aec4a6c25680fcef45a6cb3988778c75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aec4a6c25680fcef45a6cb3988778c75_JaffaCakes118
Size

2.2MB
MD5

aec4a6c25680fcef45a6cb3988778c75
SHA1

7409fef916c75e311fe09d87795cca555b88801e
SHA256

2292ee129e79baabee0591af226149da984940bd59a2a244d2414234ef147b55
SHA512

b4094f6f60c439a1dff9cf0201858f7a26792d390dd26a1c69212995c4a9b2e6759a892e71d46fff78e9a79201a96ffde3c913a31c26f98068caae50ab10b277
SSDEEP

49152:F5SVwPz/oqXzpmVtVdf/lNyoUPfrsz2E8sT+:F5SyDpmVtVdf/lEDHAS

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vgrabber.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/Uninstall.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack002/VGrabber.exe
unpack002/detoured.dll
unpack002/esupdate.dll
unpack002/player/flvplayer.exe
unpack002/player/gc.dll
unpack002/player/neko.dll
unpack002/player/regexp.ndll
unpack002/player/std.ndll
unpack002/player/swhx.ndll
unpack002/player/systools.ndll
unpack002/player/zlib.ndll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/vgrabber.exe	nsis_installer_1
static1/unpack001/vgrabber.exe	nsis_installer_2
static1/unpack002/Uninstall.exe	nsis_installer_1
static1/unpack002/Uninstall.exe	nsis_installer_2

Files

aec4a6c25680fcef45a6cb3988778c75_JaffaCakes118
.rar
readme.txt
vgrabber.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Uninstall.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
VGrabber.exe
.exe windows:4 windows x86 arch:x86

dc4f0373251b590ad9fa18f6ff3279b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
WSASocketA
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
send
WSAEnumNetworkEvents
htonl
WSAGetLastError
inet_addr
inet_ntoa
gethostbyname
ntohs
htons
WSAConnect
ntohl
recv
WSASend
WSARecv

shlwapi

PathFindExtensionA
PathFindFileNameA
PathAppendA

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
FindFirstUrlCacheEntryA

dbghelp

MakeSureDirectoryPathExists

kernel32

HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateProcess
ExitThread
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
ExitProcess
GetProfileStringA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
lstrcpynA
Sleep
CreateThread
GetCurrentThread
TerminateThread
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLastError
lstrlenA
GetProcAddress
FreeLibrary
LoadLibraryA
WritePrivateProfileStringA
DeleteFileA
OutputDebugStringA
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
CreateEventA
GetExitCodeThread
WaitForSingleObject
GetVersionExA
GetModuleFileNameA
WinExec
SetThreadPriority
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
VirtualProtect
ResumeThread
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
SuspendThread
VirtualAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
RtlUnwind
GetTickCount
GetCurrentDirectoryA
CopyFileA
GlobalSize
SetErrorMode
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetDiskFreeSpaceA
GetTempFileNameA
lstrlenW
SetEvent
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetFileAttributesA
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
GetFileTime
GetFileSize
GetFileAttributesA
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
MulDiv
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
SetLastError

user32

GetSysColorBrush
GetClassNameA
CharNextA
FindWindowA
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetAsyncKeyState
GetMessageA
TranslateMessage
ValidateRect
UnionRect
IsRectEmpty
IsZoomed
LoadStringA
UnpackDDElParam
ReuseDDElParam
SetMenu
DestroyMenu
GetDesktopWindow
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
CharUpperA
SetCursor
LoadCursorA
DestroyCursor
SetCursorPos
ReleaseCapture
SetCapture
wvsprintfA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetActiveWindow
SetFocus
AdjustWindowRectEx
DeferWindowPos
PostThreadMessageA
ScrollWindow
GetMenuStringA
DeleteMenu
DestroyIcon
WindowFromPoint
SetRect
ReleaseDC
InsertMenuA
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetDlgItem
GetWindowTextLengthA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetDCEx
RegisterClipboardFormatA
SetParent
GetSystemMenu
GetMenuCheckMarkDimensions
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SetTimer
SetScrollPos
BringWindowToTop
GetClientRect
SendMessageA
GetWindowRect
IsWindow
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
GetClipboardFormatNameA
GetDoubleClickTime
CreatePopupMenu
GetCursor
CreateAcceleratorTableA
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
DestroyAcceleratorTable
CopyRect
InvertRect
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenu
GetMenuItemCount
GetMenuItemID
LoadMenuA
GetSubMenu
SetForegroundWindow
TrackPopupMenu
LockWindowUpdate
ShowScrollBar
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
IsWindowVisible
LoadBitmapA
LoadIconA
PostMessageA
SendMessageTimeoutA
BeginDeferWindowPos
EndDeferWindowPos
EqualRect
RedrawWindow
UpdateWindow
PtInRect
GetFocus
DrawEdge
FillRect
GrayStringA
GetMenuStringW
LookupIconIdFromDirectoryEx
GetMenuDefaultItem
DrawTextA
TabbedTextOutA
GetSystemMetrics
InflateRect
InvalidateRect
GetSysColor
EnableWindow
GetCursorPos
ScreenToClient
KillTimer
GetParent
LoadImageA
SetMenuDefaultItem
MapVirtualKeyA
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
DrawStateA
DrawIconEx
DrawFrameControl
DrawFocusRect
IsClipboardFormatAvailable
GetMenuItemInfoA
IsMenu
ShowCaret
HideCaret
GetWindowRgn
SetWindowRgn

gdi32

SetPixel
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
Escape
LineTo
SetTextAlign
CreatePen
DeleteObject
CreateRectRgn
ExtSelectClipRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PatBlt
CreateRectRgnIndirect
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
LPtoDP
GetTextColor
CopyMetaFileA
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetBitmapBits
GetViewportOrgEx
ExtCreateRegion
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
ExtFloodFill
Ellipse
GetTextExtentPointA
CreateDIBitmap
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateCompatibleDC
BitBlt
GetObjectA
MoveToEx
GetBkColor
StretchBlt
CreateDIBSection
GetDIBits
SetDIBits
GetPixel
EnumFontFamiliesExA
Polygon
PtInRegion
GetCurrentObject

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
ExtractIconA

comctl32

ImageList_LoadImageA
ImageList_Create
ImageList_GetImageCount
ord17
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_DrawEx
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_Draw
_TrackMouseEvent
ImageList_Remove
ImageList_DrawIndirect
PropertySheetA
DestroyPropertySheetPage
ImageList_Destroy
CreatePropertySheetPageA

oledlg

ord1
ord8

ole32

CoTaskMemFree
ReleaseStgMedium
CoGetClassObject
CoTaskMemAlloc
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateInstance
CoDisconnectObject
CoInitialize
CoUninitialize
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard

olepro32

ord253

oleaut32

VariantInit
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
OleLoadPicturePath
VariantClear

winmm

PlaySoundA

detoured

Detoured

Sections

.text
Size: 1000KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
detoured.dll
.dll windows:4 windows x86 arch:x86

6c8408bb5d7d5a5b75b9314f94e68763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls

Exports

Exports

Detoured

Sections

.text
Size: 4KB - Virtual size: 42B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esupdate.dll
.dll windows:4 windows x86 arch:x86

84d103c422970fdf18e85ae733dfa9ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupIterateCabinetA

wininet

InternetCrackUrlA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

inet_ntoa
closesocket
gethostbyname
socket
WSAStartup
recv
WSAGetLastError
connect
inet_addr
htons
setsockopt
send
getprotobyname

kernel32

GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
CloseHandle
Sleep
WriteFile
CreateFileA
lstrcpynA
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
GetPrivateProfileStringA
WinExec
DeleteFileA
GetTempPathA
GetSystemDirectoryA
OutputDebugStringA
MoveFileExA
GetWindowsDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetUnhandledExceptionFilter
InterlockedIncrement
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
WideCharToMultiByte
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement

shlwapi

PathFindFileNameA

Exports

Exports

fnDownloadVer
fnPostStatMsg
fnSetCallback
fnSetPath
fnUpgrade
fnUpgradeExe
fnVisitUrl

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
global.ini
help/help.htm
.html
help/images/1.1.gif
.gif
help/images/2.1.gif
.gif
help/images/3.1.gif
.gif
help/images/4.1.gif
help/images/4.2.gif
help/images/vgrabber.ico
player/app.n
player/flashplayer.bin
.dll windows:4 windows x86 arch:x86

1b34f70bd41bce870c4a4d4578dab96c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/11/2006, 00:00

Not After

10/12/2007, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:f5:aa:85:90:75:33:58:9b:99:44:3f:b2:65:9c:eb:44:3f:c1:95
Signer

Actual PE Digest

bb:f5:aa:85:90:75:33:58:9b:99:44:3f:b2:65:9c:eb:44:3f:c1:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_CS3\platform\win32\netscape\Release\NPSWF32.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

waveOutWrite
waveOutGetDevCapsA
timeBeginPeriod
timeGetDevCaps
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInOpen
waveOutReset
waveOutUnprepareHeader
timeGetTime
timeSetEvent
timeKillEvent
timeEndPeriod
waveOutOpen
waveOutClose
waveOutPrepareHeader

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA

crypt32

CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore

oleaut32

SysFreeString

kernel32

CreateFileA
GetTempFileNameA
GetModuleHandleA
GlobalFree
WideCharToMultiByte
GetCurrentDirectoryA
CreateDirectoryA
GetEnvironmentVariableA
GetLastError
FreeLibrary
WaitForSingleObject
GetVersionExA
GetSystemDefaultLangID
CreateThread
MoveFileA
GetFileAttributesA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
ExitThread
GetFileAttributesW
SetFilePointer
FindResourceExA
FindResourceExW
GlobalAlloc
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
WriteFile
SystemTimeToFileTime
ReadFile
GetFileSize
CreateMutexA
CreateProcessA
GetFileAttributesExA
SetCurrentDirectoryA
RemoveDirectoryA
GetSystemDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
GetProcessTimes
CreateEventA
SetEvent
SetThreadPriority
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
CloseHandle
DeleteFileA
GetModuleFileNameA
FindResourceA
SizeofResource
LoadResource
LockResource
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
HeapFree
VirtualProtect
ExitProcess
OpenFile
_lwrite
_lclose
FreeResource
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
HeapReAlloc
TerminateProcess
HeapSize
GetSystemTimeAsFileTime
RtlUnwind
SetLastError
GetStdHandle
GetOEMCP
GetStringTypeA
GetStringTypeW
GetSystemTime

user32

RegisterWindowMessageA
DispatchMessageA
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
GetWindowLongA
IsWindow
MapVirtualKeyA
WaitForInputIdle
GetForegroundWindow
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetWindowRect
GetDesktopWindow
LoadIconA
GetDlgItem
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
InsertMenuItemA
RegisterClassA
SystemParametersInfoA
ScreenToClient
GetMenuItemID
DeleteMenu
TrackPopupMenu
ReleaseCapture
SetFocus
SetCapture
GetCapture
GetCursorPos
WindowFromPoint
DefWindowProcA
CreateWindowExA
SetWindowPos
ShowWindow
DestroyWindow
GetSystemMetrics
EnumDisplaySettingsA
FillRect
GetTopWindow
GetFocus
SendMessageA
SendNotifyMessageA
GetKeyState
ReleaseDC
GetDC
BeginPaint
EndPaint
LoadMenuA
GetSubMenu
DestroyMenu
EnableMenuItem
CheckMenuItem
SetWindowLongA
KillTimer
SetTimer
InvalidateRect
GetWindowInfo
CopyRect
GetClientRect
SetCursor
LoadStringA
MessageBoxA
PostMessageA
ClientToScreen
UnregisterClassA
SendInput
GetKeyboardLayout
GetDoubleClickTime
MsgWaitForMultipleObjects
PeekMessageA
GetQueueStatus
PostThreadMessageA
EmptyClipboard
GetParent
SetClipboardData
LoadCursorA

gdi32

StretchDIBits
LPtoDP
DeleteObject
CreateSolidBrush
DeleteDC
CreateDCA
RealizePalette
SelectPalette
BitBlt
CreateCompatibleDC
GdiFlush
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutA
GetStockObject
SelectObject
Rectangle
GetDeviceCaps
GetSystemPaletteEntries
GetClipBox
GetObjectA
RestoreDC
ExtTextOutW
SaveDC
SelectClipPath
SetTextColor
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
GetClipRgn
CreateRectRgn
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
SetBkColor
GetBkColor
CreatePen
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
PolyBezierTo
LineTo
MoveToEx
SetPolyFillMode
EndPath
BeginPath
StartPage
EndPage

comdlg32

PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize

wsock32

gethostbyname
htonl
connect
setsockopt
socket
WSAStartup
WSACleanup
ntohl
inet_ntoa
select
gethostname
recvfrom
inet_addr
ntohs
sendto
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAAsyncSelect
WSAGetLastError
send
recv
closesocket
htons
ioctlsocket

Exports

Exports

FlashPlugin_Setup
Flash_DisableLocalSecurity
Flash_EnforceLocalSecurity
Java_ShockwaveFlash_CurrentFrame_stub
Java_ShockwaveFlash_FlashVersion_stub
Java_ShockwaveFlash_FrameLoaded_stub
Java_ShockwaveFlash_GetVariable_stub
Java_ShockwaveFlash_GotoFrame_stub
Java_ShockwaveFlash_IsPlaying_stub
Java_ShockwaveFlash_LoadMovie_stub
Java_ShockwaveFlash_Pan_stub
Java_ShockwaveFlash_PercentLoaded_stub
Java_ShockwaveFlash_Play_stub
Java_ShockwaveFlash_SetVariable_stub
Java_ShockwaveFlash_SetZoomRect_stub
Java_ShockwaveFlash_StopPlay_stub
Java_ShockwaveFlash_TCallFrame_stub
Java_ShockwaveFlash_TCallLabel_stub
Java_ShockwaveFlash_TCurrentFrame_stub
Java_ShockwaveFlash_TCurrentLabel_stub
Java_ShockwaveFlash_TGetProperty_stub
Java_ShockwaveFlash_TGotoFrame_stub
Java_ShockwaveFlash_TGotoLabel_stub
Java_ShockwaveFlash_TPlay_stub
Java_ShockwaveFlash_TSetProperty_stub
Java_ShockwaveFlash_TStopPlay_stub
Java_ShockwaveFlash_TotalFrames_stub
Java_ShockwaveFlash_Zoom_stub
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
native_ShockwaveFlash_CurrentFrame
native_ShockwaveFlash_FlashVersion
native_ShockwaveFlash_FrameLoaded
native_ShockwaveFlash_GetVariable
native_ShockwaveFlash_GotoFrame
native_ShockwaveFlash_IsPlaying
native_ShockwaveFlash_LoadMovie
native_ShockwaveFlash_Pan
native_ShockwaveFlash_PercentLoaded
native_ShockwaveFlash_Play
native_ShockwaveFlash_SetVariable
native_ShockwaveFlash_SetZoomRect
native_ShockwaveFlash_StopPlay
native_ShockwaveFlash_TCallFrame
native_ShockwaveFlash_TCallLabel
native_ShockwaveFlash_TCurrentFrame
native_ShockwaveFlash_TCurrentLabel
native_ShockwaveFlash_TGetProperty
native_ShockwaveFlash_TGotoFrame
native_ShockwaveFlash_TGotoLabel
native_ShockwaveFlash_TPlay
native_ShockwaveFlash_TSetProperty
native_ShockwaveFlash_TStopPlay
native_ShockwaveFlash_TotalFrames
native_ShockwaveFlash_Zoom
register_ShockwaveFlash
unregister_ShockwaveFlash
unuse_ShockwaveFlash
unuse_netscape_plugin_Plugin
use_ShockwaveFlash
use_netscape_plugin_Plugin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 1007KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/flvplayer.exe
.exe windows:4 windows x86 arch:x86

016462136917e0792f977d12ab58f88a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\swhx\projects\Release\boot.pdb

Imports

neko

neko_global_init
neko_vm_alloc
neko_vm_jit
neko_vm_select
neko_default_loader
neko_alloc_string
neko_val_id
neko_val_field
neko_val_callEx
neko_global_free
neko_alloc_buffer
neko_exc_stack
neko_buffer_append
neko_val_buffer
val_null
neko_buffer_to_string

kernel32

WriteFile
GetCurrentDirectoryA
SetEnvironmentVariableA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetCommandLineA
VirtualQuery
InterlockedExchange
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
SetCurrentDirectoryA
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind

user32

MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
player/gc.dll
.dll windows:4 windows x86 arch:x86

cfbdb06b17e45da0d0f80d566a547d2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Prog\honsen\gc\Release\gc.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
malloc
free
atol
atoi
sprintf
getenv
_except_handler3
exit

kernel32

SuspendThread
VirtualProtect
GlobalFree
GlobalAlloc
VirtualAlloc
GetVersion
GetSystemInfo
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
CreateFileA
WriteFile
DebugBreak
Sleep
GetCurrentThreadId
GetLastError
DuplicateHandle
GetCurrentThread
GetCurrentProcess
InterlockedIncrement
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetExitCodeThread
GetTickCount
ResumeThread
VirtualQuery
GetThreadContext
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

MessageBoxA

Exports

Exports

GC_abort
GC_add_roots
GC_all_interior_pointers
GC_allocate_ml
GC_arrays
GC_base
GC_call_with_alloc_lock
GC_calloc_explicitly_typed
GC_change_stubborn
GC_clear_roots
GC_collect_a_little
GC_debug_change_stubborn
GC_debug_end_stubborn_change
GC_debug_free
GC_debug_invoke_finalizer
GC_debug_malloc
GC_debug_malloc_atomic
GC_debug_malloc_atomic_ignore_off_page
GC_debug_malloc_ignore_off_page
GC_debug_malloc_replacement
GC_debug_malloc_stubborn
GC_debug_malloc_uncollectable
GC_debug_realloc
GC_debug_realloc_replacement
GC_debug_register_displacement
GC_debug_register_finalizer
GC_debug_register_finalizer_ignore_self
GC_debug_register_finalizer_no_order
GC_disable
GC_dont_expand
GC_dont_gc
GC_dont_precollect
GC_enable
GC_enable_incremental
GC_end_stubborn_change
GC_err_printf
GC_exclude_static_roots
GC_expand_hp
GC_finalize_all
GC_finalize_on_demand
GC_finalizer_notifier
GC_find_leak
GC_fo_entries
GC_free
GC_free_space_divisor
GC_full_freq
GC_gc_no
GC_gcollect
GC_general_register_disappearing_link
GC_get_bytes_since_gc
GC_get_free_bytes
GC_get_heap_size
GC_get_total_bytes
GC_ignore_self_finalize_mark_proc
GC_incremental_protection_needs
GC_init
GC_invoke_finalizers
GC_is_marked
GC_is_valid_displacement
GC_is_valid_displacement_print_proc
GC_is_visible
GC_is_visible_print_proc
GC_java_finalization
GC_make_closure
GC_make_descriptor
GC_malloc
GC_malloc_atomic
GC_malloc_atomic_ignore_off_page
GC_malloc_explicitly_typed
GC_malloc_explicitly_typed_ignore_off_page
GC_malloc_ignore_off_page
GC_malloc_stubborn
GC_malloc_uncollectable
GC_max_retries
GC_no_dls
GC_non_gc_bytes
GC_noop
GC_normal_finalize_mark_proc
GC_null_finalize_mark_proc
GC_oom_fn
GC_parallel
GC_post_incr
GC_pre_incr
GC_printf
GC_quiet
GC_realloc
GC_register_disappearing_link
GC_register_displacement
GC_register_finalizer
GC_register_finalizer_ignore_self
GC_register_finalizer_inner
GC_register_finalizer_no_order
GC_same_obj
GC_same_obj_print_proc
GC_set_free_space_divisor
GC_set_max_heap_size
GC_set_warn_proc
GC_should_invoke_finalizers
GC_size
GC_stackbottom
GC_time_limit
GC_try_to_collect
GC_unregister_disappearing_link
GC_use_entire_heap
GC_win32_free_heap
_GC_CreateThread@24

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/glm-flv.dat
player/neko.dll
.dll windows:4 windows x86 arch:x86

2ce232322951e2e901474517a7d211bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Prog\lang\neko\vm\Release\nekovm_dll.pdb

Imports

gc

GC_free
GC_malloc_uncollectable
GC_malloc_atomic
GC_malloc
_GC_CreateThread@24
GC_register_finalizer
GC_get_free_bytes
GC_gcollect
GC_collect_a_little
GC_init
GC_no_dls
GC_clear_roots
GC_get_heap_size
GC_set_warn_proc

msvcrt

memmove
atoi
atof
_setjmp3
fputs
_ftol
fwrite
_iob
_CIfmod
longjmp
fmod
fopen
strrchr
fclose
_stat
strchr
getenv
fread
free
_initterm
malloc
_adjust_fdiv
fflush
sprintf

kernel32

WaitForSingleObject
DisableThreadLibraryCalls
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
ReleaseMutex
CreateMutexA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
CreateSemaphoreA
CloseHandle
ReleaseSemaphore

user32

PeekMessageA

Exports

Exports

_neko_failure
buffer_append_char
neko_alloc
neko_alloc_abstract
neko_alloc_array
neko_alloc_buffer
neko_alloc_empty_string
neko_alloc_field
neko_alloc_float
neko_alloc_function
neko_alloc_object
neko_alloc_private
neko_alloc_root
neko_alloc_string
neko_buffer_append
neko_buffer_append_sub
neko_buffer_to_string
neko_call_stack
neko_copy_string
neko_default_loader
neko_exc_stack
neko_file_reader
neko_free_root
neko_gc_loop
neko_gc_major
neko_gc_stats
neko_global_free
neko_global_init
neko_id_module
neko_is_big_endian
neko_k_hash
neko_k_int32
neko_kind_export
neko_kind_import
neko_kind_module
neko_read_module
neko_select_file
neko_set_stack_base
neko_string_reader
neko_thread_create
neko_val_buffer
neko_val_call0
neko_val_call1
neko_val_call2
neko_val_callEx
neko_val_callN
neko_val_compare
neko_val_field
neko_val_field_name
neko_val_gc
neko_val_hash
neko_val_id
neko_val_iter_fields
neko_val_ocall0
neko_val_ocall1
neko_val_ocallN
neko_val_print
neko_val_rethrow
neko_val_this
neko_val_throw
neko_vm_alloc
neko_vm_current
neko_vm_custom
neko_vm_execute
neko_vm_jit
neko_vm_redirect
neko_vm_select
val_call3
val_false
val_null
val_ocall2
val_true

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/regexp.ndll
.dll windows:4 windows x86 arch:x86

c03e822397a67fce58fb8e0fb0ac9028

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Prog\lang\neko\libs\regexp\Release\regexp.pdb

Imports

neko

neko_val_id
neko_alloc_object
neko_alloc_field
neko_alloc_empty_string
neko_val_call1
neko_buffer_append_sub
val_true
val_false
neko_alloc_string
neko_alloc_buffer
neko_buffer_append
neko_val_buffer
neko_buffer_to_string
_neko_failure
neko_alloc
neko_alloc_abstract
val_null
neko_val_gc

msvcrt

_adjust_fdiv
_initterm
memmove
strncmp
malloc
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

__neko_entry_point
regexp_match__4
regexp_matched__2
regexp_matched_pos__2
regexp_new__1
regexp_new_options__2
regexp_replace__3
regexp_replace_all__3
regexp_replace_fun__3

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/std.ndll
.dll windows:4 windows x86 arch:x86

2e35cee1927354185413dbe935a44e87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Prog\lang\neko\libs\std\Release\std.pdb

Imports

neko

neko_val_ocall1
neko_val_gc
neko_free_root
neko_alloc_root
neko_thread_create
neko_vm_alloc
neko_vm_select
neko_val_callEx
neko_val_ocall0
neko_alloc_function
val_ocall2
neko_val_field
neko_alloc_private
neko_vm_execute
neko_select_file
neko_buffer_append
neko_file_reader
neko_read_module
val_call3
neko_vm_redirect
neko_val_call1
neko_val_print
neko_vm_current
neko_vm_jit
neko_gc_stats
neko_gc_major
neko_gc_loop
neko_is_big_endian
neko_copy_string
neko_kind_module
neko_k_hash
neko_val_iter_fields
neko_alloc_float
neko_val_id
neko_kind_export
neko_alloc_empty_string
val_false
neko_alloc
neko_alloc_array
neko_val_throw
neko_alloc_object
neko_alloc_field
neko_alloc_string
val_null
_neko_failure
neko_k_int32
neko_buffer_to_string
neko_buffer_append_sub
buffer_append_char
neko_val_buffer
val_true
neko_alloc_buffer
neko_alloc_abstract

ws2_32

__WSAFDIsSet
select
bind
accept
ntohs
getpeername
getsockname
setsockopt
shutdown
listen
inet_ntoa
inet_addr
gethostbyname
recv
send
closesocket
socket
WSAStartup
WSAGetLastError
htons
connect
gethostname
ioctlsocket
gethostbyaddr

msvcrt

fseek
ftell
fflush
_iob
_getpid
_putenv
_getcwd
_chdir
_stat
_unlink
_mkdir
_rmdir
_getch
_getche
_strcmpi
_adjust_fdiv
malloc
_initterm
free
__p__environ
strchr
rename
exit
system
setlocale
getenv
strrchr
_CIasin
_CIacos
floor
ceil
_CIpow
fread
fwrite
fclose
fopen
localtime
strftime
mktime
sscanf
time
_ftol

kernel32

WaitForSingleObject
Sleep
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
CreateSemaphoreA
DisableThreadLibraryCalls
GetTickCount
ReleaseSemaphore

user32

PeekMessageA
GetMessageA
PostThreadMessageA

Exports

Exports

__neko_entry_point
base_decode__2
base_encode__2
buffer_add__2
buffer_add_char__2
buffer_add_sub__4
buffer_new__0
buffer_reset__1
buffer_string__1
date_format__2
date_get_day__1
date_get_hour__1
date_new__1
date_now__0
date_set_day__4
date_set_hour__4
double_bytes__2
double_of_bytes__2
enable_jit__1
file_close__1
file_contents__1
file_delete__1
file_eof__1
file_exists__1
file_flush__1
file_full_path__1
file_name__1
file_open__2
file_read__4
file_read_char__1
file_seek__3
file_stderr__0
file_stdin__0
file_stdout__0
file_tell__1
file_write__4
file_write_char__2
float_bytes__2
float_of_bytes__2
gc_stats__0
get_cwd__0
get_env__1
host_local__0
host_resolve__1
host_reverse__1
host_to_string__1
int32_add__2
int32_address__1
int32_and__2
int32_compare__2
int32_complement__1
int32_div__2
int32_mod__2
int32_mul__2
int32_neg__1
int32_new__1
int32_or__2
int32_shl__2
int32_shr__2
int32_sub__2
int32_to_float__1
int32_to_int__1
int32_ushr__2
int32_xor__2
lock_create__0
lock_release__1
lock_wait__2
make_md5__1
math_abs__1
math_acos__1
math_asin__1
math_atan2__2
math_atan__1
math_ceil__1
math_cos__1
math_exp__1
math_floor__1
math_log__1
math_pi__0
math_pow__2
math_round__1
math_sin__1
math_sqrt__1
math_tan__1
mem_size__1
module_code_size__1
module_exec__1
module_exports__1
module_global_get__2
module_global_set__3
module_loader__1
module_name__1
module_nglobals__1
module_read__2
module_read_path__3
parse_xml__2
print_redirect__1
put_env__2
random_float__1
random_int__2
random_new__0
random_set_seed__2
run_gc__1
serialize__1
set_cwd__1
set_time_locale__1
socket_accept__1
socket_bind__3
socket_close__1
socket_connect__3
socket_host__1
socket_init__0
socket_listen__2
socket_new__1
socket_peer__1
socket_poll__3
socket_poll_alloc__1
socket_read__1
socket_recv__4
socket_recv_char__1
socket_select__4
socket_send__4
socket_send_char__2
socket_set_blocking__2
socket_set_timeout__2
socket_shutdown__3
socket_write__2
sprintf__2
string_split__2
sys_command__1
sys_cpu_time__0
sys_create_dir__2
sys_env__0
sys_exe_path__0
sys_exists__1
sys_exit__1
sys_file_type__1
sys_get_pid__0
sys_getch__1
sys_read_dir__1
sys_remove_dir__1
sys_rename__2
sys_sleep__1
sys_stat__1
sys_string__0
sys_time__0
test__0
thread_create__2
thread_current__0
thread_read_message__1
thread_send__2
unserialize__2
url_decode__1
url_encode__1
utf8_buf_add__2
utf8_buf_alloc__1
utf8_buf_content__1
utf8_buf_length__1
utf8_buf_size__1
utf8_compare__2
utf8_get__2
utf8_iter__2
utf8_length__1
utf8_sub__3
utf8_validate__1

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/swhx.ndll
.dll windows:4 windows x86 arch:x86

734a76c0f6d31218f87f38c92aa7fd53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p:\swhx\projects\Release\swhx.pdb

Imports

neko

neko_copy_string
neko_val_callN
neko_k_int32
neko_alloc_abstract
neko_val_callEx
neko_val_rethrow
neko_alloc_array
neko_val_call1
val_true
val_false
neko_alloc_root
neko_free_root
neko_val_call0
neko_alloc_string
neko_val_throw
val_null

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameA
GetModuleHandleA
QueryPerformanceCounter
InitializeCriticalSection
QueryPerformanceFrequency
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
LCMapStringA
InterlockedExchange
RtlUnwind
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
FlushFileBuffers
VirtualProtect
GetSystemInfo
CloseHandle
VirtualQuery
GetVersionExA
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree

user32

SetWindowPlacement
LoadIconA
LoadCursorA
RegisterClassExA
PeekMessageA
DefWindowProcA
BeginPaint
EndPaint
GetCursorPos
ScreenToClient
PtInRect
GetFocus
GetWindowPlacement
EnumThreadWindows
CallWindowProcA
AdjustWindowRectEx
CreateWindowExA
GetWindowDC
GetWindowInfo
GetDesktopWindow
SetWindowPos
InvalidateRect
PostQuitMessage
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetClassNameA
SendMessageA
SetWindowTextA
GetClientRect
GetWindowRect
IsIconic
DestroyWindow
ShowWindow
GetDC
ReleaseDC
PostThreadMessageA
SetWindowLongA
GetWindowLongA

gdi32

CreateDIBSection
BitBlt
GdiFlush
CreateRectRgn
SelectClipRgn
GetDeviceCaps
SelectObject
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap

shell32

DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteA

Exports

Exports

cleanup__0
flash_call__3
flash_destroy__1
flash_get_attribute__2
flash_new__1
flash_on_call__3
flash_set_attribute__3
flash_start__1
initialize__1
is_main_thread__0
loop__0
loop_exit__0
msghook_get_cdata__1
msghook_get_param1__1
msghook_get_param2__1
msghook_set_c_callback__2
msghook_set_cdata__2
msghook_set_n_callback__2
plugin_file_version__1
stream_bytes__4
stream_char__2
stream_close__2
stream_size__2
sync_call__1
window_add_message_hook__3
window_create__4
window_destroy__1
window_drag__1
window_get_handle__1
window_get_prop__2
window_on_close__2
window_on_destroy__2
window_on_filesdropped__2
window_on_maximize__2
window_on_minimize__2
window_on_restore__2
window_on_rightclick__2
window_remove_message_hook__2
window_resize__2
window_set_prop__3
window_set_title__2
window_show__2

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/systools.ndll
.dll windows:4 windows x86 arch:x86

738e3cdc0b0ba92d59bf96e97bd83690

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\systools\bin\win\systools.pdb

Imports

neko

neko_alloc_object
neko_alloc_field
neko_val_throw
neko_alloc_abstract
neko_val_id
neko_val_field
neko_alloc_array
neko_alloc_string
val_true
val_false
val_null

kernel32

SetStdHandle
GlobalUnlock
GlobalLock
GlobalAlloc
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
EndUpdateResourceA
UnmapViewOfFile
UpdateResourceA
BeginUpdateResourceA
GetLastError
WaitForSingleObject
CreateProcessA
GetShortPathNameA
GetTempPathA
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetLocaleInfoA
MultiByteToWideChar
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
RtlUnwind
InitializeCriticalSection
GetSystemTimeAsFileTime
GetConsoleOutputCP
WriteConsoleW
HeapCreate
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

SetClipboardData
CloseClipboard
EmptyClipboard
GetSystemMetrics
WaitForInputIdle
GetAsyncKeyState
LoadImageA
SetMenu
GetCursorPos
TrackPopupMenu
InsertMenuA
InsertMenuItemA
DestroyMenu
CreatePopupMenu
CreateMenu
DestroyIcon
ChangeDisplaySettingsExA
MessageBoxA
GetClipboardData
OpenClipboard

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

Shell_NotifyIconA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

Exports

Exports

browser_launch__1
clipboard_clear__0
clipboard_get_text__0
clipboard_set_text__1
dialogs_dialog_box__3
dialogs_folder__2
dialogs_message_box__3
dialogs_open_file__3
dialogs_save_file__3
display_is_mode_supported__3
display_set_default_mode__0
display_set_mode__3
fileutils_get_temp_folder__0
get_screen_size__0
misc_get_key_state__1
registry_delete_key__2
registry_get_value__3
registry_set_value__4
systray_create_icon__3
systray_destroy_icon__1
systray_menu_callback__0
win_add_menu_divider__2
win_add_menu_item__3
win_add_menu_submenu__4
win_create_process__5
win_destroy_menu__1
win_destroy_tray_icon__1
win_menu_create__0
win_popup_menu_create__0
win_replace_exe_icon__2
win_show_menu__2
win_show_popup_menu__2

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player/zlib.ndll
.dll windows:4 windows x86 arch:x86

8f74537a9fb49742134c1346bd7299cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Prog\lang\neko\libs\zlib\Release\zlib.pdb

Imports

neko

neko_alloc_field
val_false
val_true
neko_alloc_abstract
val_null
neko_k_int32
neko_alloc_buffer
neko_buffer_append
neko_val_buffer
buffer_append_char
neko_buffer_to_string
neko_val_gc
neko_val_throw
neko_alloc_object
neko_val_id

msvcrt

_adjust_fdiv
_initterm
malloc
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

__neko_entry_point
deflate_bound__2
deflate_buffer__5
deflate_end__1
deflate_init__1
get_adler32__1
inflate_buffer__5
inflate_end__1
inflate_init__1
set_flush_mode__2
update_adler32__4
update_crc32__4

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
speext.dat
ver.xml
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

dc4f0373251b590ad9fa18f6ff3279b8

Headers

File Characteristics

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1000KB - Virtual size: 997KB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 36KB - Virtual size: 54KB

.tls
Size: 4KB - Virtual size: 12B

.rsrc
Size: 316KB - Virtual size: 312KB

.text
Size: 4KB - Virtual size: 42B

.rdata
Size: 4KB - Virtual size: 216B

.data
Size: - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 48B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 4KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate