a3b238d2070534d891e30b20324d01f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3b238d2070534d891e30b20324d01f4_JaffaCakes118
Size

1.9MB
MD5

a3b238d2070534d891e30b20324d01f4
SHA1

3ae68138ecd6fc419e4ac31b191c5fe8c4ce81ed
SHA256

f48ee21c180f8aff6e3a72759043aca63e10985ed4f5e86c22e5b00f81ef73b9
SHA512

f1d4dd7675a9b0d18e94e9ef5a871bb5712adefecb4613261933a29b2893f5915786c739eca86956639e0ab7352e0ffacc53f55185fbd7a8703da9aa79e54910
SSDEEP

49152:+1hyIqV9AD/YWcgP8hzJBwqzrLAFM6fDNyCqZFPj7lcf:5V9mvP81JZrJ6bNydjj7ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/流量监控绿色版/监控端/sqlite3.dll
unpack001/流量监控绿色版/监控端/网络监控.exe
unpack001/流量监控绿色版/监控端/限速/Packet.dll
unpack001/流量监控绿色版/监控端/限速/WanPacket.dll
unpack001/流量监控绿色版/监控端/限速/XArpC.exe
unpack001/流量监控绿色版/监控端/限速/npf.sys
unpack001/流量监控绿色版/监控端/限速/npf_mgm.exe
unpack001/流量监控绿色版/监控端/限速/npptools.dll
unpack001/流量监控绿色版/监控端/限速/wpcap.dll
unpack001/流量监控绿色版/监控端/限速/限速.exe
unpack001/流量监控绿色版/被监控端/NetProvision.exe
unpack001/流量监控绿色版/被监控端/进程保护安装/AKPro.sys
unpack001/流量监控绿色版/被监控端/进程保护安装/InstDrv.exe

Files

a3b238d2070534d891e30b20324d01f4_JaffaCakes118
.rar
流量监控绿色版/安装使用说明.txt
流量监控绿色版/新云软件.url
.url
流量监控绿色版/监控端/sqlite3.dll
.dll windows:4 windows x86 arch:x86

2421991f15556334b0db0d0dec6811b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strcpy
strncmp
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 912B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/网络监控.exe
.exe windows:4 windows x86 arch:x86

034a60bb85fa4f6d21cea77b6fcc9c42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
UnmapViewOfFile
SuspendThread
Sleep
SizeofResource
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
Sleep
MulDiv
MulDiv

gdi32

WidenPath
UnrealizeObject
TextOutA
StrokePath
StrokeAndFillPath
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetArcDirection
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextCharacterExtra
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetOutlineTextMetricsA
GetObjectA
GetNearestColor
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
ExtTextOutA
ExtSelectClipRgn
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EndPath
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt
BeginPath
ArcTo
Arc

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoGetMalloc
CoUninitialize
CoInitialize
IsEqualGUID
CLSIDFromString

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_LoadImageA
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

Shell_NotifyIconA
ShellExecuteA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSAAsyncSelect
gethostname
gethostbyname
socket
sendto
recvfrom
ntohl
inet_ntoa
inet_addr
htons
htonl
closesocket
bind

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/Packet.dll
.dll windows:4 windows x86 arch:x86

a8045d201fdcff39736c580dad656cef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr

wanpacket

WanPacketGetStats
WanPacketSetBpfFilter
WanPacketTestAdapter
WanPacketSetReadTimeout
WanPacketSetMode
WanPacketSetMinToCopy
WanPacketReceivePacket
WanPacketCloseAdapter
WanPacketOpenAdapter
WanPacketGetReadEvent
WanPacketSetBufferSize

kernel32

GetStringTypeA
LCMapStringW
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
ReleaseMutex
WaitForSingleObject
WideCharToMultiByte
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateMutexW
GetStringTypeW
GetLastError
CreateEventW
DeviceIoControl
GetVersion
SetLastError
CreateFileW
SetEvent
ReadFile
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameW
LCMapStringA
FlushFileBuffers
MultiByteToWideChar
HeapFree
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement

user32

wsprintfW

advapi32

OpenServiceW
QueryServiceStatus
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ControlService

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/WanPacket.dll
.dll windows:4 windows x86 arch:x86

d1365884b82c502a6b807942e541ebcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

npptools

CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob
CreateBlob
DestroyBlob

kernel32

GetFileType
GlobalAlloc
GlobalFree
FreeLibrary
LoadLibraryA
GetSystemTimeAsFileTime
LeaveCriticalSection
SetEvent
EnterCriticalSection
GetVersionExA
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
OutputDebugStringA
WaitForSingleObject
ResetEvent
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

ole32

CoInitializeEx
CoInitialize
CoUninitialize

Exports

Exports

WanPacketCloseAdapter
WanPacketGetReadEvent
WanPacketGetStats
WanPacketOpenAdapter
WanPacketReceivePacket
WanPacketSetBpfFilter
WanPacketSetBufferSize
WanPacketSetMinToCopy
WanPacketSetMode
WanPacketSetReadTimeout
WanPacketTestAdapter

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/XArpC.exe
.exe windows:4 windows x86 arch:x86

1ae5f41737dd384a6de81241f2722f90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
InterlockedDecrement
lstrlenA
InterlockedIncrement
Sleep
GetSystemTimeAsFileTime
DebugBreak
OutputDebugStringA
SetFilePointer
CreateFileA
WriteFile
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetTempPathA
WaitForSingleObject
ResumeThread
CreateEventA
SuspendThread
SetEvent
WaitForMultipleObjectsEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
FlushFileBuffers
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
TlsGetValue
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
RaiseException
GetModuleHandleA
HeapReAlloc
HeapSize
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
InterlockedExchange

ws2_32

ntohs
inet_addr
htons
WSACleanup
WSAStartup
inet_ntoa
gethostbyaddr
ntohl
htonl
gethostbyname

iphlpapi

GetAdaptersInfo
SendARP

user32

CharLowerA
CharNextA
wvsprintfA
CharUpperA
LoadStringA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
流量监控绿色版/监控端/限速/npf.sys
.sys windows:5 windows x86 arch:x86

330366a156f1cd215a328f63c2b6208b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\i386\npf.pdb

Imports

ntoskrnl.exe

DbgPrint
KeQuerySystemTime
_allrem
_alldiv
KeWaitForSingleObject
KeInitializeEvent
_aullrem
_aulldiv
ZwSetInformationThread
KeSetEvent
InterlockedExchange
KeClearEvent
IoCreateNotificationEvent
InterlockedIncrement
ObfDereferenceObject
InterlockedExchangeAdd
KeInitializeSpinLock
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
InterlockedDecrement
_allmul
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlWriteRegistryValue
MmMapLockedPagesSpecifyCache
ExFreePool

hal

KfReleaseSpinLock
KeQueryPerformanceCounter
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock

ndis.sys

NdisCloseAdapter
NdisFreePacketPool
NdisSystemProcessorCount
NdisOpenAdapter
NdisResetEvent
NdisWaitEvent
NdisSetEvent
NdisDeregisterProtocol
NdisInitializeEvent
NdisAllocatePacketPool
NdisFreePacket
NdisAllocatePacket
NdisRegisterProtocol
NdisUnchainBufferAtFront

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/npf_mgm.exe
.exe windows:4 windows x86 arch:x86

cca90a57f8cbd4ba808e467ec181cfd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
FormatMessageA
LocalFree
FreeLibrary
GetLastError
Sleep
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle
SetStdHandle
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

ControlService
CreateServiceA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/npptools.dll
.dll windows:5 windows x86 arch:x86

e3595d46c70e1f27e38882f3f0c99f72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord823
ord825

msvcrt

_ltoa
strpbrk
_strnicmp
sprintf
_stricmp
strncpy
strncmp
memmove
__CxxFrameHandler
wcscmp
wcscpy
wcslen
setlocale
wcscat
wcschr
strrchr
free
malloc
_initterm
_adjust_fdiv
_except_handler3
__dllonexit
_onexit
sscanf

advapi32

RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegSetValueExA

kernel32

lstrlenA
MultiByteToWideChar
HeapSize
InitializeCriticalSection
InterlockedExchange
FreeLibrary
LeaveCriticalSection
GlobalSize
HeapReAlloc
CreateFileMappingW
GetWindowsDirectoryW
GetProcAddress
GetLastError
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
GetFileSize
EnterCriticalSection
GetCurrentProcessId
HeapFree
CreateMutexW
HeapAlloc
GetProcessHeap
ReleaseMutex
WaitForSingleObject
CreateFileA
CloseHandle
WriteFile
MapViewOfFile

ole32

CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SystemTimeToVariantTime
SysFreeString

user32

GetDlgItem
wsprintfW
GetWindowLongW
LoadStringW
wsprintfA
EndDialog
GetFocus
GetWindowRect
LoadStringA
SendMessageW
SetWindowLongW
DialogBoxParamW
UpdateWindow

Exports

Exports

ClearEventData
CreateBlob
CreateNPPInterface
DestroyBlob
DestroyNPPBlobTable
DuplicateBlob
FilterNPPBlob
FindOneOf
FindUnknownBlobCategories
FindUnknownBlobTags
GetBoolFromBlob
GetClassIDFromBlob
GetDwordFromBlob
GetMacAddressFromBlob
GetNPPAddressFilterFromBlob
GetNPPBlobFromUI
GetNPPBlobTable
GetNPPEtypeSapFilter
GetNPPMacTypeAsNumber
GetNPPPatternFilterFromBlob
GetNPPTriggerFromBlob
GetNetworkInfoFromBlob
GetStringFromBlob
GetStringsFromBlob
IsRemoteNPP
LockBlob
MarshalBlob
MergeBlob
NmAddUsedEntry
NmHeapAllocate
NmHeapFree
NmHeapReallocate
NmHeapSize
NmRemoveUsedEntry
RaiseNMEvent
ReadBlobFromFile
RegCreateBlobKey
RegOpenBlobKey
ReleaseEventSystem
RemoveFromBlob
SelectNPPBlobFromTable
SendEvent
SetBoolInBlob
SetClassIDInBlob
SetDwordInBlob
SetMacAddressInBlob
SetNPPAddressFilterInBlob
SetNPPEtypeSapFilter
SetNPPPatternFilterInBlob
SetNPPTriggerInBlob
SetNetworkInfoInBlob
SetStringInBlob
SubkeyExists
UnMarshalBlob
UnlockBlob
WriteBlobToFile
WriteCrackedBlobToFile
recursiveDeleteKey
setKeyAndValue

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FINDSHAR
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/wpcap.dll
.dll windows:4 windows x86 arch:x86

06f3d2c48036103c8a5f5cfdcf3daca1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetEndOfFile
CreateFileA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
ReadFile
SetStdHandle
CloseHandle
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
GetVersion
HeapFree
HeapAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

ws2_32

send
ntohl
ntohs
inet_ntoa
htonl
WSAGetLastError
gethostbyname
inet_addr
getservbyname
htons
WSASetLastError
closesocket
accept
gethostbyaddr
getservbyport
select
setsockopt
getsockopt
getsockname
getpeername
WSACleanup
WSAStartup
connect
listen
bind
recv
getprotobyname
shutdown
socket

packet

PacketGetReadEvent
PacketGetStatsEx
PacketSendPackets
PacketInitPacket
PacketSetDumpLimits
PacketSetDumpName
PacketSetMode
PacketIsDumpEnded
PacketGetVersion
PacketGetAdapterNames
PacketGetNetInfoEx
PacketSetReadTimeout
PacketSetMinToCopy
PacketSetBuff
PacketAllocatePacket
PacketSetHwFilter
PacketFreePacket
PacketCloseAdapter
PacketGetNetType
PacketOpenAdapter
PacketGetStats
PacketReceivePacket
PacketSendPacket
PacketSetBpf

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_freealldevs
pcap_freecode
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_datalink
pcap_setbuff
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/监控端/限速/关于限速.txt
流量监控绿色版/监控端/限速/限速.exe
.exe windows:4 windows x86 arch:x86

c2aa54fe934cd928f0e6d6de5a2836fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryA
ReadFile
OpenProcess
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
Sleep
MulDiv

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtTextOutA
ExtCreatePen
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wpcap

pcap_freealldevs
pcap_findalldevs

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
流量监控绿色版/被监控端/NetProvision.exe
.exe windows:4 windows x86 arch:x86

a319e6e4bc8ba255e9c442fcbdd8b3a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetTokenInformation
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
GetUserNameA
DuplicateTokenEx
DeregisterEventSource
CreateProcessAsUserA
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenProcess
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
FileTimeToSystemTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
WTSGetActiveConsoleSessionId

gdi32

UnrealizeObject
TextOutA
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wsock32

WSAAsyncSelect
gethostname
gethostbyname
socket
recv
ntohs
inet_ntoa
inet_addr
htons
bind

cfgmgr32

CM_Get_DevNode_Status

setupapi

SetupDiClassNameFromGuidA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenClassRegKey
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
流量监控绿色版/被监控端/说明.txt
流量监控绿色版/被监控端/进程保护安装/AKPro.sys
.sys windows:5 windows x86 arch:x86

be523af75ccbc7256a02f9cadb13cba1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ProtectDriver\objfre\i386\Protector.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
DbgPrint
NtBuildNumber
MmUserProbeAddress
IoDeleteDevice
IoDeleteSymbolicLink
KeServiceDescriptorTable
PsSetCreateProcessNotifyRoutine
IofCompleteRequest
PsGetCurrentProcessId
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
流量监控绿色版/被监控端/进程保护安装/InstDrv.exe
.exe windows:4 windows x86 arch:x86

35d0e6a66317ea219d1ed718dfdb680d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord3346
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord540
ord2301
ord6197
ord6380
ord1783
ord4160
ord2863
ord2379
ord755
ord470
ord6378
ord6334
ord538
ord823
ord5953
ord4129
ord5710
ord2764
ord858
ord3097
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5163
ord4673
ord1576

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
__CxxFrameHandler
_mbscmp
__dllonexit
_onexit
_exit
__p__commode
_XcptFilter
exit
_acmdln

kernel32

GetStartupInfoA
GetLastError
GetModuleHandleA

user32

DrawIcon
IsIconic
AppendMenuA
SendMessageA
EnableWindow
GetSystemMenu
GetClientRect
LoadIconA
GetSystemMetrics

advapi32

OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA

shell32

DragQueryFileA
ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
流量监控绿色版/被监控端/进程保护安装/安装说明.txt
流量监控绿色版/语言包/监控端/Language.ini
流量监控绿色版/语言包/被监控端/Language.ini
流量监控绿色版/语言包/说明.txt
流量监控绿色版/赞助版与注册版说明.txt

Sharing

General

Malware Config

Signatures

Files

2421991f15556334b0db0d0dec6811b7

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 369KB - Virtual size: 368KB

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 912B

.edata Size: 5KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.stab Size: 6KB - Virtual size: 6KB

.stabstr Size: 5KB - Virtual size: 5KB

034a60bb85fa4f6d21cea77b6fcc9c42

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

shell32

comdlg32

wsock32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 25KB - Virtual size: 24KB

.bss Size: - Virtual size: 26KB

.idata Size: 14KB - Virtual size: 13KB

.tls Size: - Virtual size: 60B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 167KB - Virtual size: 167KB

.rsrc Size: 432KB - Virtual size: 432KB

a8045d201fdcff39736c580dad656cef

Headers

File Characteristics

Imports

ws2_32

wanpacket

kernel32

user32

advapi32

iphlpapi

version

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

d1365884b82c502a6b807942e541ebcd

Headers

File Characteristics

Imports

npptools

kernel32

ole32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 369KB - Virtual size: 368KB

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 912B

.edata
Size: 5KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.stab
Size: 6KB - Virtual size: 6KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 25KB - Virtual size: 24KB

.bss
Size: - Virtual size: 26KB

.idata
Size: 14KB - Virtual size: 13KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 167KB - Virtual size: 167KB

.rsrc
Size: 432KB - Virtual size: 432KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 15KB - Virtual size: 21KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 768B - Virtual size: 748B

.data
Size: 640B - Virtual size: 520B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 432B

FINDSHAR
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 128KB - Virtual size: 125KB