a4eb28624c151151e0e7fd7d5efbfe7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4eb28624c151151e0e7fd7d5efbfe7c_JaffaCakes118
Size

763KB
MD5

a4eb28624c151151e0e7fd7d5efbfe7c
SHA1

8ce30d0908e43430cf84f8a82e054046ec7440fa
SHA256

2d6d9d4acdc21364465b65a8bf59297666d8b8de04ae588b423360611290af93
SHA512

0b45aa82a1c6b71340fee16666a12ce6de465c9ddd9c9fba65340b7997feda4d7a5be9ea5d5f9c9cdca43369f142d418ca11b760822d80f03db39fd8acc05713
SSDEEP

12288:9KzPV8Rd/fqiMYCfhz/VoSlaolxmpMgpq+QagQxpQDE0gnszgVuQYgIrFRDBof:9SV8v/fLM3fhDOSOPqZaIOJEVgIqf

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AMLPages-v9.08.1997b/amlpages_setup_en.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/AmlAssistDirect.exe
unpack002/AmlPages.exe
unpack002/Plugins/AmlAssist.dll
unpack002/Plugins/IE2Aml.dll
unpack002/colordlg.dll
unpack002/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/AMLPages-v9.08.1997b/amlpages_setup_en.exe	nsis_installer_1
static1/unpack001/AMLPages-v9.08.1997b/amlpages_setup_en.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

a4eb28624c151151e0e7fd7d5efbfe7c_JaffaCakes118
.rar
AMLPages-v9.08.1997b/amlpages_setup_en.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioShortcuts.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
1c.ash
AmlAssistDirect.exe
.exe windows:4 windows x86 arch:x86

127518ed0362673f47dd5aaa3fd8f6a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
IsBadStringPtrA
FreeLibrary
GetProcAddress
OpenMutexA
lstrcatA
GetModuleHandleA
CloseHandle
lstrlenA
CreateMutexA
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA

user32

TranslateMessage
GetMessageA
IsWindow
PostQuitMessage
DispatchMessageA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey

msvcrt

_controlfp
strchr
_splitpath
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AmlPages.chm
.chm
AmlPages.exe
.exe windows:4 windows x86 arch:x86

14d8c644e66ca618932aaf98809b65b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetGetLastResponseInfoA
InternetGoOnline
InternetOpenA

mfc42

ord3092
ord4615
ord4610
ord4274
ord4486
ord2554
ord5731
ord3922
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord3738
ord3619
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4425
ord3597
ord641
ord1641
ord324
ord3626
ord2414
ord4202
ord2302
ord4234
ord2652
ord6215
ord2642
ord6199
ord4710
ord1669
ord5280
ord3452
ord3447
ord3196
ord3949
ord5289
ord2512
ord1200
ord928
ord5934
ord1089
ord6270
ord4698
ord5301
ord2558
ord986
ord4159
ord1134
ord6438
ord1205
ord2621
ord6117
ord5214
ord6197
ord2725
ord5503
ord2635
ord5199
ord5130
ord4957
ord4861
ord4826
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord5002
ord4494
ord4491
ord5021
ord3106
ord4605
ord5000
ord4416
ord5090
ord5501
ord4628
ord4657
ord5752
ord4155
ord2991
ord3417
ord5025
ord3515
ord6345
ord5627
ord1003
ord3449
ord3788
ord3251
ord4697
ord3066
ord6336
ord2510
ord2542
ord5742
ord1747
ord5577
ord3172
ord2403
ord3454
ord3198
ord3261
ord3280
ord4623
ord4430
ord4387
ord2915
ord4216
ord3876
ord936
ord4375
ord4852
ord3356
ord3620
ord3019
ord2516
ord361
ord1199
ord665
ord1979
ord603
ord273
ord5186
ord354
ord1092
ord3499
ord795
ord2004
ord5681
ord6883
ord6082
ord1789
ord5654
ord2864
ord2528
ord5098
ord5981
ord3127
ord3616
ord5651
ord350
ord934
ord6175
ord4420
ord4423
ord1140
ord4203
ord2884
ord4620
ord6930
ord6928
ord3123
ord3568
ord3294
ord1259
ord4825
ord4860
ord801
ord6209
ord6283
ord6282
ord541
ord4956
ord6329
ord6822
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6846
ord6858
ord6816
ord6815
ord6856
ord4589
ord4588
ord4370
ord6817
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord4892
ord4899
ord6699
ord6803
ord6710
ord6671
ord4720
ord6835
ord859
ord536
ord6662
ord6814
ord5281
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord4939
ord4941
ord4587
ord4898
ord4369
ord4532
ord4341
ord4349
ord4888
ord4964
ord4961
ord4107
ord1726
ord3282
ord5828
ord6134
ord5937
ord3771
ord2455
ord3767
ord1572
ord6136
ord3061
ord3763
ord1228
ord3021
ord2405
ord2859
ord2764
ord5223
ord1756
ord6919
ord6613
ord5789
ord2867
ord3797
ord3573
ord4132
ord4130
ord5785
ord5787
ord6880
ord2380
ord4890
ord5259
ord430
ord729
ord6008
ord3297
ord4284
ord3287
ord4125
ord3303
ord2862
ord3914
ord3296
ord2515
ord355
ord4000
ord2860
ord3290
ord2504
ord1706
ord4507
ord4464
ord5495
ord4723
ord5683
ord5861
ord6862
ord6593
ord6594
ord6860
ord6749
ord6931
ord1849
ord5076
ord3371
ord3641
ord2583
ord4403
ord5253
ord303
ord813
ord4244
ord3286
ord6905
ord3293
ord3301
ord3996
ord6696
ord2546
ord291
ord3910
ord4508
ord6007
ord3998
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord1731
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord2259
ord4836
ord4440
ord3720
ord3571
ord2575
ord4396
ord3574
ord609
ord2078
ord3495
ord5875
ord755
ord470
ord3295
ord4366
ord5086
ord1710
ord1715
ord920
ord2513
ord539
ord1871
ord6571
ord5449
ord6393
ord2801
ord2740
ord6889
ord3721
ord2116
ord4287
ord2123
ord4299
ord4475
ord3089
ord2149
ord4593
ord3181
ord693
ord3708
ord781
ord3398
ord3733
ord810
ord4271
ord4614
ord4613
ord4774
ord4538
ord1772
ord4327
ord2090
ord357
ord2535
ord5678
ord5736
ord5792
ord3517
ord2247
ord4131
ord3455
ord2841
ord5450
ord6394
ord2107
ord5440
ord6383
ord3908
ord713
ord414
ord6141
ord5859
ord5604
ord5510
ord1652
ord429
ord353
ord882
ord2393
ord879
ord786
ord5903
ord2461
ord519
ord3584
ord543
ord803
ord3870
ord703
ord403
ord5989
ord5834
ord2448
ord2044
ord3903
ord3055
ord932
ord876
ord884
ord6672
ord1980
ord3185
ord4058
ord3742
ord818
ord2100
ord6491
ord620
ord6802
ord2921
ord3289
ord4500
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord5472
ord3403
ord2879
ord2878
ord4152
ord296
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord5254
ord3481
ord5054
ord976
ord4772
ord5910

msvcrt

sprintf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_setmbcp
__getmainargs
__CxxFrameHandler
_mbscmp
_mbsicmp
strlen
atol
atoi
_ftol
memset
memcpy
_purecall
strcpy
strncpy
ispunct
isdigit
free
_splitpath
abs
floor
_except_handler3
memcmp
memchr
strcmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
malloc
realloc
_local_unwind2
strcat
_controlfp
sscanf
strchr
_mbsicoll
memmove
strncmp
wcslen
_wcsrev
isalpha
swprintf
pow
_acmdln
exit
_XcptFilter
_beginthreadex
clock
fmod
fseek
ctime
_fstat
fopen
fclose
ftell
fgets
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

kernel32

LocalFree
GetStartupInfoA
GetPrivateProfileSectionNamesA
GetFileTime
FlushFileBuffers
GetFullPathNameA
SystemTimeToFileTime
OutputDebugStringA
SetEvent
ResetEvent
EnumResourceLanguagesA
GlobalReAlloc
OpenFileMappingA
GetCurrentProcess
FindFirstChangeNotificationA
FindCloseChangeNotification
CreateMailslotA
GetPrivateProfileSectionA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetLongPathNameA
SizeofResource
FindResourceA
LoadResource
LockResource
EnumResourceNamesA
LoadLibraryExA
EnumResourceTypesA
FormatMessageA
SetLastError
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
lstrcpyA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
OpenMutexA
SuspendThread
InterlockedExchange
TerminateThread
lstrcpynA
FindNextFileA
GetDateFormatA
GetTimeFormatA
EnumDateFormatsA
EnumTimeFormatsA
CreateEventA
GetThreadLocale
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetTempFileNameA
GetNumberFormatA
GetTempPathA
GetComputerNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
GetSystemDirectoryA
OpenProcess
GlobalMemoryStatus
IsBadCodePtr
GetLocalTime
HeapFree
GetProcessHeap
HeapAlloc
GetFileSize
FindFirstFileA
FindClose
FileTimeToSystemTime
WriteFile
ReadFile
MulDiv
GetWindowsDirectoryA
GetLastError
GetDriveTypeA
SetFileAttributesA
GetFileAttributesA
GetCurrentProcessId
GetCurrentThreadId
CreateMutexA
Sleep
CreateFileA
ReleaseMutex
GetVersionExA
LoadLibraryA
IsDebuggerPresent
GlobalFree
IsBadStringPtrA
lstrlenA
IsBadReadPtr
GlobalAlloc
GlobalLock
IsBadWritePtr
GlobalUnlock
GetTickCount
SetThreadPriority
ResumeThread
GetSystemTime
GetModuleFileNameA
WaitForSingleObject
CreateThread
CloseHandle
DeleteFileA
GetModuleHandleA
GetProcAddress
CopyFileA
CreateDirectoryA

user32

DrawFocusRect
FindWindowExA
MapDialogRect
AdjustWindowRect
TranslateMessage
PeekMessageA
GetKeyNameTextA
MapVirtualKeyA
CreateCursor
CreateIcon
CopyImage
DestroyCursor
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DrawIconEx
GetMenuItemInfoA
GetActiveWindow
SetMenu
GetMenuItemRect
ChildWindowFromPoint
DrawEdge
GetTopWindow
GetClassLongA
GetTabbedTextExtentA
SystemParametersInfoA
CallWindowProcA
EnumChildWindows
SetCursorPos
TabbedTextOutA
DestroyIcon
IsChild
EndDeferWindowPos
BeginDeferWindowPos
GetMenuDefaultItem
SetParent
SetRect
MenuItemFromPoint
IsCharUpperA
MoveWindow
WindowFromPoint
RegisterWindowMessageA
MessageBoxA
CreateAcceleratorTableA
EnableWindow
GetCursorPos
GetClientRect
KillTimer
CopyRect
DrawTextA
LoadCursorA
RedrawWindow
PtInRect
IsWindow
ActivateKeyboardLayout
GetSysColor
GetSysColorBrush
SetTimer
SetCursor
SendMessageA
GetSystemMetrics
InflateRect
DrawFrameControl
SetClassLongA
GetNextDlgTabItem
GetSystemMenu
IntersectRect
EqualRect
TranslateAcceleratorA
DestroyAcceleratorTable
CreateIconIndirect
SetCapture
GetClassNameA
wsprintfA
SetRectEmpty
LoadImageA
LoadBitmapA
AdjustWindowRectEx
GetDesktopWindow
CallNextHookEx
UnhookWindowsHookEx
BeginPaint
EndPaint
DestroyWindow
SetWindowsHookExA
DefWindowProcA
RegisterClassA
SetWindowLongA
GetAsyncKeyState
GetWindowDC
MapWindowPoints
DestroyMenu
CreateMenu
ShowCursor
FillRect
ClientToScreen
InsertMenuA
TrackPopupMenu
ReleaseDC
GetMessageA
DispatchMessageA
CheckMenuItem
GetKeyState
GetDC
ScreenToClient
InvalidateRect
SetMenuItemInfoA
SetFocus
GetIconInfo
GetParent
DeleteMenu
GetMessagePos
ModifyMenuA
IsWindowEnabled
GetWindowTextLengthA
CopyIcon
GetWindow
RegisterHotKey
UnregisterHotKey
EndDialog
SetWindowTextA
GetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
IsRectEmpty
IsZoomed
GetWindowRect
GetNextDlgGroupItem
EnableMenuItem
GetFocus
RemoveMenu
SetMenuDefaultItem
IsIconic
ShowWindow
EnumWindows
PostMessageA
SetWindowPos
UpdateWindow
ReleaseCapture
CreatePopupMenu
IsWindowVisible
GetForegroundWindow
GetWindowLongA
GetDlgItem
MessageBeep
GetWindowThreadProcessId
AttachThreadInput
LoadKeyboardLayoutA
LoadAcceleratorsA
GetKeyboardLayout
OffsetRect
GetDlgCtrlID
LoadMenuA
GetMenuItemID
IsMenu
GetMenuItemCount
GetSubMenu
GetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
DrawStateA
LoadStringA
GetMenuState
SetForegroundWindow
SetActiveWindow
BringWindowToTop
CreateWindowExA
GetMenuStringA
AppendMenuA
GetMenu
GetDCEx
LoadIconA
OpenClipboard
EmptyClipboard
SetClipboardData
GrayStringA
CloseClipboard

gdi32

Escape
TextOutA
EnumFontFamiliesA
PatBlt
CreateRectRgnIndirect
RectVisible
PtVisible
LPtoDP
GetMapMode
DPtoLP
ExtTextOutA
SetPixel
ExcludeClipRect
GetBkColor
CreateFontA
EnumFontsA
EnumFontFamiliesExA
SetBkColor
SetBkMode
CreateDCA
GetBitmapBits
SetTextColor
CreatePen
MoveToEx
LineTo
CreateCompatibleBitmap
BitBlt
DeleteDC
Ellipse
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
GetDeviceCaps
GetStockObject
GetObjectA
GetObjectType
GetTextExtentPoint32A
GetTextColor
CreatePatternBrush
DeleteObject
SelectObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
GetUserNameA
RegCreateKeyA
RegDeleteValueA
RegQueryValueA
RegEnumValueA
GetUserNameW
RegCloseKey

shell32

SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
ExtractAssociatedIconA
ExtractIconExA
ShellExecuteExA
DragQueryFileA
DragFinish
ShellExecuteA

comctl32

ImageList_SetBkColor
ImageList_Remove
ImageList_GetImageCount
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_SetImageCount
ImageList_GetBkColor
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ord8
ImageList_GetIconSize
ImageList_DragShowNolock
ImageList_DragMove
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Draw

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleCreateStaticFromData
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleDuplicateData
OleInitialize
StgCreateDocfile

olepro32

ord252
ord251

oleaut32

VariantClear
SysFreeString
SysAllocStringLen
OleSavePictureFile
SysAllocStringByteLen
VariantInit
SysAllocString
SysReAllocStringLen

msvcp60

??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??1logic_error@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1Init@ios_base@std@@QAE@XZ

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

rpcrt4

RpcStringFreeA
UuidCreate
UuidFromStringA
UuidToStringA

Exports

Exports

APC_AddAttachment
APC_Command
APC_ConvertText
APC_DisplayPasswordDialog
APC_EnumAttachments
APC_GetActivePage
APC_GetAmlPagesBuildNumber
APC_GetAutoTextCommand
APC_GetMainWnd
APC_GetModuleVersionInfo
APC_GetModuleVersionInfoEx
APC_GetOptions
APC_GetUILanguage
APC_MessageBoxWithCheckBox
APC_MessageBoxWithCheckBoxEx
APC_MessageBoxWithRadioBox
APC_PluginAbout
APC_ReReadPluginsInfo
APC_RemoveAttachment
APC_RemoveAttachmentEx
APC_RichInOut
APC_SetAttachment
APC_SetStatusBarText
IsRegisteredAmlPages

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AsCarc.ash
Plugins/AmlAssist.dll
.dll windows:4 windows x86 arch:x86

cc57937dce4f8084c5358c7bdf2f63ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
LocalFree
WideCharToMultiByte
GetTimeZoneInformation
CloseHandle
CreateThread
Sleep
GetTickCount
lstrcmpiA
GetFileAttributesA
FreeLibrary
lstrlenA
LockResource
LoadResource
FindResourceA
FindResourceExA
GetVersionExA
ResumeThread
GetLongPathNameA
ReadFile
GetFileSize
CreateFileA
DebugBreak
OutputDebugStringA
InterlockedDecrement
GlobalSize
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
VirtualFree
GetLocalTime
VirtualAlloc
IsBadWritePtr
IsBadStringPtrA
MultiByteToWideChar
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnableMenuItem
CharUpperA
GetQueueStatus
SetMenuItemInfoA
SetWindowTextA
GetFocus
wvsprintfA
CharNextA
LoadMenuIndirectA
CreatePopupMenu
AppendMenuA
GetWindowTextLengthA
InsertMenuA
GetWindowRect
MapWindowPoints
GetWindowTextA
SetFocus
SetTimer
SetCursor
ReleaseCapture
GetDoubleClickTime
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowLongA
SetMenuDefaultItem
LoadCursorA
RegisterClassA
RegisterWindowMessageA
GetKeyboardLayoutList
DestroyIcon
GetClipboardFormatNameA
RegisterClipboardFormatA
SendMessageA
LoadStringA
EnumWindows
MessageBeep
MessageBoxA
CheckMenuItem
SetForegroundWindow
TrackPopupMenuEx
CharLowerA
IsWindowVisible
GetWindowLongA
SetWindowPos
IsIconic
ShowWindow
GetDesktopWindow
GetClientRect
GetSystemMetrics
IsWindow
DestroyMenu
GetMenuStringA
GetClassNameA
PostMessageA
LoadImageA
GetMessagePos
AdjustWindowRect
ModifyMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetWindowRgn

msvcrt

strlen
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
atoi
_ismbcdigit
wcslen
_strcmpi
strtok
setlocale
_mbsupr
_mbscmp
_mbsicmp
strchr
strstr
atol
_strlwr
_mbsstr
sprintf
memcmp
strncpy
strncat
_splitpath
memcpy
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
memset
strcat
??2@YAPAXI@Z
strcmp
strcpy

oleaut32

SysAllocStringLen
SysFreeString

gdi32

CreatePolygonRgn
CreateFontIndirectA
DeleteObject
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteA
DragQueryFileA
DragFinish
SHGetFileInfoA
DragAcceptFiles

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

ole32

CoInitialize
RegisterDragDrop
ReleaseStgMedium

comdlg32

GetOpenFileNameA

Exports

Exports

AS_ShowPane
Aml_EventHandler
Aml_GetMenuItemInfo
Aml_GetPluginInfo
MenuHandler
PluginAboutProc
StartWithWindowsProc

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/IE2Aml.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d8894d93420b5547fbb917b50cd20150

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
GetModuleFileNameA
GetLastError
GetFileAttributesA
CloseHandle
GetTempFileNameA
GetTickCount
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
GetShortPathNameA
lstrcpyA
lstrcatA
WideCharToMultiByte
IsBadCodePtr
WriteFile
CreateFileA
ReadFile
GetFileSize
LocalFree
Sleep
GetWindowsDirectoryA
DeleteFileA
GlobalUnlock
VirtualFree
GetLocalTime
VirtualAlloc
IsBadStringPtrA
GetModuleHandleA
MultiByteToWideChar
OutputDebugStringA
DebugBreak
IsBadReadPtr
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
IsBadWritePtr
lstrlenW

user32

TrackPopupMenuEx
AppendMenuA
CreatePopupMenu
GetParent
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
CreateWindowExA
GetMenuStringA
RedrawWindow
GetClientRect
SetCursor
LoadCursorA
DestroyIcon
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetWindowLongA
CallWindowProcA
ClientToScreen
EnableMenuItem
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetMenuItemCount
GetMenuItemID
GetMenuItemRect
GetSystemMetrics
GetWindowRect
SetWindowPos
SendMessageA
SetWindowLongA
DestroyWindow
CheckMenuItem
SetMenuItemInfoA
CharUpperA
ShowWindow
MessageBeep
LoadIconA
MessageBoxA
CharNextA
wvsprintfA
GetWindowTextLengthA
GetWindowTextA
EnumWindows
SendMessageTimeoutA
IsWindow
RegisterWindowMessageA
LoadStringA
GetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetActiveWindow

gdi32

GetObjectType
GetStockObject
GetObjectA
CreateFontIndirectA
DeleteObject

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_SetBkColor
ImageList_Create
ImageList_GetImageCount
CreateToolbarEx
InitCommonControlsEx
ImageList_GetIconSize
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

strcpy
_ismbcdigit
wcslen
atoi
_mbsstr
??2@YAPAXI@Z
??3@YAXPAX@Z
strlen
memcpy
memset
_except_handler3
strncpy
_splitpath
_mbscmp
_ismbcspace
memmove
_purecall
memcmp
_mbsicmp
_mbschr
strchr
wcscpy
__CxxFrameHandler
_CxxThrowException
_mbsrchr
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

AboutProc
Aml_GetMenuItemInfo
Aml_GetPluginInfo
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RegisterIntoIE

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ash.ash
autotext.atx
.ps1
cell.gif
.gif
colordlg.dll
.dll windows:4 windows x86 arch:x86

b7d2bc182f151ed90d67648133315631

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
FreeLibrary
SetEvent
WaitForSingleObject
CreateEventA
MulDiv
CloseHandle
lstrlenA
DeleteCriticalSection
HeapDestroy
lstrcpyA
InitializeCriticalSection
GetCurrentThreadId
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
InterlockedIncrement
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
InterlockedDecrement
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
RtlUnwind
HeapFree
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapCreate

gdi32

CreateCompatibleBitmap
BitBlt
DeleteDC
GetBkColor
GetTextColor
CreateSolidBrush
DeleteObject
SetBkColor
SetTextColor
ExtTextOutA
GetStockObject
SelectObject
GetTextExtentPoint32A
CreateCompatibleDC

comdlg32

ChooseColorA

user32

GetClassInfoExA
RegisterClassExA
CallWindowProcA
GetWindowLongA
CreateDialogParamA
CreateWindowExA
GetSysColorBrush
FillRect
CopyRect
InflateRect
DrawEdge
GetSysColor
GetParent
SetCapture
GetCapture
ReleaseCapture
InvalidateRect
SetFocus
GetDlgItem
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
SendMessageA
GetDC
ReleaseDC
GetSystemMetrics
SetWindowPos
GetClientRect
MoveWindow
GetWindowRect
ShowWindow
LoadStringA
DefWindowProcA
DestroyWindow
SetWindowLongA

olepro32

ord254

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Exports

Exports

ShowColor
ShowColor2
ShowColor3

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cpp.ash
delphi.ash
email.ash
howtoreg.htm
.html
html.ash
lines.gif
.gif
mfc.ash
nsis.ash
perl.ash
sample.apd
splash.jpg
.jpg
splitter.gif
.gif
sql.ash
tips.txt
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
vb.ash
voter.ini
wtl.ash
AMLPages-v9.08.1997b/readme.txt
AMLPages-v9.08.1997b/whatnews.txt
AMLPages-v9.08.1997b/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 5KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

127518ed0362673f47dd5aaa3fd8f6a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 208B

.rsrc Size: 1KB - Virtual size: 1KB

14d8c644e66ca618932aaf98809b65b9

Headers

File Characteristics

Imports

wininet

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

msvcp60

version

rpcrt4

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 24KB - Virtual size: 36KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 208B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 24KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 24B

.rsrc
Size: 197KB - Virtual size: 196KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB