95253d570d56fcc048c79c7714e13237_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95253d570d56fcc048c79c7714e13237_JaffaCakes118
Size

1.3MB
MD5

95253d570d56fcc048c79c7714e13237
SHA1

001c9b06171d378c1e235026859ae6425a954192
SHA256

b1d0b27decad07ff3e741556397de8d2b235b309db79cc74727e4634b5ca0088
SHA512

e6ab1969f9b0f57fb589f78451a6b2d037e5e9fb0766e2f3942031f946145a7cc198e4ff3fbb9319c4fc26f1f256fd97c488fda310bfc3573e1cc18191ec8c69
SSDEEP

24576:yHI0G1lZCUJC4+dxz4Oyj4tqnshGBjdHRhszDiOYfvTwKnzH8cNfp/jczz/:yNsZzJ4WhxeDiOYjwKnL8UjSz

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$TEMP/kcheck.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack003/enjoyie.exe	upx
static1/unpack002/$TEMP/kcheck.dll	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kureeII.exe
unpack002/$0
unpack002/$PLUGINSDIR/IEFunctions.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$R0
unpack002/$R2/NSIS.Library.RegTool.v2.$_4_.exe
unpack002/$TEMP/enjoyie_2.0.exe
unpack003/enjoyie.exe
unpack004/out.upx
unpack003/uninst.exe
unpack002/$TEMP/kcheck.dll
unpack005/out.upx
unpack002/Kuree.exe
unpack002/kcore.dll
unpack002/kexpert.dll
unpack002/kparser.dll
unpack002/kpfa.dll
unpack002/kprobe.dll
unpack002/kupdate.dll
unpack002/players.dll
unpack002/uninst.exe
unpack008/$PLUGINSDIR/NSISdl.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/kureeII.exe	nsis_installer_1
static1/unpack002/$TEMP/enjoyie_2.0.exe	nsis_installer_1
static1/unpack003/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

95253d570d56fcc048c79c7714e13237_JaffaCakes118
.rar
kureeII.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0
.dll regsvr32 windows:4 windows x86 arch:x86

89091684a5f29614d8cd09e3ec5ed342

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InterlockedDecrement
lstrlenW
lstrlenA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
InterlockedIncrement
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetModuleFileNameA
GetShortPathNameA
LoadLibraryExA
DisableThreadLibraryCalls
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

shell32

ShellExecuteA
DragQueryFileA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/EnjoyIE.ini
$PLUGINSDIR/IEFunctions.dll
.dll windows:4 windows x86 arch:x86

d3ade25d7710cc7b0801440c6df6098c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
MultiByteToWideChar
LocalAlloc
LocalFree
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear

Exports

Exports

CloseBrowser
OpenBrowser
ReleaseBrowser
ShowBar
SurfTo

Sections

.text
Size: 1024B - Virtual size: 831B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

61144194c34a82253984f0dc353f8e4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
CreateOleAdviseHolder
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleRun
CLSIDFromString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

_TrackMouseEvent

wininet

InternetCrackUrlA
RetrieveUrlCacheEntryFileA

ws2_32

connect
select
closesocket
ioctlsocket
gethostbyname
WSACleanup
WSAStartup
socket
recv
send
htons

shlwapi

StrRChrA
StrTrimA
StrStrIA
StrStrA
PathFindFileNameA
PathAddBackslashA
PathRemoveFileSpecA
StrCpyW
SHSetValueA
SHGetValueA
StrDupA
StrCmpNIA
StrStrW
StrCmpIW
PathFindExtensionA
PathCreateFromUrlA
UrlIsA
PathIsURLA
PathCanonicalizeA
StrToIntA
StrCmpNA
PathRemoveExtensionA
PathIsRelativeA
StrRStrIA
PathGetDriveNumberA
StrChrA

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetFullPathNameA
IsBadReadPtr
ExitThread
TlsGetValue
TlsSetValue
CreateThread
RtlUnwind
CreateDirectoryA
RaiseException
GetCommandLineA
GetCPInfo
GetACP
GetVersion
GlobalFree
GlobalUnlock
FreeResource
LockResource
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
ReadFile
CloseHandle
GetFileSize
CreateFileA
MulDiv
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
lstrcpyA
lstrcpynA
lstrcmpA
ExitProcess
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedIncrement
InterlockedDecrement
DeviceIoControl
GetVersionExA
GetProcAddress
LoadLibraryA
FreeLibrary
WaitForSingleObject
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
lstrcatA
GetModuleFileNameA
CreateEventA
WideCharToMultiByte
lstrlenW
LocalAlloc
LocalFree
SetEvent
GetModuleHandleA
lstrcmpiA
DeleteFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
GetFileAttributesA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
GetPrivateProfileIntA
GetTempFileNameA
GetTempPathA
GetDriveTypeA
GetShortPathNameA
LoadLibraryExA
IsDBCSLeadByte
DisableThreadLibraryCalls
HeapDestroy
TlsAlloc
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
GetOEMCP
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
Sleep
HeapSize

user32

GetSubMenu
CheckMenuItem
RemoveMenu
TrackPopupMenu
DestroyMenu
PtInRect
ReleaseCapture
GetCursorPos
DrawTextA
SetParent
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
SetTimer
ShowWindow
KillTimer
LoadBitmapA
LoadMenuA
InvalidateRect
OffsetRect
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetClientRect
FillRect
ScreenToClient
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
PostThreadMessageA
RegisterWindowMessageA
GetWindowDC
ReleaseDC
GetSystemMetrics
GetMenuItemCount
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
SetCursor
GetDC
CreateWindowExA
CharNextA
GetKeyState
UnionRect
DestroyWindow
IsChild
GetFocus
SetFocus
IsWindow
SetWindowRgn
EqualRect
IntersectRect
EndPaint
BeginPaint
UpdateWindow
InvalidateRgn
SetCapture
MoveWindow
ClientToScreen

gdi32

CreateRectRgn
GetRgnBox
GetObjectA
SetBkColor
OffsetRgn
GetPixel
CombineRgn
SetViewportOrgEx
CreateMetaFileA
CreateBitmap
PtInRegion
SaveDC
SetWindowOrgEx
LPtoDP
GetDeviceCaps
StretchBlt
DPtoLP
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCA
CreateFontA
Rectangle
CreateFontIndirectA
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteObject
SetWindowExtEx
DeleteDC
GetMapMode
SetMapMode

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

oleaut32

SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantChangeType
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
OleCreatePropertyFrame
VariantClear
VariantCopy
GetErrorInfo
OleLoadPicture

urlmon

URLDownloadToCacheFileA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v2.$_4_.exe
.exe windows:4 windows x86 arch:x86

27613a5a6234b2a2609ff90c91288dae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
WaitForSingleObject
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/EnjoyIE.bmp
$TEMP/enjoyie_2.0.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/checked.gif
.gif
data/lastunclose.htm
.html .js polyglot
data/link.ini
data/top.png
.png
data/trans.htm
.html
data/unchecked.gif
.gif
enjoyie.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filter.ini
help/about.htm
.html
skin/default/bg_button.bmp
skin/default/bg_main.bmp
skin/default/bg_side.bmp
skin/default/bg_side_top.bmp
skin/default/bg_state.bmp
skin/default/bg_tab.bmp
skin/default/bg_title.bmp
skin/default/frame.bmp
skin/default/ico_addbar.bmp
skin/default/ico_main.bmp
skin/default/ico_main_gray.bmp
skin/default/ico_ot.bmp
skin/default/ico_side.bmp
skin/default/ico_win.bmp
skin/default/side_active.bmp
skin/default/side_unactive.bmp
skin/default/tab_active.bmp
skin/default/tab_unactive.bmp
uninst.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/kcheck.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FindProcessByName
KillProcessByName

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 507B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kuree.exe
.exe windows:4 windows x86 arch:x86

1a1eb93240ab1cd49d9e016e5d79adf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
PathFileExistsA
StrRChrA
SHGetValueA
SHDeleteValueA
SHSetValueA
PathIsURLA
StrTrimA
PathFindFileNameA
PathFindExtensionA

msimg32

GradientFill

mfc42

ord2915
ord3874
ord3092
ord5271
ord3803
ord537
ord6663
ord2859
ord2107
ord5450
ord5440
ord6383
ord6394
ord3610
ord656
ord4271
ord4220
ord2584
ord3654
ord3398
ord3733
ord686
ord810
ord384
ord2438
ord2862
ord2096
ord3297
ord6008
ord3914
ord3303
ord6889
ord539
ord4000
ord6270
ord1644
ord4278
ord5710
ord3692
ord5442
ord1979
ord6385
ord665
ord5186
ord354
ord2452
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord616
ord2299
ord3499
ord2301
ord4480
ord861
ord1816
ord2645
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord6197
ord6380
ord4287
ord6128
ord3752
ord613
ord289
ord3711
ord783
ord4530
ord5685
ord3274
ord4622
ord3579
ord439
ord736
ord4226
ord5495
ord3216
ord4042
ord4544
ord4523
ord4525
ord3742
ord2099
ord6880
ord2112
ord4299
ord1834
ord4750
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord4608
ord4716
ord4607
ord4635
ord5067
ord924
ord4129
ord6927
ord6930
ord941
ord5683
ord5572
ord940
ord2614
ord939
ord5856
ord4202
ord3089
ord3178
ord2781
ord2770
ord356
ord2863
ord1146
ord556
ord809
ord1088
ord2122
ord6178
ord6358
ord1601
ord6929
ord3693
ord3452
ord1175
ord6378
ord4284
ord2152
ord1233
ord6605
ord6379
ord4224
ord2121
ord2919
ord2784
ord922
ord926
ord6170
ord398
ord913
ord923
ord3439
ord700
ord4189
ord3005
ord2135
ord2575
ord4396
ord3574
ord609
ord500
ord772
ord5860
ord3986
ord6142
ord6453
ord3631
ord683
ord1200
ord3226
ord2086
ord4496
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord815
ord561
ord617
ord2621
ord5214
ord296
ord1134
ord1223
ord1206
ord2725
ord3706
ord3731
ord4269
ord4538
ord2763
ord2450
ord6877
ord2405
ord2639
ord1570
ord1197
ord801
ord541
ord5606
ord5781
ord955
ord4133
ord4297
ord5148
ord6883
ord5861
ord6143
ord4277
ord2764
ord3301
ord3721
ord795
ord2566
ord2116
ord808
ord1576
ord3021
ord4124
ord1844
ord4400
ord682
ord6654
ord5053
ord4243
ord3370
ord2582
ord4402
ord3640
ord693
ord6242
ord6696
ord6762
ord3286
ord6007
ord3998
ord6907
ord3293
ord6905
ord6442
ord5981
ord535
ord858
ord4123
ord2642
ord2754
ord472
ord5788
ord2380
ord283
ord5787
ord2567
ord2864
ord3797
ord2089
ord2379
ord2860
ord3619
ord4160
ord823
ord1168
ord1232
ord1270
ord6199
ord6215
ord2841
ord818
ord1949
ord4376
ord4710
ord5953
ord6334
ord4234
ord2302
ord2370
ord324
ord860
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord5265
ord470
ord540
ord2818
ord5875
ord800
ord755
ord5785
ord3663
ord323
ord1640
ord6194
ord1641
ord2414
ord640
ord3626
ord3573
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord3571
ord4275
ord765
ord825
ord567
ord3698
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord668
ord859

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
calloc
_setmbcp
fseek
ftell
fwrite
fread
malloc
qsort
_strdup
free
_makepath
fopen
fgets
fclose
_strdate
_strtime
_except_handler3
exit
wcslen
_mbsnbicmp
_splitpath
memmove
_purecall
__RTDynamicCast
atoi
_mbsnbcpy
toupper
_snprintf
sscanf
_mbsrchr
tolower
strrchr
_mbsicoll
_XcptFilter
sprintf
_mbschr
_controlfp
__CxxFrameHandler
_ftol
_mbstok
_mbsicmp
_mbscmp

kernel32

GetFileAttributesA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
GetLastError
LoadLibraryA
GetProcAddress
WideCharToMultiByte
GetVersionExA
GlobalLock
GlobalUnlock
FormatMessageA
IsBadCodePtr
SetSystemPowerState
GlobalReAlloc
GlobalFree
GlobalSize
GetModuleFileNameA
lstrlenA
lstrcpyA
InterlockedDecrement
MultiByteToWideChar
GetVolumeInformationA
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrcmpiA
Sleep
LoadResource
FindResourceA
GetFullPathNameA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetStartupInfoA
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetCurrentThreadId
FreeLibrary
lstrcpynA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetTickCount
GetVersion
GlobalAddAtomA
InitializeCriticalSection
DeleteCriticalSection
SetThreadExecutionState
GetDriveTypeA
OutputDebugStringA
MoveFileA
FlushFileBuffers
CreateMutexA
GetCommandLineW
HeapDestroy
GetCommandLineA
InterlockedIncrement
GetShortPathNameA
GetModuleHandleA
lstrcatA
GetLocaleInfoA
SetUnhandledExceptionFilter
TerminateProcess
SetFilePointer
VirtualQuery
IsBadWritePtr
GetFileSize
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
IsBadReadPtr
RaiseException
GlobalAlloc
LocalAlloc
SizeofResource
LockResource

user32

SetParent
SetWindowLongA
IsWindowVisible
LoadBitmapA
InvalidateRgn
MoveWindow
FrameRect
ShowWindow
GetMessageA
CharNextA
GetMenuItemInfoA
IntersectRect
ModifyMenuA
wvsprintfA
GetCapture
RegisterClipboardFormatA
CallNextHookEx
CopyIcon
DestroyCursor
PostQuitMessage
SetMenuItemInfoA
CreateAcceleratorTableA
RegisterWindowMessageA
SetScrollPos
BringWindowToTop
IsRectEmpty
SetWindowsHookExA
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemID
RegisterHotKey
UnregisterHotKey
EnableMenuItem
CheckMenuItem
IsIconic
BeginPaint
EndPaint
GetWindowDC
TranslateAcceleratorA
GetWindow
SetActiveWindow
GetWindowRgn
IsZoomed
SetWindowRgn
UpdateWindow
SetClassLongA
LoadIconA
DestroyAcceleratorTable
ShowOwnedPopups
DrawEdge
OffsetRect
LoadMenuA
GetSubMenu
WindowFromPoint
RemoveMenu
CheckMenuRadioItem
GetMenuStringA
PostThreadMessageA
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
MapVirtualKeyA
GetKeyNameTextA
ShowCursor
ExitWindowsEx
IsWindowEnabled
IsWindow
SetFocus
LockWindowUpdate
GetSysColor
SendMessageA
FillRect
RedrawWindow
ClientToScreen
SetCursor
ShowScrollBar
ReleaseCapture
SetCapture
wsprintfA
GetActiveWindow
CreatePopupMenu
AppendMenuA
SetForegroundWindow
GetDC
ReleaseDC
GetCursorPos
ScreenToClient
KillTimer
SetTimer
PostMessageA
SystemParametersInfoA
SetRect
GetClientRect
TabbedTextOutA
DrawTextA
GrayStringA
EnableWindow
PeekMessageA
DispatchMessageA
TranslateMessage
InvalidateRect
LoadCursorA
DefWindowProcA
GetDesktopWindow
GetWindowRect
GetFocus
PtInRect
DrawFrameControl
GetParent
GetSystemMetrics
InflateRect
GetWindowLongA
CopyRect
GetClassInfoA
GetAsyncKeyState

gdi32

GetCurrentObject
LPtoDP
GetBkColor
GetRgnBox
SetRectRgn
CreateDIBitmap
EqualRgn
CreateRectRgnIndirect
CreatePen
PtInRegion
OffsetRgn
CreateRectRgn
GetPixel
CombineRgn
StretchBlt
SetTextColor
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
DeleteObject
DeleteDC
GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetTextMetricsA
GetTextExtentPoint32A
Rectangle
SelectObject
GetObjectA
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shell32

DragQueryFileA
CommandLineToArgvW
SHGetSpecialFolderPathA
SHChangeNotify
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

comctl32

ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_GetImageCount
_TrackMouseEvent

ole32

CoInitialize
RegisterDragDrop
OleRun
CoUninitialize
CLSIDFromProgID
StringFromIID
CoGetMalloc
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString

oleaut32

SysStringLen
SafeArrayDestroy
VariantChangeType
RegisterTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
VariantCopy
SafeArrayUnaccessData

Sections

.text
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 508KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SKin/.zip
.zip
FSControlBar.js
.js
FSControlBar_left.bmp
FSControlBar_mid.bmp
FSControlBar_right.bmp
HideRight.bmp
LeftDrag_Mid.bmp
RightDrag_Mid.bmp
blue.js
.js
bottomleft.bmp
bottomright.bmp
bottomstretch.bmp
eq.bmp
eq.js
.js
framebottomStretch.bmp
frameleftStretch.bmp
frameleftbottom.bmp
framelefttop.bmp
framerightStretch.bmp
framerightbottom.bmp
framerighttop.bmp
frametopStretch.bmp
horibkg.bmp
horifrg.bmp
pladd.bmp
playmode.bmp
pldel.bmp
pltitlebk.bmp
progress_slider_backgnd.bmp
progress_slider_foregnd.bmp
showright.bmp
skin_btn_close.bmp
skin_btn_exitfs.bmp
skin_btn_fullscreen.bmp
skin_btn_max.bmp
skin_btn_min.bmp
skin_btn_next.bmp
skin_btn_openfile.bmp
skin_btn_pause.bmp
skin_btn_play.bmp
skin_btn_prev.bmp
skin_btn_printscreen.bmp
skin_btn_restore.bmp
skin_btn_restorespeed.bmp
skin_btn_scal.bmp
skin_btn_setting.bmp
skin_btn_slowdown.bmp
skin_btn_speedup.bmp
skin_btn_stop.bmp
skin_btn_voice.bmp
skin_slider_progress.bmp
skin_slider_thumb.bmp
skinlist.bmp
statusbarstretch.bmp
topleft.bmp
topright.bmp
topstretch.bmp
vertbkg.bmp
vertfrg.bmp
vertthumb.bmp
volume_slider_backgnd.bmp
volume_slider_foregnd.bmp
vs_down.bmp
vs_tb_ctr.bmp
vs_tb_down.bmp
vs_tb_up.bmp
vs_up.bmp
.kps
SKin/.zip
.zip
BottomDrag_Mid.bmp
FSControlBar.js
.js
FSControlBar_left.bmp
FSControlBar_mid.bmp
FSControlBar_right.bmp
HideBottom.bmp
HideRight.bmp
LeftDrag_Mid.bmp
LeftDrag_TOP.bmp
MiddleBottomStretch.bmp
MiddleLeftBottom.bmp
MiddleLeftStretch.bmp
MiddleRightBottom.bmp
MiddleRightStretch.bmp
MiddleTopRight.bmp
MiddleTopStretch.bmp
Middlelefttop.bmp
RightDrag_TOP.bmp
ShowBottom.bmp
TopMidMd.bmp
bottomleft.bmp
bottomright.bmp
bottomstretch.bmp
ck.bmp
close.bmp
eq.bmp
eq.js
.js
horibkg.bmp
horifrg.bmp
pladd.bmp
playmode.bmp
pldel.bmp
pltitlebk.bmp
progress_slider_backgnd.bmp
progress_slider_foregnd.bmp
rightDrag_Mid.bmp
showright.bmp
showtitle.bmp
silver.js
.js
skin_TopMidTop.bmp
skin_bottommid.bmp
skin_btn_close.bmp
skin_btn_exitfs.bmp
skin_btn_fullscreen.bmp
skin_btn_max.bmp
skin_btn_min.bmp
skin_btn_next.bmp
skin_btn_openfile.bmp
skin_btn_pause.bmp
skin_btn_play.bmp
skin_btn_prev.bmp
skin_btn_printscreen.bmp
skin_btn_restore.bmp
skin_btn_restorespeed.bmp
skin_btn_scal.bmp
skin_btn_setting.bmp
skin_btn_slowdown.bmp
skin_btn_speedup.bmp
skin_btn_stop.bmp
skin_btn_voice.bmp
skin_slider_progress.bmp
skin_slider_thumb.bmp
skinlist.bmp
slider_Thumb.bmp
topleft.bmp
topright.bmp
topstretch.bmp
vert_slider_backgnd.bmp
vert_slider_foregnd.bmp
vertbkg.bmp
vertfrg.bmp
vertthumb.bmp
volume_slider_backgnd.bmp
volume_slider_foregnd.bmp
vs_down.bmp
vs_tb_ctr.bmp
vs_tb_down.bmp
vs_tb_up.bmp
vs_up.bmp
.kps
kcore.dll
.dll windows:4 windows x86 arch:x86

43f04605592a22264635cf76594d5ed6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
CloseHandle
DeleteFileA
GetFileSize
CreateFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcmpiA
GetShortPathNameA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
lstrlenA
IsBadWritePtr
DisableThreadLibraryCalls
GetLastError
GetFileAttributesA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
HeapSize
IsBadReadPtr
GetCommandLineA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
MultiByteToWideChar
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
SetEndOfFile
LCMapStringA
LCMapStringW

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathRemoveFileSpecA
PathFindFileNameA

Exports

Exports

CreateKRComponent
GetCLSIDs

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kexpert.dll
.dll windows:4 windows x86 arch:x86

e0db544ab204458ceb29612bbb211646

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathRemoveFileSpecA
PathFindFileNameA

kernel32

HeapDestroy
CloseHandle
DeleteFileA
GetFileSize
CreateFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
Sleep
InterlockedExchange
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetLastError
GetFileAttributesA
RaiseException
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapSize
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
SetEndOfFile
LCMapStringA
LCMapStringW

Exports

Exports

CreateKRComponent
GetCLSIDs

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kparser.dll
.dll windows:4 windows x86 arch:x86

68549ac481fc36b8fb913e039d2462d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCrackUrlA

ws2_32

closesocket
connect
gethostbyname
WSACleanup
WSAStartup
htons
select
ioctlsocket
socket
recv
send

shlwapi

PathRemoveFileSpecA
StrTrimA
SHGetValueA
StrRChrA
StrRChrW
PathFindExtensionW
PathIsURLA
PathCreateFromUrlA
StrCmpNIW
StrCmpNIA
PathFindFileNameA
StrStrA
StrStrIA

kernel32

LoadLibraryA
GetProcAddress
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentProcess
TerminateProcess
GetDriveTypeA
GetCurrentDirectoryA
lstrcpyA
WriteFile
CloseHandle
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetFileSize
lstrcpynA
GetFileAttributesA
ReadFile
DeleteCriticalSection
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrcmpiA
lstrcatA
DisableThreadLibraryCalls
DeleteFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
LCMapStringA
GetOEMCP
GetACP
Sleep
InterlockedExchange
RaiseException
HeapFree
RtlUnwind
GetLastError
GetFullPathNameA
GetCommandLineA
GetVersion
ExitProcess
SetUnhandledExceptionFilter
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
LCMapStringW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

oleaut32

SysFreeString
SysAllocString

Exports

Exports

CreateKRComponent
GetCLSIDs

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kpfa.dll
.dll regsvr32 windows:4 windows x86 arch:x86

89091684a5f29614d8cd09e3ec5ed342

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InterlockedDecrement
lstrlenW
lstrlenA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
InterlockedIncrement
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetModuleFileNameA
GetShortPathNameA
LoadLibraryExA
DisableThreadLibraryCalls
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

shell32

ShellExecuteA
DragQueryFileA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kprobe.dll
.dll windows:4 windows x86 arch:x86

424fec88ef590675988282b6d9b34358

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathRemoveFileSpecA
PathFindFileNameA

kernel32

SetUnhandledExceptionFilter
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
DeleteFileA
GetFileSize
CreateFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcmpiA
RtlUnwind
GetLastError
GetFileAttributesA
RaiseException
HeapFree
GetCommandLineA
GetVersion
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
ReadFile
SetFilePointer
SetEndOfFile
LCMapStringA
LCMapStringW

Exports

Exports

CreateKRComponent
GetCLSIDs

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kupdate.dll
.dll windows:4 windows x86 arch:x86

b0e7f5377acaf85df3b50b9389774b4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCrackUrlA

ws2_32

WSAStartup
send
recv
htons
connect
WSAGetLastError
select
__WSAFDIsSet
gethostbyname
ioctlsocket
socket
closesocket
WSACleanup

shlwapi

PathFindFileNameA
PathIsDirectoryA
PathFileExistsA
StrTrimA
StrChrA
StrCmpNIA
SHSetValueA
SHDeleteValueA
SHDeleteKeyA
StrRChrA
StrStrA
SHGetValueA
PathRemoveBackslashA
PathAddBackslashA
StrDupA
PathFindExtensionA
StrNCatA
StrStrIA
PathRemoveFileSpecA

kernel32

GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetACP
GetCPInfo
UnhandledExceptionFilter
HeapSize
GetDriveTypeA
SetLastError
TlsFree
TlsAlloc
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitProcess
GetVersion
GetCommandLineA
HeapAlloc
ExitThread
InterlockedIncrement
CloseHandle
ReadFile
GetFileSize
CreateFileA
lstrcatA
GetModuleFileNameA
Sleep
InterlockedExchange
InterlockedDecrement
lstrcpyA
DeleteFileA
WriteFile
GetTempFileNameA
GetTempPathA
lstrcpynA
GetLastError
MultiByteToWideChar
lstrlenA
lstrcmpiA
CopyFileA
GetFileAttributesA
FindClose
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetFileAttributesA
CreateProcessA
TerminateProcess
OpenProcess
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetStringTypeW
WritePrivateProfileSectionA
LCMapStringW
MoveFileExA
GetShortPathNameA
GetSystemDirectoryA
GetModuleHandleA
CreateDirectoryA
RemoveDirectoryA
FindNextFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
LocalFree
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFilePointer
GetLocalTime
SystemTimeToFileTime
CreateEventA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
MoveFileA
GetFileType
GetTickCount
LocalFileTimeToFileTime
SetFileTime
TerminateThread
Module32Next
Module32First
lstrcmpA
DisableThreadLibraryCalls
CreateMutexA
OpenFileMappingA
GetCurrentProcessId
TlsGetValue
TlsSetValue
GetCurrentThreadId
CreateThread
GetFullPathNameA
RtlUnwind
HeapFree
RaiseException
WideCharToMultiByte
VirtualFree
VirtualAlloc
SetEndOfFile
GetStdHandle
GetPrivateProfileSectionA
LCMapStringA
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetOEMCP
SetHandleCount
GetWindowsDirectoryA
SetEvent
SetStdHandle
FlushFileBuffers

user32

PostThreadMessageA
KillTimer
GetMessageA
PeekMessageA
MessageBoxA
ExitWindowsEx
DialogBoxParamA
GetPropA
SetPropA
EndDialog
DispatchMessageA
TranslateMessage
SendMessageA
GetDlgItem
SetWindowPos
EnableWindow
SetWindowTextA
SetTimer
IsWindow
RegisterWindowMessageA
GetWindowThreadProcessId
wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
GetKernelObjectSecurity
GetSecurityDescriptorDacl
GetUserNameA
BuildExplicitAccessWithNameA
SetEntriesInAclA
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyA

shell32

SHGetFolderPathA

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize

oleaut32

SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SysAllocString
VariantClear
SysFreeString
SysStringLen
VariantInit
SysStringByteLen

comctl32

InitCommonControlsEx

Exports

Exports

CreateKRComponent
GNeedUpdate
GUpdate
GetCLSIDs

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
media.cfg
media.dll
players.dll
.dll windows:4 windows x86 arch:x86

15ea296ac0f932443a68aedf5e7bc42d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

atl

ord47
ord48
ord42

rpcrt4

UuidToStringA
RpcStringFreeA

kernel32

DeleteFileA
GetFileSize
CreateFileA
WritePrivateProfileSectionA
GetPrivateProfileStringA
lstrcatA
lstrcpyA
GetModuleFileNameA
TerminateThread
GetCurrentThreadId
SetEvent
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
FlushInstructionCache
VirtualProtect
GetCurrentProcess
WinExec
GetFileAttributesA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetACP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
IsDebuggerPresent
GetLastError
DeviceIoControl
HeapDestroy
DisableThreadLibraryCalls
LocalAlloc
SetProcessWorkingSetSize
GetVersionExA
VirtualAlloc
VirtualFree
FreeLibrary
GlobalFree
ReleaseMutex
CreateMutexA
GetCurrentProcessId
GetSystemDirectoryA
LCMapStringW
LCMapStringA
SetEndOfFile
ReadFile
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
HeapSize
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
GetDriveTypeA
GetCurrentDirectoryA
CreateThread
WaitForSingleObject
CloseHandle
LocalFree
CreateEventA
Sleep
InterlockedExchange
IsBadWritePtr
HeapReAlloc
HeapCreate
WriteFile
SetFilePointer
CreateDirectoryA
GetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapAlloc
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
ExitProcess
RtlUnwind
RaiseException
HeapFree
GetFullPathNameA
GetCommandLineA
GetVersion
GlobalAlloc

user32

FillRect
MapWindowPoints
IsWindowVisible
GetClientRect
GetWindow
DefWindowProcA
GetPropA
SetPropA
DestroyWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
PostMessageA
ScreenToClient
ClientToScreen
InSendMessage
GetMessagePos
GetMessageTime
GetWindowRect
OffsetRect
KillTimer
SetTimer
CallWindowProcA
GetClassInfoExA
wsprintfA
GetWindowLongA
SetWindowPos
SetWindowLongA
InvalidateRect
MoveWindow
EnableWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
IsWindow
RegisterWindowMessageA

gdi32

SaveDC
ExcludeClipRect
GetStockObject
RestoreDC

advapi32

RegOpenKeyA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegQueryValueA
RegEnumValueA
RegQueryValueExA

ole32

StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear

shlwapi

StrRChrA
PathRemoveFileSpecA
StrTrimA
StrChrA
StrStrA
StrCatW
StrNCatA
SHGetValueA
PathFindFileNameA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

CreateKRComponent
GetCLSIDs

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 27KB

89091684a5f29614d8cd09e3ec5ed342

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

d3ade25d7710cc7b0801440c6df6098c

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 831B

.rdata Size: 1024B - Virtual size: 577B

.data Size: - Virtual size: 24B

.reloc Size: 512B - Virtual size: 150B

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 831B

.rdata
Size: 1024B - Virtual size: 577B

.data
Size: - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 150B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 22KB

.reloc
Size: 1024B - Virtual size: 734B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 28KB - Virtual size: 34KB

.rsrc
Size: 308KB - Virtual size: 306KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB