Casio fx-570VN PLUS[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Casio fx-570VN PLUS.zip
Size

7.4MB
MD5

d0e45202da27752bc64f82b92239da33
SHA1

0bf0ff01d2ea1ddd0e7c3c87173903e94d08a816
SHA256

03f386375ad0b812cd17035d4b7b6df261105f7386e166a2ff1222695e14163c
SHA512

a87bbad7bc13740abc6b17db983268e24391f50c7c09a69dade5c7a6a985bade51b283ef11d916620f75cff86ef7122c5d8c0a04e33bd1979f1b196b6530d69b
SSDEEP

196608:H4HiawFdic2rw4yXmleyDfpvK1w06QDB2eo5bfOX:H7awPiHM4esfmwKIeWbfk

Score

5^/10

pdf

Malware Config

Signatures

Malformed data in PDF
A PDF can contain malformed data to evade detection
pdf

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Casio fx-570VN PLUS/Casio fx570vn plus.exe
unpack001/Casio fx-570VN PLUS/SimU8.dll
unpack001/Casio fx-570VN PLUS/SimU8engine.dll
unpack001/Casio fx-570VN PLUS/fxESPLUS_P21.dll

Files

Casio fx-570VN PLUS.zip
.zip
Casio fx-570VN PLUS/Casio fx570vn plus.exe
.exe windows:5 windows x86 arch:x86

d1ab804279b47e8dd7c6a2ccb739082d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fxesplus_p21

ord12
ord14
ord17
ord15
ord9
ord8
ord7
ord1
ord16
ord11
ord5
ord2
ord10
ord6
ord4
ord3

simu8

SetDataMemorySize
SetRomWindowSize
SetCodeMemoryDefaultCode
SetCallbackFunc
SetWait
SetCodeMemorySize
SimStart
SimReset
WriteBitDataMemory
WriteCodeMemory
SetMemoryModel
SetInterruptTable
SimStop
WriteDataMemory
ReadDataMemory

iphlpapi

GetAdaptersAddresses

mfc100u

ord1986
ord1895
ord12753
ord7616
ord850
ord1592
ord345
ord923
ord11021
ord11235
ord13047
ord4360
ord3261
ord4805
ord6140
ord8346
ord9328
ord5118
ord11845
ord11209
ord11240
ord9498
ord7391
ord4086
ord11236
ord11228
ord5261
ord3416
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord10058
ord8179
ord2614
ord5264
ord285
ord2629
ord11838
ord3410
ord2620
ord1479
ord1476
ord6358
ord6719
ord404
ord965
ord10019
ord8349
ord9329
ord3413
ord13804
ord13950
ord13939
ord13962
ord13743
ord14216
ord13738
ord14129
ord12886
ord12684
ord2504
ord4981
ord5538
ord8220
ord3421
ord10067
ord10296
ord8334
ord11706
ord4950
ord11509
ord14211
ord8615
ord2375
ord11880
ord1990
ord3670
ord3623
ord13309
ord4764
ord4755
ord9496
ord14130
ord13890
ord13891
ord13870
ord13901
ord13871
ord6655
ord6865
ord886
ord1288
ord11115
ord8481
ord8598
ord8073
ord5295
ord7973
ord423
ord981
ord4197
ord8363
ord2338
ord6155
ord11210
ord11080
ord2418
ord12610
ord5558
ord7474
ord10305
ord10308
ord8640
ord8655
ord8645
ord9075
ord9080
ord8657
ord10160
ord9562
ord8063
ord10750
ord10164
ord8151
ord10185
ord9139
ord9140
ord4138
ord845
ord6344
ord1956
ord1957
ord12783
ord4758
ord12785
ord12321
ord4759
ord12786
ord12322
ord7006
ord12413
ord6374
ord6723
ord433
ord987
ord11094
ord8313
ord10557
ord8350
ord5275
ord12554
ord8374
ord2216
ord3993
ord11168
ord11073
ord7384
ord2766
ord7559
ord4444
ord4445
ord5469
ord11404
ord1529
ord12563
ord5280
ord12561
ord5279
ord10447
ord5296
ord7986
ord8485
ord10804
ord10799
ord4756
ord3407
ord4084
ord10511
ord9470
ord6172
ord2220
ord3996
ord6190
ord6179
ord7528
ord1313
ord6615
ord897
ord1244
ord6870
ord6633
ord3763
ord2844
ord8273
ord1266
ord5855
ord7929
ord788
ord1212
ord11999
ord12186
ord12871
ord4356
ord341
ord919
ord7176
ord1292
ord890
ord6869
ord9235
ord9232
ord280
ord1310
ord3846
ord1312
ord3495
ord3428
ord1298
ord11982
ord2184
ord945
ord374
ord2185
ord5862
ord3446
ord4290
ord1987
ord5799
ord11123
ord10412
ord3627
ord2981
ord2980
ord2756
ord5556
ord12606
ord2887
ord2884
ord7385
ord2417
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord11081
ord3402
ord10937
ord13380
ord8112
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord11116
ord3491
ord2952
ord2951
ord2852
ord11159
ord4642
ord4923
ord5115
ord8483
ord4901
ord5143
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9333
ord8347
ord5828
ord8509
ord8599
ord11163
ord4355
ord13391
ord12948
ord3397
ord1944
ord13181
ord4359
ord2188
ord1905
ord3482
ord5900
ord3754
ord7903
ord12951
ord7618
ord296
ord9525
ord6711
ord948
ord381
ord1440
ord7914
ord12801
ord265
ord12153
ord902
ord2062
ord286
ord1270
ord869
ord266
ord2089
ord1934
ord2064
ord1300
ord11085

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memset
__CxxFrameHandler3
memcpy
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_wtoi
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncpy_s
_itoa_s
strcpy_s
strncpy_s
wcscat_s
swprintf_s
_purecall
memcpy_s
wcscpy_s
_CxxThrowException

kernel32

GlobalLock
GlobalReAlloc
WideCharToMultiByte
GetLastError
FormatMessageW
CreateMutexW
GlobalUnlock
GlobalFree
InterlockedIncrement
InterlockedDecrement
Sleep
MultiByteToWideChar
lstrlenW
CloseHandle
GetTempPathW
CreateFileW
WriteFile
GetFileSize
GetCurrentThreadId
ReadFile
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GlobalAlloc

user32

DeleteMenu
GetParent
GetFocus
SetFocus
ModifyMenuW
GetKeyState
LoadCursorW
SetCursor
GetSystemMetrics
SetForegroundWindow
FindWindowW
MessageBoxW
LoadMenuW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadBitmapW
EnableWindow
UpdateWindow
GetClientRect
GetWindowRect
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
GetSubMenu
SendMessageW
RegisterClipboardFormatW
SetRect

gdi32

EnumFontsW
PatBlt
CreateCompatibleBitmap
BitBlt
SelectObject
DeleteDC
CreateFontIndirectW
SetBitmapBits
GetBitmapBits
CreateCompatibleDC
DeleteObject
GetObjectW
GetDeviceCaps
GetTextExtentPoint32W
StretchBlt
CreateSolidBrush

advapi32

RegQueryValueExW
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyKey
CryptGenKey
CryptGetUserKey
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Casio fx-570VN PLUS/SimU8.dll
.dll windows:5 windows x86 arch:x86

1a3ad58d46d06cc79321d1a92e475ad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

simu8engine

?m_CheckInterrupt@CSimU8core@@QAEHXZ
?m_Execute@CSimU8core@@QAEHXZ
?m_SetInterruptTable@CSimU8core@@QAEHEPAU_SIMU8_INTERRUPT_TABLE@@@Z
?m_SetMemoryModel@CSimU8core@@QAEHE@Z
?m_GetCount@CSimU8core@@QAEHPAI@Z
?m_ReadCodeMemory@CSimU8core@@QAEHIIPAE@Z
?m_LogStop@CSimU8core@@QAEHXZ
?m_LogStart2@CSimU8core@@QAEHPBD@Z
?m_LogStart@CSimU8core@@QAEHXZ
?m_WriteReg@CSimU8core@@QAEHEI@Z
?m_ReadReg@CSimU8core@@QAEHEPAI@Z
?m_WriteBitDataMemory@CSimU8core@@QAEHIEE@Z
?m_WriteDataMemory@CSimU8core@@QAEHIIPAE@Z
?m_ReadDataMemory@CSimU8core@@QAEHIIPAE@Z
?m_WriteCodeMemory@CSimU8core@@QAEHIIPAE@Z
?m_SimReset@CSimU8core@@QAEHXZ
?m_LoadHexFile@CSimU8core@@QAEHPBD@Z
?m_SetCodeMemoryDefaultCode@CSimU8core@@QAEHG@Z
?m_SetRomWindowSize@CSimU8core@@QAEHII@Z
?m_SetDataMemorySize@CSimU8core@@QAEHII@Z
?m_SetCodeMemorySize@CSimU8core@@QAEHII@Z
??1CSimU8core@@UAE@XZ
??0CSimU8core@@QAE@XZ

kernel32

SetStdHandle
GetFileType
HeapCreate
HeapDestroy
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoW
IsValidCodePage
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
GetCommandLineA
DecodePointer
EncodePointer
RaiseException
RtlUnwind
HeapAlloc
HeapFree
FindResourceExW
GetUserDefaultLCID
VirtualProtect
GetNumberFormatA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
GetCPInfo
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
lstrcpyA
DeleteFileA
LoadLibraryW
InterlockedIncrement
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
GlobalFlags
MulDiv
GetCurrentDirectoryA
SetErrorMode
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalUnlock
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GlobalAddAtomA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
GetModuleHandleA
SuspendThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
GetProcAddress
FreeLibrary
ResumeThread
SetEvent
SetLastError
ResetEvent
WaitForSingleObject
OpenFileMappingA
CreateFileMappingA
GetLastError
MapViewOfFile
InterlockedExchange
Sleep
OpenEventA
CreateEventA
UnmapViewOfFile
CloseHandle
TerminateProcess

user32

GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetIconInfo
GetDoubleClickTime
CharUpperBuffA
CopyIcon
RegisterClipboardFormatA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
RedrawWindow
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
IntersectRect
DestroyMenu
GetMenuItemInfoA
InflateRect
CharUpperA
DestroyIcon
IsIconic
ShowWindow
MoveWindow
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
wsprintfA
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetSysColorBrush
LoadCursorA
GetClassInfoA
DefWindowProcA
MapWindowPoints
GetClientRect
LoadCursorW
SetLayeredWindowAttributes
GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoA
GetMonitorInfoA
SetRectEmpty
CopyRect
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetMenuStringA
AppendMenuA
GetMenuItemID
GetSubMenu
RemoveMenu
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
ShowOwnedPopups
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
UnhookWindowsHookEx
UnregisterClassA
DeleteMenu
GetMenuItemCount
InsertMenuA
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ScreenToClient
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSysColor
MonitorFromPoint

gdi32

Polyline
Ellipse
Polygon
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
CreateEllipticRgn
SetPaletteEntries
EnumFontFamiliesExA
GetBkColor
GetTextFaceA
SetPixelV
CreateDIBSection
ExtFloodFill
GetTextColor
CreatePolygonRgn
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextExtentPoint32A
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectA
SetTextColor
SetROP2
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
CreateDIBitmap
CreateDCA
CopyMetaFileA
CreateHatchBrush
CreateSolidBrush
CreatePen
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
CreateRoundRectRgn

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegEnumValueA

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
SHAppBarMessage
ShellExecuteA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantInit

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Exports

Exports

GetCount
LoadHexFile
LogStart
LogStart2
LogStop
ReadCodeMemory
ReadDataMemory
ReadReg
SetCallbackFunc
SetCodeMemoryDefaultCode
SetCodeMemorySize
SetDataMemorySize
SetInterruptTable
SetMemoryModel
SetRomWindowSize
SetWait
SimReset
SimStart
SimStop
WriteBitDataMemory
WriteCodeMemory
WriteDataMemory
WriteReg

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Casio fx-570VN PLUS/SimU8engine.dll
.dll windows:5 windows x86 arch:x86

b7d32697d5928edd6b9955605be1a532

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100

ord11297
ord13310
ord265
ord11274
ord2056
ord6010
ord2063
ord1929
ord13329
ord408
ord2050
ord1294
ord310
ord10915
ord5215
ord11318
ord2617
ord316
ord1948
ord4283
ord1448
ord1982
ord1316
ord1483
ord320
ord901
ord868
ord266
ord2061
ord5207
ord1437
ord2076
ord1266
ord1296

msvcr100

_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
isdigit
toupper
strcpy_s
_exit
exit
isxdigit
memcpy_s
memset
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal

kernel32

DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
EncodePointer

msvcp100

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

Exports

Exports

??0CSimU8core@@QAE@XZ
??1CSimU8core@@UAE@XZ
??_7CSimU8core@@6B@
?AnalyzeInputHexFile@CSimU8core@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?AnalyzeIntelHex@CSimU8core@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?CheckIntelHexCheckSum@CSimU8core@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetSimRun@CSimU8core@@QAEEXZ
?InitSetting@CSimU8core@@QAEXXZ
?InputFileClassify@CSimU8core@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AA_K1@Z
?IsRomWinRange@CSimU8core@@QAE_NI@Z
?ReadDMemory@CSimU8core@@QAEHIPAE@Z
?ReadWordDMemory@CSimU8core@@QAEHIPAG@Z
?StrToByte@CSimU8core@@QAEEAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?StrToWord@CSimU8core@@QAEGAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?WriteDMemory@CSimU8core@@QAEHIE@Z
?WriteWordDMemory@CSimU8core@@QAEHIG@Z
?instCalc@CSimU8core@@QAEXEEE@Z
?instCalcErm@CSimU8core@@QAEXEEE@Z
?instCalcImm7@CSimU8core@@QAEXEEE@Z
?instShift@CSimU8core@@QAEXEEE@Z
?m_CheckInterrupt@CSimU8core@@QAEHXZ
?m_Execute@CSimU8core@@QAEHXZ
?m_GetCount@CSimU8core@@QAEHPAI@Z
?m_GetDSR@CSimU8core@@QAEEXZ
?m_GetDsrPrefix@CSimU8core@@QAEEXZ
?m_LoadHexFile@CSimU8core@@QAEHPBD@Z
?m_LogStart2@CSimU8core@@QAEHPBD@Z
?m_LogStart@CSimU8core@@QAEHXZ
?m_LogState@CSimU8core@@QAEHXZ
?m_LogStop@CSimU8core@@QAEHXZ
?m_ReadCodeMemory@CSimU8core@@QAEHIIPAE@Z
?m_ReadDataMemory@CSimU8core@@QAEHIIPAE@Z
?m_ReadReg@CSimU8core@@QAEHEPAI@Z
?m_SetCodeMemoryDefaultCode@CSimU8core@@QAEHG@Z
?m_SetCodeMemorySize@CSimU8core@@QAEHII@Z
?m_SetDSR@CSimU8core@@QAEXE@Z
?m_SetDataMemorySize@CSimU8core@@QAEHII@Z
?m_SetDsrPrefix@CSimU8core@@QAEXE@Z
?m_SetInterruptTable@CSimU8core@@QAEHEPAU_SIMU8_INTERRUPT_TABLE@@@Z
?m_SetMemoryModel@CSimU8core@@QAEHE@Z
?m_SetRomWindowSize@CSimU8core@@QAEHII@Z
?m_SimReset@CSimU8core@@QAEHXZ
?m_WriteBitDataMemory@CSimU8core@@QAEHIEE@Z
?m_WriteCodeMemory@CSimU8core@@QAEHIIPAE@Z
?m_WriteDataMemory@CSimU8core@@QAEHIIPAE@Z
?m_WriteReg@CSimU8core@@QAEHEI@Z

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Casio fx-570VN PLUS/Support/ES03.TTF
Casio fx-570VN PLUS/Support/Readme.txt
Casio fx-570VN PLUS/Support/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

Actual PE Digest

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Casio fx-570VN PLUS/fx-570VN PLUS.pdf
.pdf
Casio fx-570VN PLUS/fxESPLUS_P21.dll
.dll windows:5 windows x86 arch:x86

24a93cd5d1202a8baf8402ca5e2968fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Usr\開発\VS2010\U8Emu\Gy478_PCemu\Release__570VN\fxESPLUS_P21.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
GetLastError
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
GetSystemTimeAsFileTime
EncodePointer

user32

LoadBitmapW

gdi32

DeleteObject
GetObjectW

msvcr100

_lock
_onexit
_except_handler4_common
__dllonexit
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
wcscpy_s
_unlock

Exports

Exports

GetDisplayPosition
GetFaceSize
GetFrameCutSize
GetKeyCount
GetKeyInfo
GetKeyboardInfo
GetKeylogCharcterW
GetKeylogFontA
GetKeylogFontW
GetKeylogStringCW
GetKeylogStringW
GetSymbolPosition
InitWinData
IsAcKeyCode
IsOnKeyCode
LoadBitmapData
LoadKeyBitmapData

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1ab804279b47e8dd7c6a2ccb739082d

Headers

DLL Characteristics

File Characteristics

Imports

fxesplus_p21

simu8

iphlpapi

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 525KB - Virtual size: 525KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 735KB - Virtual size: 734KB

.reloc Size: 24KB - Virtual size: 23KB

1a3ad58d46d06cc79321d1a92e475ad5

Headers

DLL Characteristics

File Characteristics

Imports

simu8engine

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 23KB - Virtual size: 56KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 162KB - Virtual size: 162KB

b7d32697d5928edd6b9955605be1a532

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

msvcp100

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

.text
Size: 525KB - Virtual size: 525KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 735KB - Virtual size: 734KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 23KB - Virtual size: 56KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 162KB - Virtual size: 162KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 4.8MB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 3KB - Virtual size: 3KB