9761793086517fc336b641b1f1019bb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9761793086517fc336b641b1f1019bb6_JaffaCakes118
Size

19.5MB
MD5

9761793086517fc336b641b1f1019bb6
SHA1

ce7cc04b852f25b3aedf819df84363bbe20a95e7
SHA256

732ca15d386d233205c82d5201fbaa2dbd98ecc56a6ed973ac85d0b5b808fc23
SHA512

766fa4e7994a9586ff7fce213fbd5522ffc2b54cc06b0a016a7c56f97e0204fdbabcf3b78753555ce0bfa8aec0a006fa4454b64f250255e5e4fd069747fda1f9
SSDEEP

393216:BEoc/QOa48Um7+VRY97hiIlyEH2jC3OQpvMXU5/2O7RtpGZa2Ml:BER/QOrVm7+VyDpH3NMXU5/2QR+Wl

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crack/AppInitialization.bpl
unpack001/Crack/CommonForms.bpl
unpack001/Crack/tulic.dll
unpack001/TuneUpUtilities2011_en-US.exe

Files

9761793086517fc336b641b1f1019bb6_JaffaCakes118
.zip
155ɫվ.url
.url
Crack/AppInitialization.bpl
.dll windows:5 windows x86 arch:x86

5400768665f7e01150d587e834cedaa1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rtl120.bpl

@System@initialization$qqrv

user32

ShowWindow

advapi32

SetSecurityDescriptorDacl

tulic

ord1

dec.bpl

@Decutil@initialization$qqrv

oleaut32

VariantChangeType

ole32

CoTaskMemFree

maincontrols.bpl

@Hugeint@Base256StringToHugeInt$qqr31System@%AnsiStringT$us$i65535$%r16Hugeint@THugeInt

vcl120.bpl

@Controls@initialization$qqrv

shell32

ShellExecuteExW

tubase.bpl

@Tuneupwow64@initialization$qqrv

smallunits.bpl

@Smallmozillastuff@initialization$qqrv

tucompression.bpl

@Zipforge@initialization$qqrv

tutransl.bpl

@Gnugettext@initialization$qqrv

tubasic.bpl

@Madtools@initialization$qqrv

schedagent_2007.bpl

@Satask@initialization$qqrv

ntrtl60.bpl

@Netapi32@initialization$qqrv

html.bpl

@Htmlun2@initialization$qqrv

gr32_d6.bpl

@Gr32@initialization$qqrv

vclimg120.bpl

@Pngimage@initialization$qqrv

xmlcomponents.bpl

@Libxmlparser@initialization$qqrv

regexp.bpl

@Regexpr@initialization$qqrv

shfolder

SHGetFolderPathW

programrating.bpl

@Tutranslation@initialization$qqrv

viscontrols.bpl

@Alprogressbar@TALProgressBar@

sysinfo.bpl

@Tuusvc@CLASS_TUUtilitiesSvc

tushredder.bpl

@Tucmdln@TTUCommandLine@GetInstance$qqrv

dxgdiplusd12.bpl

@Dxgdiplusclasses@initialization$qqrv

Exports

Exports

@$xp$12ITaskTrigger
@$xp$14IEnumWorkItems
@$xp$14ITaskScheduler
@$xp$17Ufrmeula@TfrmEula
@$xp$18IScheduledWorkItem
@$xp$18_TASK_TRIGGER_TYPE
@$xp$20Sharedmem@TSharedMem
@$xp$20Tuappinit@TTUAppMode
@$xp$21Ufrmnagscreen@TfrmNag
@$xp$22Tunagscreen@TNagButton
@$xp$23Tunagscreen@TNagButtons
@$xp$23Ufrmregcode@TfrmRegCode
@$xp$24Sharedmem@THandledObject
@$xp$24Tunagscreen@TTUNagScreen
@$xp$25Accessibility@TUBlackList
@$xp$26Tunagscreen@TNagScreenType
@$xp$26Tuosversion@Tuosversion__1
@$xp$26Tuproductkey@ITUProductKey
@$xp$26Tustatistics@TTUStatistics
@$xp$26Ufrmeula@TTUEulaWizardStep
@$xp$27Tuappinstancepools@TAIPPool
@$xp$27Tuosversion@TTUOSVersionSKU
@$xp$28Accessibility@TURegistration
@$xp$28Tuaeszipforge@TTUZipForgeAES
@$xp$28Tuhtmlsticker@TTUHTMLSticker
@$xp$28Tunagscreen@TNagNotification
@$xp$29Tutaskscheduler@TUTriggerItem
@$xp$30Tuappinstancepools@TAIPMessage
@$xp$30Tutaskscheduler@TUScheduleTask
@$xp$30Ufrmeulareject@TufrmEulaReject
@$xp$31Tunagscreen@ENagScreenException
@$xp$32Tuappinstancepools@TAIPOnMessage
@$xp$32Tuappinstancepools@TAIPOperation
@$xp$32Tuproductkey@TTUProductKeyStatus
@$xp$33Tunagscreen@TNagNotificationTypes
@$xp$33Tuosversion@TTUOSVersionSuiteMask
@$xp$33Tuproductkey@TTUProductKeyEdition
@$xp$33Tuproductkey@TTUProductKeyProduct
@$xp$33Tuproductkey@TTUProductKeyVersion
@$xp$33Tutaskscheduler@TUTriggerItemList
@$xp$34Tuosversion@TTUOSVersionInfoSource
@$xp$34Tuosversion@TTUOSVersionPlatformId
@$xp$34Tuproductkey@TTUProductKeyLanguage
@$xp$34Tuproductkeybase@TTUProductKeyBase
@$xp$34Tutaskscheduler@Tutaskscheduler__1
@$xp$35Tuosversion@TTUOSVersionProductType
@$xp$35Ufrmpasswordlogin@TfrmPasswordLogin
@$xp$37Ufrmeula@TTuneUpUtilitiesAppNameParam
@$xp$38Tuappinstancepools@TTUAppInstancePools
@$xp$39Tutaskscheduler@TWeeklyTriggerDayOfWeek
@$xp$40Tuproductkey@TTUProductKeyAbsoluteExpiry
@$xp$40Tutaskscheduler@TWeeklyTriggerDaysOfWeek
@$xp$42Tuappinstancepools@TAIPOnHandleCommandLine
@$xp$45Tusecurityutils@ITUEveryoneSecurityAttributes
@$xp$47Ufrmupdateavailable@TfrmUpdateAvailableReminder
@$xp$5ITask
@$xp$9_TASKPAGE
@Accessibility@Finalization$qqrv
@Accessibility@TUBlackList@
@Accessibility@TUBlackList@$bctr$qqrv
@Accessibility@TUBlackList@$bdtr$qqrv
@Accessibility@TUBlackList@GetProductKeyHash$qqrx20System@UnicodeString
@Accessibility@TUBlackList@GetRealSystemTime$qqrv
@Accessibility@TUBlackList@IsProductKeyBlocked$qqrx20System@UnicodeString
@Accessibility@TUBlackList@IsProductKeyInLocalBlackList$qqrx20System@UnicodeString
@Accessibility@TUBlackList@TriggerProductKeyDelayBlock$qqrx20System@UnicodeString
@Accessibility@TURegistration@
@Accessibility@TURegistration@$bctr$qqrv
@Accessibility@TURegistration@CanStartGracePeriod$qqrv
@Accessibility@TURegistration@GetGracePeriodLength$qqrv
@Accessibility@TURegistration@GetMaxDays$qqrv
@Accessibility@TURegistration@GetSystemTimeStamp$qqrv
@Accessibility@TURegistration@GetUseCounter$qqrv
@Accessibility@TURegistration@GetUsedDays$qqrv
@Accessibility@TURegistration@HashEncrypt$qqr27System@%AnsiStringT$us$i0$%
@Accessibility@TURegistration@HashEncrypt$qqrpxvi
@Accessibility@TURegistration@HashedValueValid$qqr27System@%AnsiStringT$us$i0$%i
@Accessibility@TURegistration@IncUseCounter$qqrv
@Accessibility@TURegistration@Install$qqruiuio
@Accessibility@TURegistration@IsCorrupt$qqrv
@Accessibility@TURegistration@IsEulaAccepted$qqrv
@Accessibility@TURegistration@IsExpired$qqrv
@Accessibility@TURegistration@IsIllegal$qqrv
@Accessibility@TURegistration@IsKeyExpired$qqrv
@Accessibility@TURegistration@IsValid$qqrv
@Accessibility@TURegistration@IsValidSerial$qqrv
@Accessibility@TURegistration@Load$qqrv
@Accessibility@TURegistration@StartGracePeriod$qqrj
@Accessibility@initialization$qqrv
@Appinitialization@@GetPackageInfoTable$qqrv
@Appinitialization@@PackageLoad$qqrv
@Appinitialization@@PackageUnload$qqrv
@Appinitialization@initialization$qqrv
@GetPackageInfoTable
@Mstask@CLSID_CSchedulingAgent
@Mstask@CLSID_CTask
@Mstask@CLSID_CTaskScheduler
@Mstask@Finalization$qqrv
@Mstask@IID_IEnumWorkItems
@Mstask@IID_IPersistFile
@Mstask@IID_IProvideTaskPage
@Mstask@IID_IScheduledWorkItem
@Mstask@IID_ISchedulingAgent
@Mstask@IID_ITask
@Mstask@IID_ITaskScheduler
@Mstask@IID_ITaskTrigger
@Mstask@initialization$qqrv
@Mstaskutils@Finalization$qqrv
@Mstaskutils@StartScheduler$qqrv
@Mstaskutils@initialization$qqrv
@Ocmutils@CreateLegacySysOptTask$qqrv
@Ocmutils@CreateSysOptTask$qqr20System@UnicodeStringt1t1t1oo
@Ocmutils@Finalization$qqrv
@Ocmutils@GetLastPlannedQuickCheckRunTime$qqrr9_FILETIME
@Ocmutils@GetLastQuickCheckRun$qqrr9_FILETIME
@Ocmutils@GetPlannedQuickCheckTaskParameters$qqrr27Ocmutils@TTUOCMTimeSettings
@Ocmutils@IsLiveOptimizerRun$qqrv
@Ocmutils@IsPlannedQuickCheckTaskInvalid$qqrv
@Ocmutils@IsQuickCheckRequired$qqrrx9_FILETIMEt1
@Ocmutils@IsUserCustomizedTaskIntended$qqrv
@Ocmutils@OCMSettingsChanged$qqrrx27Ocmutils@TTUOCMTimeSettingst1
@Ocmutils@RemoveSysOptTask$qqr20System@UnicodeString
@Ocmutils@SetLastQuickCheckRun$qqrv
@Ocmutils@SetPlannedQuickCheckTaskParameters$qqrrx27Ocmutils@TTUOCMTimeSettings
@Ocmutils@_StrCustomizedTaskCaption
@Ocmutils@_StrCustomizedTaskText
@Ocmutils@_StrOCM
@Ocmutils@_StrOCMTaskName
@Ocmutils@_StrTaskNotParsable
@Ocmutils@initialization$qqrv
@Sharedmem@Finalization$qqrv
@Sharedmem@THandledObject@
@Sharedmem@THandledObject@$bdtr$qqrv
@Sharedmem@TSharedMem@
@Sharedmem@TSharedMem@$bctr$qqrx20System@UnicodeStringi
@Sharedmem@TSharedMem@$bdtr$qqrv
@Sharedmem@initialization$qqrv
@Tuaeszipforge@Finalization$qqrv
@Tuaeszipforge@TTUZipForgeAES@
@Tuaeszipforge@TTUZipForgeAES@$bctr$qqrp18Classes@TComponent
@Tuaeszipforge@TTUZipForgeAES@$bdtr$qqrv
@Tuaeszipforge@TTUZipForgeAES@CreateEmptyArchive$qqrv
@Tuaeszipforge@TTUZipForgeAES@DecryptStream$qqrp15Classes@TStreamt1x27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@EncryptStream$qqrpx15Classes@TStreamt1x27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@InitAESKey$qqrpuc27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@LoadFromAESZipFile$qqrx20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@LoadFromAESZipStream$qqrpx15Classes@TStreamx27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@SaveToAESZipFile$qqrx20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@SaveToAESZipStream$qqrpx15Classes@TStreamx27System@%AnsiStringT$us$i0$%
@Tuaeszipforge@TTUZipForgeAES@SaveToZipFile$qqrx20System@UnicodeString
@Tuaeszipforge@initialization$qqrv
@Tuappcompat@Finalization$qqrv
@Tuappcompat@GetCurrentPermLayers$qqrpbruiui
@Tuappcompat@GetPermLayers$qqspbt1ruiui
@Tuappcompat@SetCurrentPermLayers$qqrpbi
@Tuappcompat@SetPermLayers$qqspbt1i
@Tuappcompat@TUGetAppCompatLayers$qqrv
@Tuappcompat@TUIsAppCompatLayerPresent$qqrx20System@UnicodeString
@Tuappcompat@initialization$qqrv
@Tuappinit@CloseNagMutexHandle$qqrv
@Tuappinit@CreateNagMutexHandle$qqrv
@Tuappinit@Finalization$qqrv
@Tuappinit@Init_ProdRegReminder$qqroo
@Tuappinit@IsFirstStartOfTUU$qqrv
@Tuappinit@IsLastUpdateTooLongAgo$qqrri
@Tuappinit@MUTEX_NAME_NAGSCREEN
@Tuappinit@MUTEX_NAME_PASSWORD
@Tuappinit@NagMutexHandle
@Tuappinit@NagScreenShown
@Tuappinit@PasswordMutexHandle
@Tuappinit@SetFirstStartFlag$qqro
@Tuappinit@ShowEndOfTrialNagScreen$qqrv
@Tuappinit@TUAppBehaviour_Env$qqroo
@Tuappinit@TUAppBehaviour_ShowNag$qqroo
@Tuappinit@TUAppMode
@Tuappinit@TUStartProductRegistrationWizard$qqrx20System@UnicodeStringo
@Tuappinit@_rsBetaExpired
@Tuappinit@initialization$qqrv
@Tuappinstancepools@AIP_MESSAGE_ID_HANDLECOMMANDLINE
@Tuappinstancepools@Finalization$qqrv
@Tuappinstancepools@TAIPPool@
@Tuappinstancepools@TAIPPool@$bctr$qqrx20System@UnicodeStringo
@Tuappinstancepools@TAIPPool@$bdtr$qqrv
@Tuappinstancepools@TAIPPool@BroadcastMessage$qqrrx30Tuappinstancepools@TAIPMessage
@Tuappinstancepools@TAIPPool@CommandLineHandler_InitOnce$qqrynpqqrpx27Tuappinstancepools@TAIPPoolx17System@WideStringxoro$v
@Tuappinstancepools@TAIPPool@EnforceSingleInstance$qqrv
@Tuappinstancepools@TAIPPool@EnumInstanceHandles$qqrpx13Classes@TList
@Tuappinstancepools@TAIPPool@ExecutePoolMemoryOperation$qqrx32Tuappinstancepools@TAIPOperationpxv
@Tuappinstancepools@TAIPPool@HandleIncomingMessage$qqrrx30Tuappinstancepools@TAIPMessage
@Tuappinstancepools@TAIPPool@IsInstanceValid$qqrpx42Tuappinstancepools@TAIPInstanceInformation
@Tuappinstancepools@TAIPPool@MainWindowHookProc$qqrr17Messages@TMessage
@Tuappinstancepools@TAIPPool@MatchInstanceInformation$qqrpx42Tuappinstancepools@TAIPInstanceInformationt1
@Tuappinstancepools@TAIPPool@RegisterAsInstance$qqrv
@Tuappinstancepools@TAIPPool@SendMessageToInstance$qqrrx30Tuappinstancepools@TAIPMessagexp6HWND__
@Tuappinstancepools@TAIPPool@SendMessageToInstances$qqrrx30Tuappinstancepools@TAIPMessagepx13Classes@TList
@Tuappinstancepools@TAIPPool@UnregisterAsInstance$qqrv
@Tuappinstancepools@TTUAppInstancePools@
@Tuappinstancepools@TTUAppInstancePools@$bctr$qqrv
@Tuappinstancepools@TTUAppInstancePools@$bdtr$qqrv
@Tuappinstancepools@TTUAppInstancePools@GetInstance$qqrv
@Tuappinstancepools@TTUAppInstancePools@GetPool$qqrx17System@WideStringo
@Tuappinstancepools@TTUAppInstancePools@PoolIDFromName$qqrx17System@WideString
@Tuappinstancepools@initialization$qqrv
@Tuhtmlsticker@Finalization$qqrv
@Tuhtmlsticker@TTUHTMLSticker@
@Tuhtmlsticker@TTUHTMLSticker@$bctr$qqrv
@Tuhtmlsticker@TTUHTMLSticker@Apply$qqrv
@Tuhtmlsticker@TTUHTMLSticker@OnHTMLHotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Tuhtmlsticker@TTUHTMLSticker@OnHTMLImageRequest$qqrp14System@TObjectx20System@UnicodeStringrp21Classes@TMemoryStream
@Tuhtmlsticker@TTUHTMLSticker@OnHTMLObjectClick$qqrp14System@TObjectt1x20System@UnicodeString
@Tuhtmlsticker@TTUHTMLSticker@Show$qqrv
@Tuhtmlsticker@initialization$qqrv
@Tunagscreen@ENagScreenException@
@Tunagscreen@Finalization$qqrv
@Tunagscreen@HTMLDecode$qqrx20System@UnicodeString
@Tunagscreen@ParseOpenHomepageLink$qqr20System@UnicodeStringr20System@UnicodeString25Tuhelper@TTUCampaignParamp24Tunagscreen@TTUNagScreeno
@Tunagscreen@TTUNagScreen@
@Tunagscreen@TTUNagScreen@$bctr$qqr26Tunagscreen@TNagScreenType
@Tunagscreen@TTUNagScreen@$bdtr$qqrv
@Tunagscreen@TTUNagScreen@BuildHTML$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@BuildXSourceParams$qqr20System@UnicodeStringo
@Tunagscreen@TTUNagScreen@CalculateDelays$qqrv
@Tunagscreen@TTUNagScreen@CreateNagScreenZipInstance$qqrv
@Tunagscreen@TTUNagScreen@DecrementRemainingDelay$qqrv
@Tunagscreen@TTUNagScreen@GetCSS$qqrv
@Tunagscreen@TTUNagScreen@GetContent$qqrv
@Tunagscreen@TTUNagScreen@GetContentFromCommandID$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@GetDirPath$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@GetFileContent$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@GetImage$qqr20System@UnicodeStringrp21Classes@TMemoryStream
@Tunagscreen@TTUNagScreen@GetNagScreenFromSection$qqrx20System@UnicodeStringpx20Inifiles@TMemIniFiler20System@UnicodeString
@Tunagscreen@TTUNagScreen@GetStreamFromSource$qqr20System@UnicodeString
@Tunagscreen@TTUNagScreen@GetZipPath$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@InitializeNagScreen$qqrv
@Tunagscreen@TTUNagScreen@ParseConfigBlock$qqr20System@UnicodeString
@Tunagscreen@TTUNagScreen@ParseDontChooseAndForceOtherValues$qqrpx20Inifiles@TMemIniFilex20System@UnicodeStringrp19Classes@TStringListt3
@Tunagscreen@TTUNagScreen@ParseHTMLText$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@ParseNotifications$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@RebuildContent$qqro
@Tunagscreen@TTUNagScreen@ResetValues$qqrv
@Tunagscreen@TTUNagScreen@SetCommandID$qqrx20System@UnicodeString
@Tunagscreen@TTUNagScreen@SetConfigValue$qqr20System@UnicodeStringt1
@Tunagscreen@TTUNagScreen@ValueRequestCallback$qqrx20System@UnicodeStringr17System@WideString
@Tunagscreen@initialization$qqrv
@Tuosversion@Finalization$qqrv
@Tuosversion@TUGetNativeOSVersionInfo$qqrr28Tuosversion@TTUOSVersionInfo
@Tuosversion@TUGetOSVersionInfo$qqrr28Tuosversion@TTUOSVersionInfo
@Tuosversion@TUGetOSVersionInfoEx$qqrr28Tuosversion@TTUOSVersionInfo34Tuosversion@TTUOSVersionInfoSource
@Tuosversion@TUGetOSVersionSKU$qqrv
@Tuosversion@TUGetOSVersionSKUEx$qqruiuiuiui
@Tuosversion@TUIsOSVersionLieActive$qqrv
@Tuosversion@initialization$qqrv
@Tuproductkey@Finalization$qqrv
@Tuproductkey@IID_ITUProductKey
@Tuproductkey@TTUProductKeyAbsoluteExpiryDate@GetIsExpired$qqrv
@Tuproductkey@TUProductKeyAbsoluteExpiryDates
@Tuproductkey@TUProductKeyLanguageNames
@Tuproductkey@TUProductKeyLanguageNamesBrazil
@Tuproductkey@TUProductKeyLanguageNamesChina
@Tuproductkey@TUProductKeyLanguageNamesCurrentSegments
@Tuproductkey@TUProductKeyLanguageNamesDenmark
@Tuproductkey@TUProductKeyLanguageNamesDotCOM
@Tuproductkey@TUProductKeyLanguageNamesEuro
@Tuproductkey@TUProductKeyLanguageNamesEuroPoland
@Tuproductkey@TUProductKeyLanguageNamesEuroUnitedKingdom
@Tuproductkey@TUProductKeyLanguageNamesFrance
@Tuproductkey@TUProductKeyLanguageNamesGermany
@Tuproductkey@TUProductKeyLanguageNamesInvalid
@Tuproductkey@TUProductKeyLanguageNamesItaly
@Tuproductkey@TUProductKeyLanguageNamesJapan
@Tuproductkey@TUProductKeyLanguageNamesJapanKorea
@Tuproductkey@TUProductKeyLanguageNamesKorea
@Tuproductkey@TUProductKeyLanguageNamesPoland
@Tuproductkey@TUProductKeyLanguageNamesRussia
@Tuproductkey@TUProductKeyLanguageNamesSpain
@Tuproductkey@TUProductKeyLanguageNamesTheNetherlands
@Tuproductkey@TUProductKeyLanguageNamesUnitedKingdom
@Tuproductkey@TUProductKeyLanguageNamesUnitedStates
@Tuproductkey@initialization$qqrv
@Tuproductkeybase@Finalization$qqrv
@Tuproductkeybase@TTUProductKeyBase@
@Tuproductkeybase@TTUProductKeyBase@$bctr$qqrv
@Tuproductkeybase@TTUProductKeyBase@$bdtr$qqrv
@Tuproductkeybase@TTUProductKeyBase@GetEdition$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetExpiry$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetExpiryIsRelative$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetExtendedTrial$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetIsUpgrade$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetKey$qqsr17System@WideString
@Tuproductkeybase@TTUProductKeyBase@GetLanguage$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetMessagesBlocked$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetOpenRegWizOnUnlock$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetProduct$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetRequiresActivation$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetReserved$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetSpecialsBlocked$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetStatus$qqsv
@Tuproductkeybase@TTUProductKeyBase@GetVersion$qqsv
@Tuproductkeybase@TTUProductKeyBase@Reset$qqrv
@Tuproductkeybase@TTUProductKeyBase@ResetStatus$qqrv
@Tuproductkeybase@TTUProductKeyBase@SetEdition$qqs33Tuproductkey@TTUProductKeyEdition
@Tuproductkeybase@TTUProductKeyBase@SetExpiry$qqsui
@Tuproductkeybase@TTUProductKeyBase@SetExpiryIsRelative$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetExtendedTrial$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetIsUpgrade$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetKey$qqsx17System@WideString
@Tuproductkeybase@TTUProductKeyBase@SetLanguage$qqs34Tuproductkey@TTUProductKeyLanguage
@Tuproductkeybase@TTUProductKeyBase@SetMessagesBlocked$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetOpenRegWizOnUnlock$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetProduct$qqs33Tuproductkey@TTUProductKeyProduct
@Tuproductkeybase@TTUProductKeyBase@SetRequiresActivation$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetReserved$qqsui
@Tuproductkeybase@TTUProductKeyBase@SetSpecialsBlocked$qqsi
@Tuproductkeybase@TTUProductKeyBase@SetStatus$qqs32Tuproductkey@TTUProductKeyStatus
@Tuproductkeybase@TTUProductKeyBase@SetVersion$qqs33Tuproductkey@TTUProductKeyVersion
@Tuproductkeybase@TTUProductKeyBase@Validate$qqsv
@Tuproductkeybase@initialization$qqrv
@Tuproductkeylegacy@Finalization$qqrv
@Tuproductkeylegacy@TUValidateLegacyProductKey$qqrx17System@WideString
@Tuproductkeylegacy@TUValidateLegacyProductKeyEx$qqrx17System@WideStringrl
@Tuproductkeylegacy@initialization$qqrv
@Tuproductkeypublic@Finalization$qqrv
@Tuproductkeypublic@TUCreateProductKey$qqrx17System@WideString
@Tuproductkeypublic@TUValidateProductKey$qqrx17System@WideString
@Tuproductkeypublic@TUValidateProductKeyEx$qqrx17System@WideStringrl
@Tuproductkeypublic@initialization$qqrv
@Tusecurityutils@Finalization$qqrv
@Tusecurityutils@IID_ITUEveryoneSecurityAttributes
@Tusecurityutils@TUCreateEveryoneSecurityAttributes$qqrui
@Tusecurityutils@initialization$qqrv
@Tustatistics@Finalization$qqrv
@Tustatistics@Statistics
@Tustatistics@TTUStatic_DiskCleaner@GetGainedDiskSpace$qqrv
@Tustatistics@TTUStatic_DiskCleaner@SetGainedDiskSpace$qqrxuj
@Tustatistics@TTUStatic_DriveDefrag@GetLastDefrag$qqrv
@Tustatistics@TTUStatic_DriveDefrag@SetLastDefrag$qqrx16System@TDateTime
@Tustatistics@TTUStatic_OneClick@GetFixedTotal$qqrv
@Tustatistics@TTUStatic_OneClick@GetGainedDiskSpace$qqrv
@Tustatistics@TTUStatic_OneClick@GetLastDefrag$qqrv
@Tustatistics@TTUStatic_OneClick@GetLastRun$qqrv
@Tustatistics@TTUStatic_OneClick@SetFixedTotal$qqrxui
@Tustatistics@TTUStatic_OneClick@SetGainedDiskSpace$qqrxuj
@Tustatistics@TTUStatic_OneClick@SetLastDefrag$qqrx16System@TDateTime
@Tustatistics@TTUStatic_OneClick@SetLastRun$qqrx16System@TDateTime
@Tustatistics@TTUStatic_RegCleaner@Fixed$qqrui
@Tustatistics@TTUStatic_RegCleaner@GetFixedThisMonth$qqrv
@Tustatistics@TTUStatic_RegCleaner@GetFixedTotal$qqrv
@Tustatistics@TTUStatic_RegCleaner@GetLastCleanDate$qqrv
@Tustatistics@TTUStatic_RegCleaner@GetLastThisMonth$qqrv
@Tustatistics@TTUStatic_RegCleaner@SetFixedThisMonth$qqrxui
@Tustatistics@TTUStatic_RegCleaner@SetFixedTotal$qqrxui
@Tustatistics@TTUStatic_RegCleaner@SetLastCleanDate$qqrx16System@TDateTime
@Tustatistics@TTUStatic_RegCleaner@SetLastThisMonth$qqrx20System@UnicodeString
@Tustatistics@TTUStatic_ShortCutCleaner@GetFixedThisMonth$qqrv
@Tustatistics@TTUStatic_ShortCutCleaner@GetFixedTotal$qqrv
@Tustatistics@TTUStatic_ShortCutCleaner@GetLastCleanDate$qqrv
@Tustatistics@TTUStatic_ShortCutCleaner@GetLastThisMonth$qqrv
@Tustatistics@TTUStatic_ShortCutCleaner@SetFixedThisMonth$qqrxui
@Tustatistics@TTUStatic_ShortCutCleaner@SetFixedTotal$qqrxui
@Tustatistics@TTUStatic_ShortCutCleaner@SetLastCleanDate$qqrx16System@TDateTime
@Tustatistics@TTUStatic_ShortCutCleaner@SetLastThisMonth$qqrx20System@UnicodeString
@Tustatistics@TTUStatistics@
@Tustatistics@TTUStatistics@$bctr$qqrv
@Tustatistics@TTUStatistics@$bdtr$qqrv
@Tustatistics@initialization$qqrv
@Tutaskscheduler@BoundaryToDateTime$qqrx17System@WideString
@Tutaskscheduler@DateTimeToBoundary$qqrx16System@TDateTime
@Tutaskscheduler@DayOfWeekDefaultNames
@Tutaskscheduler@DayOfWeekLocaleTypes
@Tutaskscheduler@DaysOfMonthToDecimal$qqrxixi
@Tutaskscheduler@DaysOfMonthToStringList$qqrirp19Classes@TStringList
@Tutaskscheduler@DaysOfWeekToDecimal$qqrxixi
@Tutaskscheduler@DaysOfWeekToStringList$qqrsrp19Classes@TStringList
@Tutaskscheduler@DecimalToDayOfX$qqri
@Tutaskscheduler@Finalization$qqrv
@Tutaskscheduler@GetDayOfWeekName$qqri
@Tutaskscheduler@GetIRegisteredTask$qqr17System@WideStringt1
@Tutaskscheduler@GetITaskFolder$qqr17System@WideString
@Tutaskscheduler@GetModulePath$qqrv
@Tutaskscheduler@GetTriggerCountFromRegisteredTask$qqr52System@%DelphiInterface$t24Taskschd@IRegisteredTask%
@Tutaskscheduler@GetTriggerFromRegisteredTask$qqr52System@%DelphiInterface$t24Taskschd@IRegisteredTask%i
@Tutaskscheduler@IsLastDayOfMonth$qqri
@Tutaskscheduler@TUScheduleTask@
@Tutaskscheduler@TUScheduleTask@$bctr$qqrv
@Tutaskscheduler@TUScheduleTask@$bdtr$qqrv
@Tutaskscheduler@TUScheduleTask@AddBootTrigger$qqrv
@Tutaskscheduler@TUScheduleTask@AddDailyTrigger$qqriiii
@Tutaskscheduler@TUScheduleTask@AddIdleTrigger$qqri
@Tutaskscheduler@TUScheduleTask@AddLogonTrigger$qqrv
@Tutaskscheduler@TUScheduleTask@AddWeeklyTrigger$qqriius
@Tutaskscheduler@TUScheduleTask@ClearTriggerList$qqrv
@Tutaskscheduler@TUScheduleTask@CreateAtLogOnTaskTrigger$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%
@Tutaskscheduler@TUScheduleTask@CreateAtLogOnTaskTriggerXP$qqr32System@%DelphiInterface$t5ITask%
@Tutaskscheduler@TUScheduleTask@CreateBootTaskTrigger$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%
@Tutaskscheduler@TUScheduleTask@CreateDailyTaskTrigger$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%16System@TDateTimeii
@Tutaskscheduler@TUScheduleTask@CreateDailyTaskTriggerXP$qqr32System@%DelphiInterface$t5ITask%16System@TDateTimeii
@Tutaskscheduler@TUScheduleTask@CreateIdleTaskTrigger$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%i
@Tutaskscheduler@TUScheduleTask@CreateIdleTaskTriggerXP$qqr32System@%DelphiInterface$t5ITask%i
@Tutaskscheduler@TUScheduleTask@CreateTask$qqrx17System@WideStringt1t1t1ooo
@Tutaskscheduler@TUScheduleTask@CreateTriggers$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%
@Tutaskscheduler@TUScheduleTask@CreateTriggersXP$qqr32System@%DelphiInterface$t5ITask%
@Tutaskscheduler@TUScheduleTask@CreateWeeklyTaskTrigger$qqr52System@%DelphiInterface$t24Taskschd@ITaskDefinition%16System@TDateTimeus
@Tutaskscheduler@TUScheduleTask@CreateWeeklyTaskTriggerXP$qqr32System@%DelphiInterface$t5ITask%16System@TDateTimeus
@Tutaskscheduler@TUScheduleTask@DeleteTask$qqrx17System@WideString
@Tutaskscheduler@TUScheduleTask@DeleteTaskByName$qqrx17System@WideStringo
@Tutaskscheduler@TUScheduleTask@GetAdministratorsGroup$qqrv
@Tutaskscheduler@TUScheduleTask@GetTaskName$qqrx17System@WideString
@Tutaskscheduler@TUScheduleTask@GetTaskPath$qqrx17System@WideString
@Tutaskscheduler@TUScheduleTask@GetTriggerCount$qqrx17System@WideString
@Tutaskscheduler@TUScheduleTask@GetWeeklyTriggerVal$qqrx17System@WideStringrit2t2ro
@Tutaskscheduler@TUScheduleTask@Init$qqrv
@Tutaskscheduler@TUScheduleTask@IsTaskInstalled$qqrx17System@WideString
@Tutaskscheduler@TUScheduleTask@SaveTask$qqr32System@%DelphiInterface$t5ITask%
@Tutaskscheduler@TUScheduleTask@UpdateWeeklyTriggerVal$qqrx17System@WideStringiiio
@Tutaskscheduler@TUTriggerItem@
@Tutaskscheduler@TUTriggerItemList@
@Tutaskscheduler@TUTriggerItemList@Add$qqri16System@TDateTimeiii
@Tutaskscheduler@TUTriggerItemList@Clear$qqrv
@Tutaskscheduler@TUTriggerItemList@Get$qqrxi
@Tutaskscheduler@TUTriggerItemList@Put$qqrxipx29Tutaskscheduler@TUTriggerItem
@Tutaskscheduler@initialization$qqrv
@Ufrmeula@EulaAccepted$qqr20System@UnicodeString
@Ufrmeula@Finalization$qqrv
@Ufrmeula@GetTuneUpUtilitiesAppName$qqrv
@Ufrmeula@IsEULAAccepted$qqrv
@Ufrmeula@ShowEulaForm$qqroo
@Ufrmeula@TfrmEula@
@Ufrmeula@TfrmEula@FormCreate$qqrp14System@TObject
@Ufrmeula@TfrmEula@FormDestroy$qqrp14System@TObject
@Ufrmeula@TfrmEula@IsLanguageInstalled$qqr20System@UnicodeString
@Ufrmeula@TfrmEula@OnFormShow$qqrp14System@TObject
@Ufrmeula@TfrmEula@OnLanguageChange$qqrp14System@TObject
@Ufrmeula@TfrmEula@ReadInstalledLanguages$qqrv
@Ufrmeula@TfrmEula@ReloadText$qqrv
@Ufrmeula@TfrmEula@SetFoundLanguage$qqr20System@UnicodeStringo
@Ufrmeula@TfrmEula@btnAcceptClick$qqrp14System@TObject
@Ufrmeula@TfrmEula@btnBackClick$qqrp14System@TObject
@Ufrmeula@TfrmEula@btnDenyClick$qqrp14System@TObject
@Ufrmeula@frmEula
@Ufrmeula@initialization$qqrv
@Ufrmeulareject@Finalization$qqrv
@Ufrmeulareject@TufrmEulaReject@
@Ufrmeulareject@TufrmEulaReject@FormCreate$qqrp14System@TObject
@Ufrmeulareject@TufrmEulaReject@OnAccept$qqrp14System@TObject
@Ufrmeulareject@TufrmEulaReject@OnReject$qqrp14System@TObject
@Ufrmeulareject@initialization$qqrv
@Ufrmnagscreen@Finalization$qqrv
@Ufrmnagscreen@ShowNagscreen$qqrp24Tunagscreen@TTUNagScreen
@Ufrmnagscreen@TfrmNag@
@Ufrmnagscreen@TfrmNag@CommandTimerTimer$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@ContentRefreshTimerTimer$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@FormActivate$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@FormCloseQuery$qqrp14System@TObjectro
@Ufrmnagscreen@TfrmNag@FormCreate$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@FormHide$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@FormShow$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@HandleCommand$qqr20System@UnicodeString
@Ufrmnagscreen@TfrmNag@ReadGUIValuesFromNagScreen$qqrv
@Ufrmnagscreen@TfrmNag@RebuildHTML$qqrv
@Ufrmnagscreen@TfrmNag@RestoreState$qqrv
@Ufrmnagscreen@TfrmNag@SaveState$qqrv
@Ufrmnagscreen@TfrmNag@SetNagScreen$qqrp24Tunagscreen@TTUNagScreen
@Ufrmnagscreen@TfrmNag@Timer1Timer$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@btnClick$qqrp14System@TObject
@Ufrmnagscreen@TfrmNag@htmNagHotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Ufrmnagscreen@TfrmNag@htmNagImageRequest$qqrp14System@TObjectx20System@UnicodeStringrp21Classes@TMemoryStream
@Ufrmnagscreen@TfrmNag@htmNagObjectClick$qqrp14System@TObjectt1x20System@UnicodeString
@Ufrmnagscreen@TfrmNag@tmrBringWndToFrontTimer$qqrp14System@TObject
@Ufrmnagscreen@_rsErrorInvalidAppMode
@Ufrmnagscreen@frmNag
@Ufrmnagscreen@initialization$qqrv
@Ufrmpasswordlogin@AskForPasswordIfSet$qqro
@Ufrmpasswordlogin@Finalization$qqrv
@Ufrmpasswordlogin@TfrmPasswordLogin@
@Ufrmpasswordlogin@TfrmPasswordLogin@FormCreate$qqrp14System@TObject
@Ufrmpasswordlogin@TfrmPasswordLogin@btnCancelClick$qqrp14System@TObject
@Ufrmpasswordlogin@TfrmPasswordLogin@btnOKClick$qqrp14System@TObject
@Ufrmpasswordlogin@frmPasswordLogin
@Ufrmpasswordlogin@initialization$qqrv
@Ufrmregcode@Finalization$qqrv
@Ufrmregcode@TfrmRegCode@
@Ufrmregcode@TfrmRegCode@FormCreate$qqrp14System@TObject
@Ufrmregcode@TfrmRegCode@btnCancelClick$qqrp14System@TObject
@Ufrmregcode@TfrmRegCode@btnOkClick$qqrp14System@TObject
@Ufrmregcode@TfrmRegCode@htmlBuyOnlineHotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Ufrmregcode@frmRegCode
@Ufrmregcode@initialization$qqrv
@Ufrmupdateavailable@Finalization$qqrv
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@FormCreate$qqrp14System@TObject
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@FormKeyUp$qqrp14System@TObjectrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@ShowUpdateAvailableReminder$qqrp18Classes@TComponenti
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@cmdInstallUpdateClick$qqrp14System@TObject
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@cmdInstallUpdateEnter$qqrp14System@TObject
@Ufrmupdateavailable@TfrmUpdateAvailableReminder@cmdRemindLaterClick$qqrp14System@TObject
@Ufrmupdateavailable@_STR_ReminderInfo
@Ufrmupdateavailable@frmUpdateAvailableReminder
@Ufrmupdateavailable@initialization$qqrv
@Upassword@CalcPasswordHash$qqr20System@UnicodeString
@Upassword@Finalization$qqrv

Sections

TEXTiCLE
Size: 123KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Crack/CommonForms.bpl
.dll windows:5 windows x86 arch:x86

21d57a6c987e5e47232f24badf29006e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rtl120.bpl

@System@initialization$qqrv

user32

ReleaseDC

gdi32

GetDeviceCaps

ole32

CoUninitialize

vcl120.bpl

@Graphics@initialization$qqrv

maincontrols.bpl

@Turegistry@initialization$qqrv

tubase.bpl

@Tuneupwow64@initialization$qqrv

smallunits.bpl

@Smallmozillastuff@initialization$qqrv

tucompression.bpl

@Zipforge@initialization$qqrv

tutransl.bpl

@Gnugettext@initialization$qqrv

tubasic.bpl

@Madtools@initialization$qqrv

schedagent_2007.bpl

@Satask@initialization$qqrv

dec.bpl

@Crc@initialization$qqrv

ntrtl60.bpl

@Netapi32@initialization$qqrv

gr32_d6.bpl

@Tuuconst@_TUUAppTitle_SystemHealth

html.bpl

@Htmlun2@initialization$qqrv

vclimg120.bpl

@Pngimage@initialization$qqrv

xmlcomponents.bpl

@Libxmlparser@initialization$qqrv

regexp.bpl

@Regexpr@initialization$qqrv

appinitialization.bpl

@Upassword@CalcPasswordHash$qqr20System@UnicodeString

viscontrols.bpl

@Tuheadinglabel@TTUHeadingLabel@

dxgdiplusd12.bpl

@Dxgdiplusclasses@initialization$qqrv

programrating.bpl

@Winlanguageids@initialization$qqrv

sysinfo.bpl

@$xp$21Tuusvc@ITUUSvcReports

syscontrols.bpl

@Ntsysunit@TBootINIOSLine@SwitchExists$qqr20System@UnicodeString

tuicoengineerdirtree.bpl

@Uicons@initialization$qqrv

tushell.bpl

@Madshell@initialization$qqrv

ehs_d6.bpl

@Ehshelprouter@initialization$qqrv

vclx120.bpl

@Checklst@initialization$qqrv

xmlrtl120.bpl

@Xmldoc@initialization$qqrv

Exports

Exports

@$xp$21Aboutform@TfrmAboutTU
@$xp$22Tureport@TTUReportData
@$xp$22Tureport@TTUReportMode
@$xp$22Tureport@TTUStorageKey
@$xp$23Tureportsql@TTUReportDB
@$xp$24Screenfader@TScreenFader
@$xp$24Tureport@TTUReportModule
@$xp$24Tureport@TTUReportStyler
@$xp$26Tureport@TTUReportOneClick
@$xp$26Tureport@TTUReportShredder
@$xp$26Tureport@TTUReportUndelete
@$xp$28Tureport@TTUReportDiskDoctor
@$xp$28Tureport@TTUReportIntegrator
@$xp$29Tureport@TTUReportDriveDefrag
@$xp$29Ufrmsetpasswords@TfrmPassword
@$xp$30Screenfader@TScreenFaderThread
@$xp$30Tureport@TTUReportRepairWizard
@$xp$30Tureport@TTUReportReportCenter
@$xp$30Tureport@TTUReportRescueCenter
@$xp$30Tureport@TTUReportUpdateWizard
@$xp$31Tureport@TTUReportGainDiskSpace
@$xp$31Tureport@TTUReportSystemControl
@$xp$32Screenfader@TfrmFadeScreenToGrey
@$xp$32Tureport@TTUReportProcessManager
@$xp$32Tureport@TTUReportProgramManager
@$xp$32Tureport@TTUReportRegistryDefrag
@$xp$32Tureport@TTUReportRegistryEditor
@$xp$32Tureport@TTUReportStartupManager
@$xp$33Mainsettingsform@TfrmMainSettings
@$xp$33Tureport@TTUReportRegistryCleaner
@$xp$33Tureport@TTUReportShortcutCleaner
@$xp$34Tureport@TTUReportStartupOptimizer
@$xp$34Tureport@TTUReportUninstallManager
@$xp$35Tureport@TTUReportDiskSpaceExplorer
@$xp$35Tureport@TTUReportPerformanceAdvise
@$xp$35Tureport@TTUReportSystemInformation
@$xp$36Mainsettingsform@Mainsettingsform__2
@$xp$36Mainsettingsform@Mainsettingsform__3
@$xp$37Ufrmdeinstallation@TfrmDeinstallation
@$xp$38Ufrmdeinstallation@TReactivationThread
@$xp$41Ufrmbootscreenchange@TfrmBootScreenChange
@$xp$43Ufrmbootscreenrestore@TfrmBootScreenRestore
@$xp$43Ufrmchangeocmsettings@TfrmChangeOCMSettings
@Aboutform@CreditLib
@Aboutform@Finalization$qqrv
@Aboutform@RefreshRegDatas$qqrv
@Aboutform@ShowAboutForm$qqrx20System@UnicodeString
@Aboutform@TfrmAboutTU@
@Aboutform@TfrmAboutTU@FormShow$qqrp14System@TObject
@Aboutform@TfrmAboutTU@OnMouseUp$qqrp14System@TObject21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Aboutform@TfrmAboutTU@btnOKClick$qqrp14System@TObject
@Aboutform@TfrmAboutTU@btnOrderClick$qqrp14System@TObject
@Aboutform@TfrmAboutTU@btnRegCodeClick$qqrp14System@TObject
@Aboutform@TfrmAboutTU@htmCreditsHotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Aboutform@frmAboutTU
@Aboutform@initialization$qqrv
@Bootscreenrestore@Finalization$qqrv
@Bootscreenrestore@ShowBootScreenChangeDialog$qqrv
@Bootscreenrestore@ShowBootScreenRestoreDialog$qqrv
@Bootscreenrestore@initialization$qqrv
@Commonforms@@GetPackageInfoTable$qqrv
@Commonforms@@PackageLoad$qqrv
@Commonforms@@PackageUnload$qqrv
@Commonforms@initialization$qqrv
@GetPackageInfoTable
@Mainsettingsform@Finalization$qqrv
@Mainsettingsform@ILSysSmall
@Mainsettingsform@REGVALUES_TUAPPS
@Mainsettingsform@REGVALUES_TUAPPS_EXE
@Mainsettingsform@ShowMainSettingsForm$qqroooo20System@UnicodeString
@Mainsettingsform@TfrmMainSettings@
@Mainsettingsform@TfrmMainSettings@FormCreate$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@FormKeyDown$qqrp14System@TObjectrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%
@Mainsettingsform@TfrmMainSettings@GetTabSheetFromName$qqrx20System@UnicodeString
@Mainsettingsform@TfrmMainSettings@OnFormHelp$qqrusiro
@Mainsettingsform@TfrmMainSettings@OnMessagesSymbolClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@ShowPassProtectionStatus$qqrv
@Mainsettingsform@TfrmMainSettings@btnCheckForUpdatesClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@btnOKClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@btnSetPasswordClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@chkDseOnFileContextMenuClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@chkShredderOnFileContextMenuClick$qqrp14System@TObject
@Mainsettingsform@TfrmMainSettings@lvRCProtectionCompare$qqrp14System@TObjectp18Comctrls@TListItemt2iri
@Mainsettingsform@TfrmMainSettings@tsRescueCenterShow$qqrp14System@TObject
@Mainsettingsform@_TUUAppAlias_PerformAdvisor
@Mainsettingsform@_rsAfter1Day
@Mainsettingsform@_rsAfter1Month
@Mainsettingsform@_rsAfter1Week
@Mainsettingsform@_rsAfterXDays
@Mainsettingsform@_rsAfterXMonths
@Mainsettingsform@_rsAfterXWeeks
@Mainsettingsform@_rsNever
@Mainsettingsform@_rsOneClickMaintenanceDesc
@Mainsettingsform@_rsRCListTopic
@Mainsettingsform@_rsRemindAfterXDays
@Mainsettingsform@_rsTUtilitiesIconCaption
@Mainsettingsform@_rsTUtilitiesIconDesc
@Mainsettingsform@frmMainSettings
@Mainsettingsform@initialization$qqrv
@Mainsettingsform@sIconOnDesktopPath
@Mainsettingsform@sOCMOnDesktopPath
@Screenfader@Finalization$qqrv
@Screenfader@TScreenFader@
@Screenfader@TScreenFader@$bctr$qqrv
@Screenfader@TScreenFader@$bdtr$qqrv
@Screenfader@TScreenFader@GetFadeWindowHandle$qqrv
@Screenfader@TScreenFader@Start$qqrv
@Screenfader@TScreenFader@Stop$qqrv
@Screenfader@TScreenFaderThread@
@Screenfader@TScreenFaderThread@Execute$qqrv
@Screenfader@TfrmFadeScreenToGrey@
@Screenfader@TfrmFadeScreenToGrey@ColorToGrayscaleEx$qqrp14Gr32@TBitmap32t1
@Screenfader@TfrmFadeScreenToGrey@Finalize$qqrv
@Screenfader@TfrmFadeScreenToGrey@FormCloseQuery$qqrp14System@TObjectro
@Screenfader@TfrmFadeScreenToGrey@FormCreate$qqrp14System@TObject
@Screenfader@TfrmFadeScreenToGrey@FormDestroy$qqrp14System@TObject
@Screenfader@TfrmFadeScreenToGrey@FormPaint$qqrp14System@TObject
@Screenfader@TfrmFadeScreenToGrey@Init$qqruc
@Screenfader@TfrmFadeScreenToGrey@ProcessNextFrame$qqrv
@Screenfader@initialization$qqrv
@Tureport@Finalization$qqrv
@Tureport@TTUReportData@
@Tureport@TTUReportData@$bctr$qqrv
@Tureport@TTUReportData@$bdtr$qqrv
@Tureport@TTUReportData@GetActive$qqrv
@Tureport@TTUReportData@GetCrypted$qqrv
@Tureport@TTUReportData@GetStorageDayKeys$qqrv
@Tureport@TTUReportData@GetStorageKey$qqr22Tureport@TTUStorageKey
@Tureport@TTUReportData@IsActive$qqrv
@Tureport@TTUReportData@LastAction$qqrv
@Tureport@TTUReportData@Report$qqr22Tureport@TTUReportMode
@Tureport@TTUReportData@SetActive$qqrxo
@Tureport@TTUReportData@SetCrypted$qqrxo
@Tureport@TTUReportData@SetStorageKey$qqr22Tureport@TTUStorageKey
@Tureport@TTUReportDiskDoctor@
@Tureport@TTUReportDiskDoctor@GetScanCount$qqrv
@Tureport@TTUReportDiskDoctor@MainRegKey$qqrv
@Tureport@TTUReportDiskDoctor@SetScanCount$qqrxi
@Tureport@TTUReportDiskSpaceExplorer@
@Tureport@TTUReportDiskSpaceExplorer@GetDeletedSpace$qqrv
@Tureport@TTUReportDiskSpaceExplorer@MainRegKey$qqrv
@Tureport@TTUReportDiskSpaceExplorer@SetDeletedSpace$qqrxd
@Tureport@TTUReportDriveDefrag@
@Tureport@TTUReportDriveDefrag@GetFragmentation$qqrb
@Tureport@TTUReportDriveDefrag@MainRegKey$qqrv
@Tureport@TTUReportDriveDefrag@SetFragmentation$qqrbxd
@Tureport@TTUReportGainDiskSpace@
@Tureport@TTUReportGainDiskSpace@GetDeletedFiles$qqrv
@Tureport@TTUReportGainDiskSpace@GetGainedDiskSpace$qqrv
@Tureport@TTUReportGainDiskSpace@MainRegKey$qqrv
@Tureport@TTUReportGainDiskSpace@SetDeletedFiles$qqrxi
@Tureport@TTUReportGainDiskSpace@SetGainedDiskSpace$qqrxd
@Tureport@TTUReportIntegrator@
@Tureport@TTUReportIntegrator@GetAvoidedPeaks$qqrv
@Tureport@TTUReportIntegrator@GetSolvedProblems$qqrv
@Tureport@TTUReportIntegrator@GetTurboModeUsage$qqrv
@Tureport@TTUReportIntegrator@MainRegKey$qqrv
@Tureport@TTUReportIntegrator@SetAvoidedPeaks$qqrxui
@Tureport@TTUReportIntegrator@SetSolvedProblems$qqrxui
@Tureport@TTUReportIntegrator@SetTurboModeUsage$qqrxui
@Tureport@TTUReportModule@
@Tureport@TTUReportModule@$bctr$qqrp22Tureport@TTUReportDatao
@Tureport@TTUReportModule@$bdtr$qqrv
@Tureport@TTUReportModule@Finish$qqrv
@Tureport@TTUReportModule@GetFieldText$qqr22Tureport@TTUStorageKeyx20System@UnicodeStringt2rp19Classes@TStringList
@Tureport@TTUReportModule@GetFirstStart$qqrv
@Tureport@TTUReportModule@GetLastAction$qqrv
@Tureport@TTUReportModule@GetLastRunTime$qqrv
@Tureport@TTUReportModule@GetLastStart$qqrv
@Tureport@TTUReportModule@GetRunCount$qqrv
@Tureport@TTUReportModule@GetRunTime$qqrv
@Tureport@TTUReportModule@Init$qqrv
@Tureport@TTUReportModule@ReadDateTime$qqrx20System@UnicodeString22Tureport@TTUStorageKey16System@TDateTime
@Tureport@TTUReportModule@ReadDouble$qqrx20System@UnicodeStringt1o22Tureport@TTUStorageKeyd
@Tureport@TTUReportModule@ReadInteger$qqrx20System@UnicodeString22Tureport@TTUStorageKeyui
@Tureport@TTUReportModule@ReadString$qqrx20System@UnicodeString22Tureport@TTUStorageKeyt1
@Tureport@TTUReportModule@Report$qqr22Tureport@TTUReportMode
@Tureport@TTUReportModule@SetFieldText$qqr22Tureport@TTUStorageKeyx20System@UnicodeStringt2t2
@Tureport@TTUReportModule@SetFirstStart$qqrx16System@TDateTime
@Tureport@TTUReportModule@SetLastAction$qqrx16System@TDateTime
@Tureport@TTUReportModule@SetLastRunTime$qqrxd
@Tureport@TTUReportModule@SetLastStart$qqrx16System@TDateTime
@Tureport@TTUReportModule@SetRunCount$qqrxui
@Tureport@TTUReportModule@SetRunTime$qqrxd
@Tureport@TTUReportModule@WriteDateTime$qqrx20System@UnicodeStringx16System@TDateTime22Tureport@TTUStorageKey
@Tureport@TTUReportModule@WriteDouble$qqrx20System@UnicodeStringxdxd22Tureport@TTUStorageKey
@Tureport@TTUReportModule@WriteInteger$qqrx20System@UnicodeStringxuixui22Tureport@TTUStorageKey
@Tureport@TTUReportModule@WriteSection$qqrx20System@UnicodeStringt1xdxd22Tureport@TTUStorageKey
@Tureport@TTUReportModule@WriteString$qqrx20System@UnicodeStringt122Tureport@TTUStorageKey
@Tureport@TTUReportOneClick@
@Tureport@TTUReportOneClick@MainRegKey$qqrv
@Tureport@TTUReportPerformanceAdvise@
@Tureport@TTUReportPerformanceAdvise@GetOptimizedInternet$qqrv
@Tureport@TTUReportPerformanceAdvise@GetOptimizedSystem$qqrv
@Tureport@TTUReportPerformanceAdvise@GetOptimizedVisuals$qqrv
@Tureport@TTUReportPerformanceAdvise@MainRegKey$qqrv
@Tureport@TTUReportPerformanceAdvise@SetOptimizedInternet$qqrxui
@Tureport@TTUReportPerformanceAdvise@SetOptimizedSystem$qqrxui
@Tureport@TTUReportPerformanceAdvise@SetOptimizedVisuals$qqrxui
@Tureport@TTUReportProcessManager@
@Tureport@TTUReportProcessManager@MainRegKey$qqrv
@Tureport@TTUReportProgramManager@
@Tureport@TTUReportProgramManager@GetDisabledItems$qqrv
@Tureport@TTUReportProgramManager@MainRegKey$qqrv
@Tureport@TTUReportProgramManager@SetDisabledItems$qqrxui
@Tureport@TTUReportRegistryCleaner@
@Tureport@TTUReportRegistryCleaner@GetCleanedProblems$qqrv
@Tureport@TTUReportRegistryCleaner@MainRegKey$qqrv
@Tureport@TTUReportRegistryCleaner@SetCleanedProblems$qqrxui
@Tureport@TTUReportRegistryDefrag@
@Tureport@TTUReportRegistryDefrag@GetFragmentGained$qqrv
@Tureport@TTUReportRegistryDefrag@GetRegistrySpace$qqrv
@Tureport@TTUReportRegistryDefrag@MainRegKey$qqrv
@Tureport@TTUReportRegistryDefrag@SetFragmentGained$qqrxd
@Tureport@TTUReportRegistryDefrag@SetRegistrySpace$qqrxd
@Tureport@TTUReportRegistryEditor@
@Tureport@TTUReportRegistryEditor@MainRegKey$qqrv
@Tureport@TTUReportRepairWizard@
@Tureport@TTUReportRepairWizard@GetRepairedProblems$qqrv
@Tureport@TTUReportRepairWizard@MainRegKey$qqrv
@Tureport@TTUReportRepairWizard@SetRepairedProblems$qqrxui
@Tureport@TTUReportReportCenter@
@Tureport@TTUReportReportCenter@MainRegKey$qqrv
@Tureport@TTUReportRescueCenter@
@Tureport@TTUReportRescueCenter@MainRegKey$qqrv
@Tureport@TTUReportShortcutCleaner@
@Tureport@TTUReportShortcutCleaner@GetShortcutSpace$qqrv
@Tureport@TTUReportShortcutCleaner@GetShortcutWiped$qqrv
@Tureport@TTUReportShortcutCleaner@MainRegKey$qqrv
@Tureport@TTUReportShortcutCleaner@SetShortcutSpace$qqrxd
@Tureport@TTUReportShortcutCleaner@SetShortcutWiped$qqrxui
@Tureport@TTUReportShredder@
@Tureport@TTUReportShredder@GetWipedSpace$qqrv
@Tureport@TTUReportShredder@MainRegKey$qqrv
@Tureport@TTUReportShredder@SetWipedSpace$qqrxd
@Tureport@TTUReportStartupManager@
@Tureport@TTUReportStartupManager@GetStartupItems$qqrv
@Tureport@TTUReportStartupManager@MainRegKey$qqrv
@Tureport@TTUReportStartupManager@SetStartupItems$qqrxui
@Tureport@TTUReportStartupOptimizer@
@Tureport@TTUReportStartupOptimizer@GetOptimizedStartup$qqrv
@Tureport@TTUReportStartupOptimizer@MainRegKey$qqrv
@Tureport@TTUReportStartupOptimizer@SetOptimizedStartup$qqrxui
@Tureport@TTUReportStyler@
@Tureport@TTUReportStyler@GetStylerIcons$qqrv
@Tureport@TTUReportStyler@GetStylerInterface$qqrv
@Tureport@TTUReportStyler@GetStylerSystem$qqrv
@Tureport@TTUReportStyler@MainRegKey$qqrv
@Tureport@TTUReportStyler@SetStylerIcons$qqrxui
@Tureport@TTUReportStyler@SetStylerInterface$qqrxui
@Tureport@TTUReportStyler@SetStylerSystem$qqrxui
@Tureport@TTUReportSystemControl@
@Tureport@TTUReportSystemControl@GetAdministration$qqrv
@Tureport@TTUReportSystemControl@GetCommunication$qqrv
@Tureport@TTUReportSystemControl@GetControlDisplay$qqrv
@Tureport@TTUReportSystemControl@GetControlHandling$qqrv
@Tureport@TTUReportSystemControl@MainRegKey$qqrv
@Tureport@TTUReportSystemControl@SetAdministration$qqrxui
@Tureport@TTUReportSystemControl@SetCommunication$qqrxui
@Tureport@TTUReportSystemControl@SetControlDisplay$qqrxui
@Tureport@TTUReportSystemControl@SetControlHandling$qqrxui
@Tureport@TTUReportSystemInformation@
@Tureport@TTUReportSystemInformation@MainRegKey$qqrv
@Tureport@TTUReportUndelete@
@Tureport@TTUReportUndelete@GetRescuedFiles$qqrv
@Tureport@TTUReportUndelete@MainRegKey$qqrv
@Tureport@TTUReportUndelete@SetRescuedFiles$qqrxui
@Tureport@TTUReportUninstallManager@
@Tureport@TTUReportUninstallManager@GetUninstallSpace$qqrv
@Tureport@TTUReportUninstallManager@GetUninstallations$qqrv
@Tureport@TTUReportUninstallManager@MainRegKey$qqrv
@Tureport@TTUReportUninstallManager@SetUninstallSpace$qqrxd
@Tureport@TTUReportUninstallManager@SetUninstallations$qqrxui
@Tureport@TTUReportUpdateWizard@
@Tureport@TTUReportUpdateWizard@GetLastUpdateCheck$qqrv
@Tureport@TTUReportUpdateWizard@MainRegKey$qqrv
@Tureport@TTUReportUpdateWizard@SetLastUpdateCheck$qqrx16System@TDateTime
@Tureport@TUReportData
@Tureport@initialization$qqrv
@Tureportsql@Finalization$qqrv
@Tureportsql@TTUReportDB@
@Tureportsql@TTUReportDB@$bctr$qqrv
@Tureportsql@TTUReportDB@$bdtr$qqrv
@Tureportsql@TTUReportDB@GetLastAction$qqrri
@Tureportsql@TTUReportDB@GetLastRefresh$qqrr16System@TDateTime
@Tureportsql@TTUReportDB@GetProgramKey$qqrx20System@UnicodeStringri
@Tureportsql@TTUReportDB@GetRefreshInterval$qqrri
@Tureportsql@TTUReportDB@GetReportData$qqrx20System@UnicodeStringt1t1t1rp19Classes@TStringList
@Tureportsql@TTUReportDB@GetReportRange$qqrrp19Classes@TStringList
@Tureportsql@TTUReportDB@GetTuneUpSQLDB$qqrv
@Tureportsql@TTUReportDB@InitDB$qqri
@Tureportsql@TTUReportDB@SetLastRefresh$qqr16System@TDateTime
@Tureportsql@TTUReportDB@SetRefreshInterval$qqri
@Tureportsql@TTUReportDB@SetReportData$qqrx20System@UnicodeStringt1t1t1t1
@Tureportsql@initialization$qqrv
@Ufrmbootscreenchange@Finalization$qqrv
@Ufrmbootscreenchange@TfrmBootScreenChange@
@Ufrmbootscreenchange@TfrmBootScreenChange@FormCreate$qqrp14System@TObject
@Ufrmbootscreenchange@TfrmBootScreenChange@TUHTMLViewer1HotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Ufrmbootscreenchange@frmBootScreenChange
@Ufrmbootscreenchange@initialization$qqrv
@Ufrmbootscreenrestore@Finalization$qqrv
@Ufrmbootscreenrestore@TfrmBootScreenRestore@
@Ufrmbootscreenrestore@TfrmBootScreenRestore@FormCreate$qqrp14System@TObject
@Ufrmbootscreenrestore@TfrmBootScreenRestore@TUHTMLViewer1HotSpotClick$qqrp14System@TObjectx20System@UnicodeStringro
@Ufrmbootscreenrestore@TfrmBootScreenRestore@btnApplyClick$qqrp14System@TObject
@Ufrmbootscreenrestore@TfrmBootScreenRestore@btnCancelClick$qqrp14System@TObject
@Ufrmbootscreenrestore@frmBootScreenRestore
@Ufrmbootscreenrestore@initialization$qqrv
@Ufrmchangeocmsettings@Finalization$qqrv
@Ufrmchangeocmsettings@TfrmChangeOCMSettings@
@Ufrmchangeocmsettings@TfrmChangeOCMSettings@FormCreate$qqrp14System@TObject
@Ufrmchangeocmsettings@TfrmChangeOCMSettings@btnOkClick$qqrp14System@TObject
@Ufrmchangeocmsettings@TfrmChangeOCMSettings@chkQCShowReportClick$qqrp14System@TObject
@Ufrmchangeocmsettings@frmChangeOCMSettings
@Ufrmchangeocmsettings@initialization$qqrv
@Ufrmdeinstallation@Finalization$qqrv
@Ufrmdeinstallation@TReactivationThread@
@Ufrmdeinstallation@TReactivationThread@Execute$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@
@Ufrmdeinstallation@TfrmDeinstallation@CreateProgramManagerInterface$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@ExecuteInstallAndStartService$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@FormDestroy$qqrp14System@TObject
@Ufrmdeinstallation@TfrmDeinstallation@FormShow$qqrp14System@TObject
@Ufrmdeinstallation@TfrmDeinstallation@GetPathToServiceExe$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@Init$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@InitDeactivatorPage$qqro
@Ufrmdeinstallation@TfrmDeinstallation@InitGainDiskSpacePage$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@InitLiveOptPage$qqrv
@Ufrmdeinstallation@TfrmDeinstallation@InitMaintenancePage$qqro
@Ufrmdeinstallation@TfrmDeinstallation@InitTurboModePage$qqro
@Ufrmdeinstallation@TfrmDeinstallation@OnButtonNext$qqrp14System@TObject
@Ufrmdeinstallation@TfrmDeinstallation@WMUserReactivateFinish$qqrr17Messages@TMessage
@Ufrmdeinstallation@frmDeinstallation
@Ufrmdeinstallation@initialization$qqrv
@Ufrmsetpasswords@Finalization$qqrv
@Ufrmsetpasswords@TfrmPassword@
@Ufrmsetpasswords@TfrmPassword@FormCreate$qqrp14System@TObject
@Ufrmsetpasswords@TfrmPassword@btnCancelClick$qqrp14System@TObject
@Ufrmsetpasswords@TfrmPassword@btnOKClick$qqrp14System@TObject
@Ufrmsetpasswords@TfrmPassword@chkPasswordProtectionClick$qqrp14System@TObject
@Ufrmsetpasswords@frmPassword
@Ufrmsetpasswords@initialization$qqrv
Finalize
Initialize

Sections

TEXTiCLE
Size: 37KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Crack/Registration.reg
Crack/tulic.dll
.dll windows:5 windows x86 arch:x86

71d3a87033a791a440d32285db6700e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

Sections

TEXTiCLE
Size: 147KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TuneUpUtilities2011_en-US.exe
.exe windows:5 windows x86 arch:x86

49a8350366df7e2297a5da869317c8d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build1\TUU2011_Update1\Setup\TUStub\Release\TUStub.pdb

Imports

msi

ord113
ord88
ord92
ord141
ord169
ord16
ord8
ord70
ord118
ord160
ord159
ord32

comctl32

ImageList_Add
InitCommonControlsEx
ImageList_Create
ord17

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

GetExitCodeProcess
AttachConsole
FreeConsole
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
GetLocaleInfoW
GetProcAddress
GetModuleHandleW
GetVersionExW
lstrlenW
GetSystemDefaultLCID
GetUserDefaultLCID
lstrcpyW
lstrcatW
GetPrivateProfileStringW
lstrcmpiW
ExpandEnvironmentStringsW
GetVersion
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
GetCommandLineW
LocalFree
GetCurrentProcess
GetUserDefaultUILanguage
EnumResourceNamesW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetLastError
LoadResource
SizeofResource
LockResource
WriteFile
DeleteFileW
GetStringTypeW
GetStringTypeA
LCMapStringA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CreateFileA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
Sleep
GetTickCount
UnmapViewOfFile
CloseHandle
VirtualQuery
MapViewOfFile
GetModuleHandleA
CreateFileMappingW
CreateFileW
SetStdHandle
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FindResourceExW
VirtualFree
DeleteCriticalSection
HeapSize
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
ExitProcess

user32

ExitWindowsEx
wsprintfW
FindWindowW
SendInput
CharLowerBuffW
GetSystemMetrics
DefWindowProcW
LoadIconW
LoadCursorW
IsWindow
DestroyWindow
CreateWindowExW
MessageBoxW
ScreenToClient
LoadStringW
DialogBoxParamW
EndDialog
IsDlgButtonChecked
SetFocus
UpdateWindow
InvalidateRect
GetDC
SetParent
ShowWindow
DrawTextW
GetWindowTextW
SendMessageW
GetWindowRect
GetClientRect
GetDlgItem
SetWindowTextW
LoadBitmapW
RegisterClassExW

gdi32

CreateFontW
GetDeviceCaps
Rectangle
SelectObject
CreatePen
CreateSolidBrush
GetStockObject
SetTextColor
SetBkMode

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
QueryServiceStatusEx
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
IIDFromString
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19.6MB - Virtual size: 19.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5400768665f7e01150d587e834cedaa1

Headers

File Characteristics

Imports

kernel32

rtl120.bpl

user32

advapi32

tulic

dec.bpl

oleaut32

ole32

maincontrols.bpl

vcl120.bpl

shell32

tubase.bpl

smallunits.bpl

tucompression.bpl

tutransl.bpl

tubasic.bpl

schedagent_2007.bpl

ntrtl60.bpl

html.bpl

gr32_d6.bpl

vclimg120.bpl

xmlcomponents.bpl

regexp.bpl

shfolder

programrating.bpl

viscontrols.bpl

sysinfo.bpl

tushredder.bpl

dxgdiplusd12.bpl

Exports

Exports

Sections

TEXTiCLE Size: 123KB - Virtual size: 356KB

.rsrc Size: 39KB - Virtual size: 40KB

.reloc Size: 512B - Virtual size: 512B

21d57a6c987e5e47232f24badf29006e

Headers

File Characteristics

Imports

kernel32

rtl120.bpl

user32

gdi32

ole32

vcl120.bpl

maincontrols.bpl

tubase.bpl

smallunits.bpl

tucompression.bpl

tutransl.bpl

tubasic.bpl

schedagent_2007.bpl

dec.bpl

ntrtl60.bpl

gr32_d6.bpl

html.bpl

vclimg120.bpl

xmlcomponents.bpl

regexp.bpl

appinitialization.bpl

viscontrols.bpl

dxgdiplusd12.bpl

programrating.bpl

sysinfo.bpl

syscontrols.bpl

tuicoengineerdirtree.bpl

tushell.bpl

ehs_d6.bpl

vclx120.bpl

xmlrtl120.bpl

Exports

TEXTiCLE
Size: 123KB - Virtual size: 356KB

.rsrc
Size: 39KB - Virtual size: 40KB

.reloc
Size: 512B - Virtual size: 512B

TEXTiCLE
Size: 37KB - Virtual size: 196KB

.rsrc
Size: 28KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 512B

TEXTiCLE
Size: 147KB - Virtual size: 480KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 19.6MB - Virtual size: 19.6MB

.reloc
Size: 61KB - Virtual size: 61KB