8c9e7f75397f33c7840ea538787e7a16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c9e7f75397f33c7840ea538787e7a16_JaffaCakes118
Size

13.0MB
MD5

8c9e7f75397f33c7840ea538787e7a16
SHA1

1f79a78921019573d6aa8668036a1f9f40a851ff
SHA256

d03ec20090efd9794c16aad37a6924ac22bde7b19dd8db8f8d06ccb71cc0b36a
SHA512

809a0baae4789ee49b9bae582380a07233cbb30ac78083b3e50365d1f6b960d4f3277ab973b5f1971c077d1b9003fdea9e12c39a17a25ea3b712d4190b9d7031
SSDEEP

393216:4ZqEdObGAPGjc046x0Lfv30+jb9KHnk5Nbuei795:4ZqAObGBwt6uLfvHb75fiD

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/bin/fmod.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/bin/fmod.dll	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
8c9e7f75397f33c7840ea538787e7a16_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/cpaff.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$R0
unpack001/$R2/NSIS.Library.RegTool.v2.$_12_.exe
unpack001/Tradewinds2.exe
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack001/bin/bass.dll
unpack001/bin/fmod.dll
unpack001/bin/gd204.dll
unpack001/bin/prog.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

8c9e7f75397f33c7840ea538787e7a16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/cpaff.dll
.dll windows:4 windows x86 arch:x86

de9fa5ead19224364215a0dd01810c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

BeginUpdateResourceA
GlobalAlloc
UpdateResourceA
EndUpdateResourceA
GlobalFree
lstrcpyA
GetLastError
GetModuleFileNameA

msvcr80

wcslen
malloc
memset
_vswprintf_c_l
free
wcscpy_s

Exports

Exports

CopyAffiliate

Sections

.text
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

8dc5d8ec83864b4a8d299d8b4d06a888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc

user32

MapDialogRect
CharPrevA
GetPropA
GetClientRect
CallWindowProcA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
DestroyWindow

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

74c07d2b8768852012a5b01c510ff73b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Inetpub\tools\clientservices\Release\ServicesDll.pdb

Imports

kernel32

LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetCommandLineA
TerminateProcess
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetFilePointer
WriteFile
ReadFile
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFileTime
GetFileSize
CreateFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
CreateEventA
CreateThread
WaitForMultipleObjects
ResumeThread
SetThreadPriority
GetExitCodeThread
TerminateThread
CloseHandle
CompareStringW
CompareStringA
GetVersion
GetWindowsDirectoryA
GetTempPathA
CreateDirectoryA
GetFileAttributesA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
SetEvent
GetModuleHandleA
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpiA
lstrlenA
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
CopyFileA
InterlockedDecrement
DeleteFileA
InterlockedIncrement
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
GetCapture
ShowWindow
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CharNextA
PostMessageA
CharUpperA
UnregisterClassA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
GetClassNameA
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
WinHelpA
RegisterWindowMessageA
GetSysColorBrush
UnhookWindowsHookEx
DestroyMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
wsprintfA
GetSystemMetrics
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
SystemParametersInfoA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathStripPathA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantClear
LoadRegTypeLi
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo

ws2_32

WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAStartup
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
closesocket
WSASocketA
WSAConnect
getservbyname
htonl
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v2.$_12_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/msxml_cabinstall.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:08:37:1a:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Not Before

14/03/2003, 22:25

Not After

14/05/2004, 22:35

Subject

CN=Microsoft Windows Component Publisher,OU=Copyright (c) 2003 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:9d:aa:11:d3:30:a8:95:60:ac:fa
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

01/07/1999, 07:00

Not After

15/10/2005, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,OU=Copyright (c) 1999 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3e:f3:1d:cc:fa:b2:a4:7a:42:53:a7:2e:ff:fe:fd:df:cd:55:3d:1a
Signer

Actual PE Digest

3e:f3:1d:cc:fa:b2:a4:7a:42:53:a7:2e:ff:fe:fd:df:cd:55:3d:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 531KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EULA.txt
Tradewinds2.exe
.exe windows:4 windows x86 arch:x86

040d42a8c952baef48568bd3725ac38c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
MultiByteToWideChar
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

.text
Size: - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
bin/TW2_00.data
bin/TW2_01.data
bin/bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_Update
_

Sections

Size: 88KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/fmod.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_FMUSIC_FreeSong@4
_FMUSIC_GetBPM@4
_FMUSIC_GetGlobalVolume@4
_FMUSIC_GetMasterVolume@4
_FMUSIC_GetName@4
_FMUSIC_GetNumChannels@4
_FMUSIC_GetNumInstruments@4
_FMUSIC_GetNumOrders@4
_FMUSIC_GetNumPatterns@4
_FMUSIC_GetNumSamples@4
_FMUSIC_GetOpenState@4
_FMUSIC_GetOrder@4
_FMUSIC_GetPattern@4
_FMUSIC_GetPatternLength@8
_FMUSIC_GetPaused@4
_FMUSIC_GetRealChannel@8
_FMUSIC_GetRow@4
_FMUSIC_GetSample@8
_FMUSIC_GetSpeed@4
_FMUSIC_GetTime@4
_FMUSIC_GetType@4
_FMUSIC_GetUserData@4
_FMUSIC_IsFinished@4
_FMUSIC_IsPlaying@4
_FMUSIC_LoadSong@4
_FMUSIC_LoadSongEx@24
_FMUSIC_OptimizeChannels@12
_FMUSIC_PlaySong@4
_FMUSIC_SetInstCallback@12
_FMUSIC_SetLooping@8
_FMUSIC_SetMasterSpeed@8
_FMUSIC_SetMasterVolume@8
_FMUSIC_SetOrder@8
_FMUSIC_SetOrderCallback@12
_FMUSIC_SetPanSeperation@8
_FMUSIC_SetPaused@8
_FMUSIC_SetReverb@4
_FMUSIC_SetRowCallback@12
_FMUSIC_SetSample@12
_FMUSIC_SetUserData@8
_FMUSIC_SetZxxCallback@8
_FMUSIC_StopAllSongs@0
_FMUSIC_StopSong@4
_FSOUND_3D_GetAttributes@12
_FSOUND_3D_Listener_GetAttributes@32
_FSOUND_3D_Listener_SetAttributes@32
_FSOUND_3D_Listener_SetCurrent@8
_FSOUND_3D_SetAttributes@12
_FSOUND_3D_SetDistanceFactor@4
_FSOUND_3D_SetDopplerFactor@4
_FSOUND_3D_SetRolloffFactor@4
_FSOUND_CD_Eject@4
_FSOUND_CD_GetNumTracks@4
_FSOUND_CD_GetPaused@4
_FSOUND_CD_GetTrack@4
_FSOUND_CD_GetTrackLength@8
_FSOUND_CD_GetTrackTime@4
_FSOUND_CD_GetVolume@4
_FSOUND_CD_Play@8
_FSOUND_CD_SetPaused@8
_FSOUND_CD_SetPlayMode@8
_FSOUND_CD_SetTrackTime@8
_FSOUND_CD_SetVolume@8
_FSOUND_CD_Stop@4
_FSOUND_Close@0
_FSOUND_DSP_ClearMixBuffer@0
_FSOUND_DSP_Create@12
_FSOUND_DSP_Free@4
_FSOUND_DSP_GetActive@4
_FSOUND_DSP_GetBufferLength@0
_FSOUND_DSP_GetBufferLengthTotal@0
_FSOUND_DSP_GetClearUnit@0
_FSOUND_DSP_GetClipAndCopyUnit@0
_FSOUND_DSP_GetFFTUnit@0
_FSOUND_DSP_GetMusicUnit@0
_FSOUND_DSP_GetPriority@4
_FSOUND_DSP_GetSFXUnit@0
_FSOUND_DSP_GetSpectrum@0
_FSOUND_DSP_MixBuffers@28
_FSOUND_DSP_SetActive@8
_FSOUND_DSP_SetPriority@8
_FSOUND_FX_Disable@4
_FSOUND_FX_Enable@8
_FSOUND_FX_SetChorus@32
_FSOUND_FX_SetCompressor@28
_FSOUND_FX_SetDistortion@24
_FSOUND_FX_SetEcho@24
_FSOUND_FX_SetFlanger@32
_FSOUND_FX_SetGargle@12
_FSOUND_FX_SetI3DL2Reverb@52
_FSOUND_FX_SetParamEQ@16
_FSOUND_FX_SetWavesReverb@20
_FSOUND_File_SetCallbacks@20
_FSOUND_GetCPUUsage@0
_FSOUND_GetChannelsPlaying@0
_FSOUND_GetCurrentLevels@12
_FSOUND_GetCurrentPosition@4
_FSOUND_GetCurrentSample@4
_FSOUND_GetDriver@0
_FSOUND_GetDriverCaps@8
_FSOUND_GetDriverName@4
_FSOUND_GetError@0
_FSOUND_GetFrequency@4
_FSOUND_GetLoopMode@4
_FSOUND_GetMaxChannels@0
_FSOUND_GetMaxSamples@0
_FSOUND_GetMemoryStats@8
_FSOUND_GetMixer@0
_FSOUND_GetMute@4
_FSOUND_GetNumDrivers@0
_FSOUND_GetNumHardwareChannels@0
_FSOUND_GetNumSubChannels@4
_FSOUND_GetOutput@0
_FSOUND_GetOutputHandle@0
_FSOUND_GetOutputRate@0
_FSOUND_GetPan@4
_FSOUND_GetPaused@4
_FSOUND_GetPriority@4
_FSOUND_GetReserved@4
_FSOUND_GetSFXMasterVolume@0
_FSOUND_GetSubChannel@8
_FSOUND_GetSurround@4
_FSOUND_GetVersion@0
_FSOUND_GetVolume@4
_FSOUND_Init@12
_FSOUND_IsPlaying@4
_FSOUND_PlaySound@8
_FSOUND_PlaySoundEx@16
_FSOUND_Record_GetDriver@0
_FSOUND_Record_GetDriverName@4
_FSOUND_Record_GetNumDrivers@0
_FSOUND_Record_GetPosition@0
_FSOUND_Record_SetDriver@4
_FSOUND_Record_StartSample@8
_FSOUND_Record_Stop@0
_FSOUND_Reverb_GetChannelProperties@8
_FSOUND_Reverb_GetProperties@4
_FSOUND_Reverb_SetChannelProperties@8
_FSOUND_Reverb_SetProperties@4
_FSOUND_Sample_Alloc@28
_FSOUND_Sample_Free@4
_FSOUND_Sample_Get@4
_FSOUND_Sample_GetDefaults@20
_FSOUND_Sample_GetLength@4
_FSOUND_Sample_GetLoopPoints@12
_FSOUND_Sample_GetMode@4
_FSOUND_Sample_GetName@4
_FSOUND_Sample_Load@20
_FSOUND_Sample_Lock@28
_FSOUND_Sample_SetDefaults@20
_FSOUND_Sample_SetLoopPoints@12
_FSOUND_Sample_SetMaxPlaybacks@8
_FSOUND_Sample_SetMinMaxDistance@12
_FSOUND_Sample_SetMode@8
_FSOUND_Sample_Unlock@20
_FSOUND_Sample_Upload@12
_FSOUND_SetBufferSize@4
_FSOUND_SetCurrentPosition@8
_FSOUND_SetDriver@4
_FSOUND_SetFrequency@8
_FSOUND_SetFrequencyEx@8
_FSOUND_SetHWND@4
_FSOUND_SetLoopMode@8
_FSOUND_SetMaxHardwareChannels@4
_FSOUND_SetMemorySystem@20
_FSOUND_SetMinHardwareChannels@4
_FSOUND_SetMixer@4
_FSOUND_SetMute@8
_FSOUND_SetOutput@4
_FSOUND_SetPan@8
_FSOUND_SetPanSeperation@4
_FSOUND_SetPaused@8
_FSOUND_SetPriority@8
_FSOUND_SetReserved@8
_FSOUND_SetSFXMasterVolume@4
_FSOUND_SetSpeakerMode@4
_FSOUND_SetSurround@8
_FSOUND_SetVolume@8
_FSOUND_SetVolumeAbsolute@8
_FSOUND_StopSound@4
_FSOUND_Stream_AddSyncPoint@12
_FSOUND_Stream_Close@4
_FSOUND_Stream_Create@20
_FSOUND_Stream_CreateDSP@16
_FSOUND_Stream_DeleteSyncPoint@4
_FSOUND_Stream_FindTagField@20
_FSOUND_Stream_GetLength@4
_FSOUND_Stream_GetLengthMs@4
_FSOUND_Stream_GetMode@4
_FSOUND_Stream_GetNumSubStreams@4
_FSOUND_Stream_GetNumSyncPoints@4
_FSOUND_Stream_GetNumTagFields@8
_FSOUND_Stream_GetOpenState@4
_FSOUND_Stream_GetPosition@4
_FSOUND_Stream_GetSample@4
_FSOUND_Stream_GetSyncPoint@8
_FSOUND_Stream_GetSyncPointInfo@8
_FSOUND_Stream_GetTagField@24
_FSOUND_Stream_GetTime@4
_FSOUND_Stream_GetTimeAccurate@4
_FSOUND_Stream_Net_GetBufferProperties@12
_FSOUND_Stream_Net_GetLastServerStatus@0
_FSOUND_Stream_Net_GetStatus@20
_FSOUND_Stream_Net_SetBufferProperties@12
_FSOUND_Stream_Net_SetMetadataCallback@12
_FSOUND_Stream_Net_SetProxy@4
_FSOUND_Stream_Open@16
_FSOUND_Stream_Play@8
_FSOUND_Stream_PlayEx@16
_FSOUND_Stream_SetBufferSize@4
_FSOUND_Stream_SetEndCallback@12
_FSOUND_Stream_SetLoopCount@8
_FSOUND_Stream_SetLoopPoints@12
_FSOUND_Stream_SetMode@8
_FSOUND_Stream_SetPCM@8
_FSOUND_Stream_SetPosition@8
_FSOUND_Stream_SetSubStream@8
_FSOUND_Stream_SetSubStreamSentence@12
_FSOUND_Stream_SetSyncCallback@12
_FSOUND_Stream_SetTime@8
_FSOUND_Stream_Stop@4
_FSOUND_Update@0

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 140KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/gd204.dll
.dll windows:4 windows x86 arch:x86

299619630c6f0c9afa7929aebabad0e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ddraw

DirectDrawCreateEx

kernel32

MapViewOfFile
CreateFileMappingA
SizeofResource
MulDiv
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetFileSize
LoadLibraryA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
UnmapViewOfFile
FreeLibrary
Sleep
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameA
FindResourceA
RaiseException
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LCMapStringA
LCMapStringW
SetEndOfFile
GetStringTypeA
SetHandleCount
FlushFileBuffers
WriteFile
GetLastError
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetProcAddress
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize

user32

SetRect
GetSystemMetrics
FindWindowA
LoadStringA
IsWindow
MessageBoxA
GetDC
ReleaseDC
GetWindowLongA
SetWindowLongA
GetMenu
AdjustWindowRectEx
SetWindowPos
SystemParametersInfoA
GetWindowRect
GetClientRect
ClientToScreen

gdi32

CreateDIBSection
GdiFlush
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

??0CGapiBitmapFont@@QAE@ABV0@@Z
??0CGapiBitmapFont@@QAE@XZ
??0CGapiCursor@@QAE@ABV0@@Z
??0CGapiCursor@@QAE@XZ
??0CGapiDisplay@@QAE@ABV0@@Z
??0CGapiDisplay@@QAE@XZ
??0CGapiInput@@QAE@ABV0@@Z
??0CGapiInput@@QAE@XZ
??0CGapiMaskSurface@@QAE@ABV0@@Z
??0CGapiMaskSurface@@QAE@XZ
??0CGapiRGBASurface@@QAE@ABV0@@Z
??0CGapiRGBASurface@@QAE@XZ
??0CGapiSurface@@QAE@ABV0@@Z
??0CGapiSurface@@QAE@XZ
??0CGapiTimer@@QAE@ABV0@@Z
??0CGapiTimer@@QAE@XZ
??0CGapiToolFont@@QAE@ABV0@@Z
??0CGapiToolFont@@QAE@XZ
??1CGapiBitmapFont@@UAE@XZ
??1CGapiCursor@@UAE@XZ
??1CGapiDisplay@@UAE@XZ
??1CGapiInput@@UAE@XZ
??1CGapiMaskSurface@@UAE@XZ
??1CGapiRGBASurface@@UAE@XZ
??1CGapiSurface@@UAE@XZ
??1CGapiTimer@@UAE@XZ
??1CGapiToolFont@@UAE@XZ
??4CGapiBitmapFont@@QAEAAV0@ABV0@@Z
??4CGapiCursor@@QAEAAV0@ABV0@@Z
??4CGapiDisplay@@QAEAAV0@ABV0@@Z
??4CGapiInput@@QAEAAV0@ABV0@@Z
??4CGapiMaskSurface@@QAEAAV0@ABV0@@Z
??4CGapiRGBASurface@@QAEAAV0@ABV0@@Z
??4CGapiSurface@@QAEAAV0@ABV0@@Z
??4CGapiTimer@@QAEAAV0@ABV0@@Z
??4CGapiToolFont@@QAEAAV0@ABV0@@Z
??_7CGapiBitmapFont@@6B@
??_7CGapiCursor@@6B@
??_7CGapiDisplay@@6B@
??_7CGapiInput@@6B@
??_7CGapiMaskSurface@@6B@
??_7CGapiRGBASurface@@6B@
??_7CGapiSurface@@6B@
??_7CGapiTimer@@6B@
??_7CGapiToolFont@@6B@
??_C@_0FM@POGE@?5?$CB?$CC?$CD$?$CF?$CG?8?$CI?$CJ?$CK?$CL?0?9?4?10123456789?3?$DL?$DM?$DN?$DO?$DP@
?AddLetter@CGapiToolFont@@AAEXEEEEEE@Z
?AlphaBlt@CGapiSurface@@QAEJPAUtagRECT@@PAV1@010KPAU_GDALPHABLTFX@@@Z
?AlphaBlt@CGapiSurface@@QAEJPAUtagRECT@@PAVCGapiRGBASurface@@0KPAU_GDALPHABLTFX@@@Z
?AlphaBltFast@CGapiSurface@@QAEJJJPAV1@PAUtagRECT@@01KPAU_GDALPHABLTFASTFX@@@Z
?AlphaBltFast@CGapiSurface@@QAEJJJPAVCGapiRGBASurface@@PAUtagRECT@@KPAU_GDALPHABLTFASTFX@@@Z
?Blt@CGapiSurface@@QAEJPAUtagRECT@@PAV1@0KPAU_GDBLTFX@@@Z
?BltFast@CGapiSurface@@QAEJJJPAV1@PAUtagRECT@@KPAU_GDBLTFASTFX@@@Z
?CloseDisplay@CGapiDisplay@@QAEJXZ
?CloseInput@CGapiInput@@QAEJXZ
?ColorrefToNative@CGapiSurface@@QAEJKPAK@Z
?CreateCursor@CGapiCursor@@QAEJKKK@Z
?CreateFontA@CGapiBitmapFont@@QAEJPBDKKPAU_GDFONTFX@@@Z
?CreateFontA@CGapiToolFont@@AAEXXZ
?CreateSurface@CGapiRGBASurface@@QAEJKKK@Z
?CreateSurface@CGapiRGBASurface@@QAEJKPAEK@Z
?CreateSurface@CGapiRGBASurface@@QAEJKPAUHINSTANCE__@@KPBD@Z
?CreateSurface@CGapiRGBASurface@@QAEJKPBD@Z
?CreateSurface@CGapiSurface@@QAEJKKK@Z
?CreateSurface@CGapiSurface@@QAEJKPAEK@Z
?CreateSurface@CGapiSurface@@QAEJKPAUHINSTANCE__@@KPBD@Z
?CreateSurface@CGapiSurface@@QAEJKPBD@Z
?DeviceToLogical@CGapiDisplay@@QAEJPAUtagPOINT@@@Z
?DeviceToLogical@CGapiDisplay@@QAEJPAUtagRECT@@@Z
?DrawCursor@CGapiCursor@@QAEJPAVCGapiSurface@@@Z
?DrawLine@CGapiSurface@@QAEJJJJJKKPAU_GDLINEFX@@@Z
?DrawMask@CGapiMaskSurface@@QAEJJJK@Z
?DrawMask@CGapiMaskSurface@@QAEJJJPAVCGapiSurface@@PAUtagRECT@@K@Z
?DrawMask@CGapiMaskSurface@@QAEJPAUtagRECT@@K@Z
?DrawRect@CGapiSurface@@QAEJPAUtagRECT@@KKPAU_GDLINEFX@@@Z
?DrawTextA@CGapiSurface@@QAEJJJPBDPAVCGapiBitmapFont@@KPAU_GDDRAWTEXTFX@@KPAU_GDBLTFASTFX@@@Z
?FillRect@CGapiSurface@@QAEJPAUtagRECT@@KKPAU_GDFILLRECTFX@@@Z
?Flip@CGapiDisplay@@QAEJXZ
?FreeResources@CGapiRGBASurface@@IAEJXZ
?FreeResources@CGapiSurface@@IAEJXZ
?GetActualFrameRate@CGapiTimer@@QAEJPAM@Z
?GetActualFrameTime@CGapiTimer@@QAEJPAM@Z
?GetAvailableVidMem@CGapiDisplay@@QAEJKPAK0@Z
?GetBackBuffer@CGapiDisplay@@QAEJPAVCGapiSurface@@@Z
?GetBuffer@CGapiRGBASurface@@QAEJPAU_GDBUFFERDESC@@@Z
?GetBuffer@CGapiSurface@@QAEJPAU_GDBUFFERDESC@@@Z
?GetCharWidthA@CGapiBitmapFont@@QAEJDPAK@Z
?GetClipper@CGapiSurface@@QAEJPAUtagRECT@@@Z
?GetColorKey@CGapiSurface@@QAEJPAK@Z
?GetDC@CGapiSurface@@QAEJPAPAUHDC__@@@Z
?GetDisplayMode@CGapiDisplay@@QAEJPAK@Z
?GetHWStatus@CGapiDisplay@@QAEJPAK@Z
?GetHeight@CGapiRGBASurface@@QAEKXZ
?GetHeight@CGapiSurface@@QAEKXZ
?GetKeyList@CGapiInput@@QAEJPAU_GDKEYLIST@@@Z
?GetLetter@CGapiToolFont@@QAEEKK@Z
?GetLetterCount@CGapiToolFont@@QAEKXZ
?GetLetterString@CGapiToolFont@@QAEPBDXZ
?GetMaskID@CGapiMaskSurface@@QAEJJJPAK@Z
?GetMaskID@CGapiMaskSurface@@QAEJJJPAVCGapiSurface@@PAUtagRECT@@PAKPAUtagPOINT@@@Z
?GetMaskID@CGapiMaskSurface@@QAEJPAUtagRECT@@PAKPAUtagPOINT@@@Z
?GetMonitorFrequency@CGapiDisplay@@QAEJPAK@Z
?GetPixel@CGapiSurface@@QAEJJJPAK@Z
?GetSpacing@CGapiBitmapFont@@QAEJDDPAK@Z
?GetStringWidth@CGapiBitmapFont@@QAEJPBDPAK@Z
?GetSurfaceFlags@CGapiSurface@@QAEJPAK@Z
?GetSystemFont@CGapiDisplay@@QAEPAVCGapiBitmapFont@@XZ
?GetSystemFontBorder@CGapiDisplay@@QAEPAVCGapiBitmapFont@@XZ
?GetWidth@CGapiRGBASurface@@QAEKXZ
?GetWidth@CGapiSurface@@QAEKXZ
?GetWidth@CGapiToolFont@@QAEEK@Z
?Intersect@CGapiSurface@@SAJJJPAV1@PAUtagRECT@@JJ01PAUtagPOINT@@@Z
?LockVideoSurface@CGapiSurface@@QAEJXZ
?NativeToColorref@CGapiSurface@@QAEJKPAK@Z
?OpenDisplay@CGapiDisplay@@QAEJKPAUHWND__@@KKKKKK@Z
?OpenInput@CGapiInput@@QAEJXZ
?ReleaseBuffer@CGapiRGBASurface@@QAEJXZ
?ReleaseBuffer@CGapiSurface@@QAEJXZ
?ReleaseDC@CGapiSurface@@QAEJPAUHDC__@@@Z
?RenderSystemFont@CGapiDisplay@@QAEJK@Z
?RestoreAllVideoSurfaces@CGapiDisplay@@QAEJXZ
?ResumeDisplay@CGapiDisplay@@QAEJXZ
?SaveSurface@CGapiSurface@@QAEJPBDK@Z
?SetClipper@CGapiSurface@@QAEJPAUtagRECT@@@Z
?SetColorKey@CGapiSurface@@QAEJK@Z
?SetDisplayMode@CGapiDisplay@@QAEJK@Z
?SetFrameIndex@CGapiCursor@@QAEJK@Z
?SetHotSpot@CGapiCursor@@QAEJJJ@Z
?SetKerning@CGapiBitmapFont@@QAEJDDJ@Z
?SetPixel@CGapiSurface@@QAEJJJK@Z
?SetPixels@CGapiSurface@@QAEJPAU_GDPIXEL@@KKK@Z
?SetPixels@CGapiSurface@@QAEJPAU_GDPIXELNODE@@K@Z
?SetPosition@CGapiCursor@@QAEJJJ@Z
?StartTimer@CGapiTimer@@QAEJK@Z
?SurfacesAreLost@CGapiDisplay@@QAEJXZ
?SuspendDisplay@CGapiDisplay@@QAEJXZ
?UnlockVideoSurface@CGapiSurface@@QAEJXZ
?WaitForNextFrame@CGapiTimer@@QAEJXZ
_CGapiBitmapFont_Create@0
_CGapiBitmapFont_CreateFont@20
_CGapiBitmapFont_Destroy@4
_CGapiBitmapFont_GetCharWidth@12
_CGapiBitmapFont_GetSpacing@16
_CGapiBitmapFont_GetStringWidth@12
_CGapiBitmapFont_SetKerning@16
_CGapiCursor_Create@0
_CGapiCursor_CreateCursor@16
_CGapiCursor_Destroy@4
_CGapiCursor_DrawCursor@8
_CGapiCursor_SetFrameIndex@8
_CGapiCursor_SetHotSpot@12
_CGapiCursor_SetPosition@12
_CGapiDisplay_CloseDisplay@4
_CGapiDisplay_Create@0
_CGapiDisplay_Destroy@4
_CGapiDisplay_DeviceToLogicalPoint@8
_CGapiDisplay_DeviceToLogicalRect@8
_CGapiDisplay_Flip@4
_CGapiDisplay_GetAvailableVidMem@16
_CGapiDisplay_GetBackBuffer@8
_CGapiDisplay_GetDisplayMode@8
_CGapiDisplay_GetHWStatus@8
_CGapiDisplay_GetMonitorFrequency@8
_CGapiDisplay_GetSystemFont@4
_CGapiDisplay_GetSystemFontBorder@4
_CGapiDisplay_OpenDisplay@36
_CGapiDisplay_OpenDisplayByName@36
_CGapiDisplay_RenderSystemFont@8
_CGapiDisplay_RestoreAllVideoSurfaces@4
_CGapiDisplay_ResumeDisplay@4
_CGapiDisplay_SetDisplayMode@8
_CGapiDisplay_SurfacesAreLost@4
_CGapiDisplay_SuspendDisplay@4
_CGapiInput_CloseInput@4
_CGapiInput_Create@0
_CGapiInput_Destroy@4
_CGapiInput_GetKeyList@8
_CGapiInput_OpenInput@4
_CGapiMaskSurface_Create@0
_CGapiMaskSurface_Destroy@4
_CGapiMaskSurface_DrawMask@24
_CGapiMaskSurface_DrawMaskPixel@16
_CGapiMaskSurface_DrawMaskRect@12
_CGapiMaskSurface_GetMaskID@28
_CGapiMaskSurface_GetMaskIDPixel@16
_CGapiMaskSurface_GetMaskIDRect@16
_CGapiRGBASurface_Create@0
_CGapiRGBASurface_CreateSurface@16
_CGapiRGBASurface_CreateSurfaceFromFile@12
_CGapiRGBASurface_CreateSurfaceFromMem@16
_CGapiRGBASurface_CreateSurfaceFromRes@20
_CGapiRGBASurface_Destroy@4
_CGapiRGBASurface_GetBuffer@8
_CGapiRGBASurface_GetHeight@4
_CGapiRGBASurface_GetWidth@4
_CGapiRGBASurface_ReleaseBuffer@4
_CGapiSurface_AlphaBlt@32
_CGapiSurface_AlphaBltFast@36
_CGapiSurface_AlphaBltFastRgba@28
_CGapiSurface_AlphaBltRgba@24
_CGapiSurface_Blt@24
_CGapiSurface_BltFast@28
_CGapiSurface_ColorrefToNative@12
_CGapiSurface_Create@0
_CGapiSurface_CreateSurface@16
_CGapiSurface_CreateSurfaceFromFile@12
_CGapiSurface_CreateSurfaceFromMem@16
_CGapiSurface_CreateSurfaceFromRes@20
_CGapiSurface_Destroy@4
_CGapiSurface_DrawLine@32
_CGapiSurface_DrawRect@20
_CGapiSurface_DrawText@36
_CGapiSurface_FillRect@20
_CGapiSurface_GetBuffer@8
_CGapiSurface_GetClipper@8
_CGapiSurface_GetColorKey@8
_CGapiSurface_GetDC@8
_CGapiSurface_GetHeight@4
_CGapiSurface_GetPixel@16
_CGapiSurface_GetSurfaceFlags@8
_CGapiSurface_GetWidth@4
_CGapiSurface_Intersect@36
_CGapiSurface_LockVideoSurface@4
_CGapiSurface_NativeToColorref@12
_CGapiSurface_ReleaseBuffer@4
_CGapiSurface_ReleaseDC@8
_CGapiSurface_SaveSurface@12
_CGapiSurface_SetClipper@8
_CGapiSurface_SetColorKey@8
_CGapiSurface_SetPixel@16
_CGapiSurface_SetPixelsArray@20
_CGapiSurface_SetPixelsList@12
_CGapiSurface_UnlockVideoSurface@4
_CGapiTimer_Create@0
_CGapiTimer_Destroy@4
_CGapiTimer_GetActualFrameRate@8
_CGapiTimer_GetActualFrameTime@8
_CGapiTimer_StartTimer@8
_CGapiTimer_WaitForNextFrame@4

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/help/controls.htm
.html
bin/help/credits.htm
.html
bin/help/gamemenu.htm
.html
bin/help/gettingstarted.htm
.html
bin/help/help.htm
.html
bin/help/img/adia.jpg
.jpg
bin/help/img/button-setsail.jpg
.jpg
bin/help/img/buttons-cargo.jpg
.jpg
bin/help/img/buttons-items.jpg
.jpg
bin/help/img/buttons-log.jpg
.jpg
bin/help/img/buttons-ship.jpg
.jpg
bin/help/img/buttons-tasks.jpg
.jpg
bin/help/img/chains.jpg
.jpg
bin/help/img/christine.jpg
.jpg
bin/help/img/finances.jpg
.jpg
bin/help/img/firepot.jpg
.jpg
bin/help/img/gov.jpg
.jpg
bin/help/img/laroche.jpg
.jpg
bin/help/img/tikibomb.jpg
.jpg
bin/help/img/tradewinds2.jpg
.jpg
bin/help/img/vangregor.jpg
.jpg
bin/help/img/verdugo.jpg
.jpg
bin/help/introduction.htm
.html
bin/help/sysreqs.htm
.html
bin/prog.exe
.exe windows:4 windows x86 arch:x86

040d42a8c952baef48568bd3725ac38c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
MultiByteToWideChar
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

.text
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
store/btnback.gif
.gif
store/btnback_click.gif
.gif
store/btnbuy.gif
.gif
store/btnbuy_click.gif
.gif
store/btncontinue.gif
.gif
store/btncontinue_click.gif
.gif
store/btnfreetrial.gif
.gif
store/btnfreetrial_click.gif
.gif
store/btnlogin.gif
.gif
store/btnlogin_click.gif
.gif
store/btnok.gif
.gif
store/btnok_click.gif
.gif
store/btnplay.gif
.gif
store/btnplay_click.gif
.gif
store/btnreturn.gif
.gif
store/btnreturn_click.gif
.gif
store/btnsignin.gif
.gif
store/btnsignin_click.gif
.gif
store/btnsubmit2.gif
.gif
store/btnsubmit2_click.gif
.gif
store/btnunlock.gif
.gif
store/btnunlock_click.gif
.gif
store/css1.css
store/html01.htm
.html
store/html02.htm
.html
store/html03.htm
.html
store/html04.htm
.html
store/html05.htm
.html
store/html06.htm
.html
store/html07.htm
.html
store/html08.htm
.html
store/html09.htm
.html
store/html10.htm
.html
store/imgad3_small.jpg
.jpg
store/imgad4_small.jpg
.jpg
store/imgad_WW_small.jpg
.jpg
store/imgbackground.jpg
.jpg
store/imgbackground1.jpg
.jpg
store/imgbackground2.jpg
.jpg
store/imgheader1.gif
.gif
store/imglogin_or_divider.gif
.gif
store/imglogo.jpg
.jpg
store/javascripts.js
.js
store/setup.nsi

Sharing

General

Malware Config

Signatures

Files

a23455b2d570c1e80b11b92360e41c00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 18KB - Virtual size: 17KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

de9fa5ead19224364215a0dd01810c3d

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

msvcr80

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1024B - Virtual size: 816B

.rdata
Size: 1024B - Virtual size: 762B

.data
Size: - Virtual size: 20B

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 512B - Virtual size: 124B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 220B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 512B - Virtual size: 418B

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate