmp
skins/skin1/hxw.bmp
skins/skin1/jt.bmp
skins/skin1/logo.bmp
skins/skin1/wan.bmp
skins/skin2/Thumbs.db
skins/skin2/bg.bmp
skins/skin2/fh.bmp
skins/skin2/ft.bmp
skins/skin2/hxw.bmp
skins/skin2/jt.bmp
skins/skin2/logo.bmp
skins/skin2/wan.bmp
skins/skin3/Thumbs.db
skins/skin3/bg.bmp
skins/skin3/fh.bmp
skins/skin3/ft.bmp
skins/skin3/hxw.bmp
skins/skin3/jt.bmp
skins/skin3/logo.bmp
skins/skin3/wan.bmp
skins/skin4/Thumbs.db
skins/skin4/bg.bmp
skins/skin4/fh.bmp
skins/skin4/ft.bmp
skins/skin4/hxw.bmp
skins/skin4/jt.bmp
skins/skin4/logo.bmp
skins/skin4/wan.bmp
th.exe
.exe windows:4 windows x86 arch:x86

12b5598c39f5e57d5b1b7d20d90fb178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
CloseHandle
WriteFile
lstrlenA
SetFilePointer
LocalFree
FormatMessageA
GetLastError
DeleteFileA
GetPrivateProfileSectionNamesA
Sleep
lstrcatA
GetModuleFileNameA
MoveFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileExA
GetTempFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
FlushFileBuffers

user32

PostMessageA
FindWindowA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 296KB

.rsrc Size: 3KB - Virtual size: 4KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

dd432091605a17a4686161d8ca6f83fb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

7a1ecdc0d45651cd7d33a946c9103a57

Headers

File Characteristics

PDB Paths

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 296KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 22KB

sdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 308KB - Virtual size: 304KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 120KB - Virtual size: 117KB