bdc62f758022ed765f9b2435ca4ca280_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bdc62f758022ed765f9b2435ca4ca280_JaffaCakes118
Size

1.5MB
MD5

bdc62f758022ed765f9b2435ca4ca280
SHA1

dffa990417808cfe0871d21a0daf00ae084271b3
SHA256

965c03c1440a12d996905d6c365b4aac7ba463e5a7b3add65be68ec6af460993
SHA512

9aa7b1cf99b9c7af71404fe10a20dbe1a6786aed462304bc02fc1112b16b5cee714cb2cb3fee8b9a5f67da9133a287ff0f15f6f30de1feaab4ecf1b2e1af1a04
SSDEEP

49152:NYOYs+LmEN4Y+BoCcLapGQl31u0s/6i0SaxO7Qt9tk:WOYs+/N4TcLwGQl1uN/oSaxOMt9tk

Score

3^/10

Malware Config

Signatures

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

resource
unpack001/virussign.com_0532721416019225b0b3b38c22ed6196
unpack001/virussign.com_05f7f56a545e52ac853f988629953034
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/ProcDll.dll
unpack001/virussign.com_05feb66af4b599544ec30d35c4b208e2
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack001/virussign.com_06063b4bc5d2171ba7c4c8f78dbd6b39
unpack001/virussign.com_28aa9bb3da4444f3714dd50d126f058e
unpack001/virussign.com_2b58a1c5a7b7c67361923e63dd9afbf9
unpack001/virussign.com_2f8700ff031cb55352593b15ce1c6de6
unpack001/virussign.com_32d34d016f811a09e453dd6026de957c
unpack001/virussign.com_37b2b3bc9a3e0eaa8f63475d1594aa63
unpack001/virussign.com_387a46d6d648a83761497a71ed16e848
unpack001/virussign.com_3b5751e80475d7f0256909c120c6d0ad
unpack001/virussign.com_4a88d1db50eb7ff5eceb056b82a36287
unpack001/virussign.com_5bead59d62f321d368bcdc1cfaa4c414
unpack001/virussign.com_6173cd79de158594e52a6aacbc1bcb86
unpack001/virussign.com_62d6c2d0f9e6e236359572e3b8df0f22
unpack001/virussign.com_84e00997143d5b4c6bb11f05cc43ab56
unpack001/virussign.com_8e049e49ffcde7d37069988b02bda790
unpack001/virussign.com_960463f301d11e5054dfa5a10f2c4259
unpack001/virussign.com_aef3c258ccf50a0b0168ee3bd78fb341
unpack001/virussign.com_b048d883ededcd5dfe4bf59623e39c0e
unpack001/virussign.com_be17feb99c7f72d9cf679e1cef5ae943
unpack001/virussign.com_c389341e0dc438eafe123f9e62762beb
unpack001/virussign.com_c7e74f41ae82041fa11f30d340419432
unpack001/virussign.com_cf174115ee8f8988040bb0938655425e
unpack001/virussign.com_cff3dea48c44577316e8e981a945d900
unpack001/virussign.com_d23ff45d9af7e5e10bcf73d28bebfb3b
unpack001/virussign.com_d5e652ce82e8ec6eacf8d83ee210a81f
unpack001/virussign.com_e71dd4679481f780521e7ad07bf7bdfa
unpack001/virussign.com_fae608cd6ea7c2207c30f1e4daa4cd11

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/virussign.com_05feb66af4b599544ec30d35c4b208e2	nsis_installer_1

Files

bdc62f758022ed765f9b2435ca4ca280_JaffaCakes118
.rar
virussign.com_0532721416019225b0b3b38c22ed6196
.exe windows:4 windows x86 arch:x86

89f80dc11d8b77aa9859a13b7977c203

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\java\java\obj\java.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA

kernel32

GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
FormatMessageA
GetLastError
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetCommandLineA
GetExitCodeThread
GetProcAddress
LoadLibraryA
FindFirstFileA
FindNextFileA
FindClose
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ExitThread
GetCurrentThreadId
CreateThread
GetFileAttributesA
GetVersionExA
HeapAlloc
HeapReAlloc
HeapFree
DeleteCriticalSection
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
ReadFile
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
FlushFileBuffers
SetEnvironmentVariableA
SetEnvironmentVariableW
UnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
VirtualAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
SetFilePointer
InitializeCriticalSection
RtlUnwind
HeapSize
InterlockedExchange
CompareStringA
CompareStringW
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_05f7f56a545e52ac853f988629953034
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 964KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ProcDll.dll
.dll windows:4 windows x86 arch:x86

6fc127ddc1f903ae92e3e32f5c32ec1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\工作\Proj\trunk\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetLongPathNameW
TerminateProcess
WaitForSingleObject
Sleep
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
DebugBreak
OutputDebugStringW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateThread
GetCurrentThreadId
DuplicateHandle
GetCurrentProcessId
QueryDosDeviceW
TerminateThread
VirtualFree
VirtualAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
RaiseException
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
WideCharToMultiByte
GlobalAlloc
lstrcpyW
GlobalFree
LoadLibraryW
GetLastError
DeviceIoControl
lstrlenA
MultiByteToWideChar
FreeLibrary
GetFileAttributesW
GetVersionExW
CreateFileW
InterlockedDecrement
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcmpiW
lstrcpynW
OpenProcess
TlsGetValue
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetProcessHeap
GetCommandLineA
ResumeThread
ExitThread
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetLocaleInfoA
CloseHandle
GetUserDefaultLCID
GetACP
InterlockedExchange
InterlockedCompareExchange

user32

GetDesktopWindow
wsprintfW
EnumChildWindows
PostMessageW
IsWindow
GetClassNameW
GetWindowLongW
GetWindowThreadProcessId
LoadStringW
EnumWindows
GetWindowTextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
TranslateMessage
DispatchMessageW
GetMessageW
IsDialogMessageW
DestroyWindow
RedrawWindow
SetWindowLongW
CallWindowProcW
BeginPaint
EndPaint
DialogBoxParamW
CharNextW
EndDialog
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
UnregisterClassA

gdi32

SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
CreateSolidBrush

advapi32

RegDeleteKeyW
LookupPrivilegeValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

Exports

Exports

CheckInstallType
CheckModuleUsing
CheckSSOUsing
CreatePath
Destroy
FreeTXSSOModuleExistResult
GetAppDataPath
GetUserGUID
HasUserAborted
IsProcRunning
KillAllProcUsingSSO
KillProcByID
KillProcRunning
OpenFirewall
ParseCmdLine
RemoveFirewall
SetCompletionRate
SetInstallProgress
Show
ShowMsgBox
Update
getWindow

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioC.ini
$PLUGINSDIR/modern-header.bmp
virussign.com_05feb66af4b599544ec30d35c4b208e2
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
virussign.com_06063b4bc5d2171ba7c4c8f78dbd6b39
.exe windows:4 windows x86 arch:x86

9c4337b595f9ac86d42c0f7e41520665

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenDevRegKey
SetupCopyOEMInfA
SetupOpenInfFileA
SetupCloseInfFile
SetupGetTargetPathA
SetupFindNextLine
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInfoListDetailA
CM_Get_DevNode_Status_Ex
SetupGetStringFieldA
SetupFindFirstLineA

newdev

UpdateDriverForPlugAndPlayDevicesA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GlobalFlags
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
WritePrivateProfileStringA
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetProcessHeap
GetStartupInfoA
RaiseException
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetModuleHandleA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
CreateThread
lstrcpyA
SetFileAttributesA
DeleteFileA
FindFirstFileA
FindClose
FindNextFileA
GetModuleFileNameA
GlobalAlloc
GlobalFree
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetCurrentProcess
Sleep
CreateFileA
WriteFile
CloseHandle
GetWindowsDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
LocalAlloc
GetVersionExA
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
HeapAlloc

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
SetCapture
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
DestroyMenu
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
CharUpperA
DrawIcon
SendMessageA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
IsIconic
GetClientRect
LoadIconA
EnableWindow
GetSystemMetrics
MessageBoxA
SetCursor
LoadCursorA
ExitWindowsEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
SHDeleteKeyA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleFlushClipboard
CoRegisterMessageFilter
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_28aa9bb3da4444f3714dd50d126f058e
.exe windows:4 windows x86 arch:x86

f23435b6dd3be7801d22b910b600536c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\javacplexec\obj\javacpl.pdb

Imports

user32

LoadStringA
MessageBoxA
wsprintfA

msvcr71

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_local_unwind2
_except_handler3
__p__commode

kernel32

GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetLastError
CloseHandle
FormatMessageA
lstrcatA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVersionExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_2b58a1c5a7b7c67361923e63dd9afbf9
.exe windows:6 windows x86 arch:x86

8ce188e416670c450b6620c925728d8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extexport.pdb

Imports

kernel32

GetModuleFileNameW
GetVersionExA
OpenEventW
WaitForSingleObject
GetModuleHandleW
CreateDirectoryW
MoveFileW
LocalFree
LocalAlloc
DeleteFileW
EnumUILanguagesW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
FreeLibrary
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
lstrcmpW
WriteFile
LoadLibraryExW
lstrlenW
LoadLibraryW
GetProcAddress
UnhandledExceptionFilter

msvcrt

_exit
_cexit
__getmainargs
_XcptFilter
free
exit
_initterm
_amsg_exit
wcschr
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_vsnwprintf
memset
?terminate@@YAXXZ
_controlfp

shlwapi

PathFileExistsW
StrStrW
PathFindFileNameW
ord158
StrCmpNW
ord215

advapi32

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

LoadStringW
GetSystemMetrics

shell32

SHSetLocalizedName
SHGetFolderPathAndSubDirW

iertutil

ord675
ord672

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_2f8700ff031cb55352593b15ce1c6de6
.dll windows:5 windows x86 arch:x86

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d8thk.pdb

Imports

gdi32

DdEntry1
DdEntry2
DdEntry3
DdEntry5
DdEntry4
DdEntry7
DdEntry8
DdEntry9
DdEntry10
DdEntry11
DdEntry13
DdEntry12
DdEntry14
DdEntry17
DdEntry15
DdEntry18
DdEntry16
DdEntry50
DdEntry19
DdEntry20
DdEntry21
DdEntry24
DdEntry22
DdEntry23
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry30
DdEntry31
DdEntry6
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry37
DdEntry36
DdEntry38
DdEntry39
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_32d34d016f811a09e453dd6026de957c
.dll windows:5 windows x86 arch:x86

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d8thk.pdb

Imports

gdi32

DdEntry1
DdEntry2
DdEntry3
DdEntry5
DdEntry4
DdEntry7
DdEntry8
DdEntry9
DdEntry10
DdEntry11
DdEntry13
DdEntry12
DdEntry14
DdEntry17
DdEntry15
DdEntry18
DdEntry16
DdEntry50
DdEntry19
DdEntry20
DdEntry21
DdEntry24
DdEntry22
DdEntry23
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry30
DdEntry31
DdEntry6
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry37
DdEntry36
DdEntry38
DdEntry39
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_37b2b3bc9a3e0eaa8f63475d1594aa63
.dll windows:5 windows x86 arch:x86

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d8thk.pdb

Imports

gdi32

DdEntry1
DdEntry2
DdEntry3
DdEntry5
DdEntry4
DdEntry7
DdEntry8
DdEntry9
DdEntry10
DdEntry11
DdEntry13
DdEntry12
DdEntry14
DdEntry17
DdEntry15
DdEntry18
DdEntry16
DdEntry50
DdEntry19
DdEntry20
DdEntry21
DdEntry24
DdEntry22
DdEntry23
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry30
DdEntry31
DdEntry6
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry37
DdEntry36
DdEntry38
DdEntry39
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_387a46d6d648a83761497a71ed16e848
.exe windows:6 windows x86 arch:x86

0f2cbea041013d5f4f5d13124622d4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Ieudinit.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

kernel32

GetModuleFileNameW
GetVersionExW
GetLastError
SetFileAttributesW
GetFileAttributesW
CompareStringW
lstrlenW
FlushFileBuffers
WriteFile
GetTimeFormatW
GetDateFormatW
GetLocalTime
ExpandEnvironmentStringsW
lstrcmpiW
RemoveDirectoryW
DeleteFileW
CloseHandle
SetFilePointer
CreateFileW
GetTempPathW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
LocalAlloc
LocalFree
GetNativeSystemInfo
SearchPathW
FindResourceW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FindResourceExW
LoadResource
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId

user32

LoadStringW

msvcrt

_vsnwprintf
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp
?terminate@@YAXXZ
memcpy
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsicmp
_wcsnicmp
bsearch

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify

shlwapi

PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_3b5751e80475d7f0256909c120c6d0ad
.dll regsvr32 windows:5 windows x86 arch:x86

f809aa346ace640853f4b5e9f8577e54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olepro32.pdb

Imports

user32

CreateIcon
GetSysColor
WinHelpW
IsWindow
EnableWindow
GetMessageA
GetMessageW
TranslateMessage
DispatchMessageW
DispatchMessageA
PostMessageW
PostQuitMessage
GetActiveWindow
SetActiveWindow
SetFocus
DestroyWindow
CreateCursor
wsprintfA
GetTopWindow
IsWindowUnicode
GetClientRect
GetDialogBaseUnits
GetDC
ReleaseDC
GetWindowLongW
CharNextA
GetWindowTextA
CharLowerA
GetParent
SendMessageW
GetFocus
GetDlgItem
GetKeyState
DrawIcon
GetSystemMetrics
SetWindowLongW
GetIconInfo
DestroyIcon
CopyIcon
CopyImage
RegisterClipboardFormatA
wsprintfW

gdi32

SaveDC
SetDIBits
SetBitmapBits
EnumFontFamiliesExW
GetTextFaceW
CreateHalftonePalette
Escape
CreateDIBSection
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
DeleteEnhMetaFile
DeleteMetaFile
PlayMetaFileRecord
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
CreateFontIndirectW
CreateFontIndirectA
GetDeviceCaps
DeleteObject
GetTextExtentPointA
GetTextMetricsW
SelectObject
GetPaletteEntries
PatBlt
CreateBitmap
SetMetaFileBitsEx
GetBitmapDimensionEx
GetObjectW
GetEnhMetaFileHeader
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
GetWinMetaFileBits
SetViewportExtEx
CreateDIBitmap

kernel32

IsDBCSLeadByte
FreeLibrary
MulDiv
LockResource
LoadResource
FindResourceW
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalDeleteAtom
GlobalAddAtomW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetVersion
GetSystemDirectoryA
GetLastError
LoadLibraryA
WideCharToMultiByte

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyA
RegSetValueA
RegQueryValueW
RegFlushKey
RegOpenKeyA

msvcrt

_adjust_fdiv
??1type_info@@UAE@XZ
malloc
?terminate@@YAXXZ
wcslen
wcscpy
wcsrchr
??3@YAXPAX@Z
wcsncat
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
_except_handler3
_initterm
free
calloc
_wcslwr
wcscmp
_wcsicmp
wcsncpy
_CIfmod

ole32

StgCreateDocfile
StringFromGUID2
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoCreateInstance
CoGetMalloc

oleaut32

LoadTypeLi
VariantInit
VariantClear
SysFreeString
SysAllocString
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
virussign.com_4a88d1db50eb7ff5eceb056b82a36287
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Subscribe

Sections

CODE
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_5bead59d62f321d368bcdc1cfaa4c414
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\sun.rmi.activation\rmid\obj\rmid.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_6173cd79de158594e52a6aacbc1bcb86
.exe windows:4 windows x86 arch:x86

9b9597cb993097e962ad1bbaf3813e99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

jtts_ma

jTTSSet2
jTTSEnd
jTTSPlay
jTTSSetPlay
jTTSInit
jTTSSetSerialNo
jTTSResume
jTTSPlayToFileEx
jTTSGetStatus
jTTSStop
jTTSPause

mfc42

ord4353
ord4407
ord5241
ord2385
ord5163
ord4078
ord1775
ord5280
ord3798
ord4837
ord4441
ord2648
ord6374
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord6376
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord5572
ord2915
ord6334
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord3081
ord5731
ord3922
ord2512
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord1200
ord2818
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord2725
ord858
ord3522
ord3521
ord6403
ord6402
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord2399
ord4387
ord3454
ord1089
ord6080
ord6175
ord4623
ord4426
ord338
ord4710
ord6052
ord4823
ord5836
ord5442
ord1979
ord3318
ord665
ord5186
ord354
ord4853
ord4613
ord1830
ord4239
ord3619
ord2400
ord5061
ord4938
ord4940
ord4629
ord4589
ord4897
ord5076
ord4341
ord4349
ord4723
ord4886
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord5240
ord5290
ord3748
ord1723
ord4432
ord5817
ord657
ord344
ord3663
ord3626
ord2414
ord5251
ord4891
ord4368
ord4586
ord1175
ord4278
ord3876
ord3874
ord3499
ord2515
ord355
ord793
ord616
ord1641
ord4455
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord3719
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord567
ord2358
ord2294
ord2362
ord2298
ord6646
ord2301
ord2302
ord6111
ord3092
ord4376
ord5265
ord2514
ord652
ord4998
ord6199
ord3198
ord4614
ord1576
ord1168

msvcrt

__setusermatherr
_initterm
__p__commode
__p__fmode
__set_app_type
__getmainargs
_adjust_fdiv
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
_acmdln
malloc
__dllonexit
_setmbcp
__CxxFrameHandler
free

kernel32

GlobalFree
GetModuleHandleA
GetStartupInfoA
GetACP
MultiByteToWideChar

user32

UpdateWindow
SetWindowTextW
SetWindowTextA
EnableWindow
SendMessageA

gdi32

CreateFontA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_62d6c2d0f9e6e236359572e3b8df0f22
.exe windows:5 windows x86 arch:x86

a550eebd0a120f8c1db3e340676cc7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\inter\auto_update\final_release_dx\$QQDancerUpdate.pdb

Imports

mfc90

ord595
ord4030
ord6584
ord2074
ord524
ord744
ord5167
ord4993
ord3987
ord1108
ord1137
ord5615
ord4617
ord5152
ord5309
ord1810
ord1809
ord1678
ord3663
ord6388
ord1755
ord2623
ord4331
ord1496
ord4650
ord2620
ord5497
ord6780
ord4589
ord5636
ord3732
ord5139
ord4688
ord1729
ord6446
ord958
ord963
ord5647
ord1497
ord6391
ord3346
ord796
ord1144
ord266
ord3344
ord265
ord967
ord965
ord969
ord2630
ord2635
ord2612
ord2616
ord2614
ord2633
ord1752
ord2618
ord2628
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord2610
ord5666
ord5668
ord5585
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord3135
ord4895
ord4668
ord3506
ord374
ord798
ord639
ord3579
ord341
ord617
ord4197
ord1098
ord6462
ord5552
ord2208
ord793
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord589
ord4952
ord4029
ord800
ord1276

msvcr90

_setmbcp
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
__CxxFrameHandler3
_purecall
memcpy
printf
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
sprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_vsnprintf
atoi
vsprintf
strcat
memset
fclose
strlen
fgets
feof
fopen
srand
_time32
_beginthread
free
malloc
strncpy
memmove_s
strcpy
rand
memmove
fopen_s
strcmp
atof
fprintf
fread
ftell
fseek
ferror
fputc
sscanf_s
_vsnprintf_s
isalpha
isalnum
isspace
strncmp
strchr
tolower
exit
_getpid
strncpy_s
_time64
memcmp
_splitpath_s
_mbsnbcat_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_beginthreadex

kernel32

GetCurrentDirectoryA
DeleteFileA
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenA
MultiByteToWideChar
WaitForSingleObject
CreateProcessA
SetEvent
OutputDebugStringA
TerminateThread
lstrcpynA
GetTickCount
ResetEvent
GetCurrentThreadId
GetModuleFileNameA
GetFileAttributesA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateEventA
GetLastError
CloseHandle
GetCurrentProcess
IsBadReadPtr
GetProcAddress
LoadLibraryA
TerminateProcess

user32

GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
SendMessageA
LoadIconA
EnableWindow
SetTimer

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ord17

shlwapi

wnsprintfA

ole32

CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitializeEx
CoFreeLibrary
CoLoadLibrary

oleaut32

SysAllocStringByteLen
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData

msvcp90

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?is_open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_84e00997143d5b4c6bb11f05cc43ab56
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\sun.rmi.activation\rmid\obj\rmid.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_8e049e49ffcde7d37069988b02bda790
.exe windows:4 windows x86 arch:x86

f23435b6dd3be7801d22b910b600536c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\javacplexec\obj\javacpl.pdb

Imports

user32

LoadStringA
MessageBoxA
wsprintfA

msvcr71

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_local_unwind2
_except_handler3
__p__commode

kernel32

GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetLastError
CloseHandle
FormatMessageA
lstrcatA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVersionExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_960463f301d11e5054dfa5a10f2c4259
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_aef3c258ccf50a0b0168ee3bd78fb341
.dll windows:5 windows x86 arch:x86

7b7ba07d02c2d411051f0feeef422944

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ws2_32.pdb

Imports

advapi32

RegNotifyChangeKeyValue
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

kernel32

GetTickCount
QueryPerformanceCounter
lstrcmpA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedCompareExchange
IsBadWritePtr
GetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
WaitForMultipleObjectsEx
ResetEvent
IsBadReadPtr
TlsSetValue
GetHandleInformation
ExpandEnvironmentStringsA
InterlockedExchange
GetCurrentThreadId
TlsAlloc
GetSystemInfo
HeapCreate
GetProcessHeap
HeapDestroy
TlsFree
lstrlenA
lstrcpyA
IsBadCodePtr
GetProcAddress
CreateEventA
GetModuleFileNameA
LoadLibraryA
CreateThread
FreeLibrary
WaitForSingleObject
CloseHandle
FreeLibraryAndExitThread
EnterCriticalSection
SetEvent
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SwitchToThread
SetLastError
DelayLoadFailureHook
TlsGetValue
InterlockedDecrement
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection

msvcrt

__isascii
isspace
_except_handler3
sprintf
_adjust_fdiv
malloc
_initterm
free
_stricmp
fclose
fgets
atoi
strchr
fopen
wcscpy
strtoul
wcscmp
wcslen
wcschr

ntdll

RtlIpv4StringToAddressW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressA

ws2help

WahCompleteRequest
WahQueueUserApc
WahEnableNonIFSHandleSupport
WahDisableNonIFSHandleSupport
WahCreateSocketHandle
WahNotifyAllProcesses
WahCreateNotificationHandle
WahWaitForNotification
WahOpenCurrentThread
WahCloseThread
WahInsertHandleContext
WahRemoveHandleContext
WahDestroyHandleContextTable
WahCreateHandleContextTable
WahEnumerateHandleContexts
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahOpenNotificationHandleHelper
WahOpenHandleHelper
WahOpenApcHelper
WahCloseSocketHandle
WahReferenceContextByHandle

Exports

Exports

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WEP
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
virussign.com_b048d883ededcd5dfe4bf59623e39c0e
.exe windows:4 windows x86 arch:x86

3bd3c8ab805e675e9ee8d991d6c37b33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\javaws\bin\javaws.pdb

Imports

kernel32

GetThreadLocale
WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar
ReadFile
CloseHandle
WaitForSingleObject
CreateProcessA
SetHandleInformation
CreatePipe
CreateDirectoryA
GetWindowsDirectoryA
FindClose
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
SetEnvironmentVariableW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryA
GetProcAddress
FindFirstFileA
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
GetTimeZoneInformation
FlushFileBuffers
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
InitializeCriticalSection
GetOEMCP
GetACP
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetLastError
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
WriteFile
SetStdHandle
SetHandleCount
GetStdHandle
GetFileAttributesA
SetEndOfFile
SetFilePointer
RtlUnwind
InterlockedExchange
VirtualQuery
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetLocaleInfoA
GetExitCodeProcess

user32

wsprintfA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassA
LoadCursorA
MessageBoxA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wsock32

listen
getsockname
accept
recv
bind
socket
ioctlsocket
htons
connect
send
WSAGetLastError
WSAStartup
closesocket
WSAAsyncSelect
ntohs

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_be17feb99c7f72d9cf679e1cef5ae943
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_c389341e0dc438eafe123f9e62762beb
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\Activation\com.sun.corba.se.impl.activation\servertool\obj\servertool.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_c7e74f41ae82041fa11f30d340419432
.exe windows:4 windows x86 arch:x86

d9daf48e5f8dcab218b68e7d18858f83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA

kernel32

SetFileAttributesA
Sleep
FindNextFileA
GetCurrentProcess
DeleteFileA
FindFirstFileA
GetWindowsDirectoryA
GetLastError
TerminateProcess
GetStdHandle
GetFileType
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
SetEndOfFile
LCMapStringA
LoadLibraryA
GetProcAddress
SetFilePointer
GetACP
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
CloseHandle
HeapDestroy
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetCPInfo
GetOEMCP
GetEnvironmentVariableA
GetVersionExA
VirtualAlloc
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA

user32

ExitWindowsEx
MessageBoxA
SendMessageA
wsprintfA
FindWindowA

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_cf174115ee8f8988040bb0938655425e
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\Activation\com.sun.corba.se.impl.activation\servertool\obj\servertool.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_cff3dea48c44577316e8e981a945d900
.dll regsvr32 windows:5 windows x86 arch:x86

cc48504e5dc09795d4d1a1c1864a79e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HNetCfg.pdb

Imports

msvcrt

_except_handler3
malloc
free
realloc
??2@YAPAXI@Z
swprintf
wcslen
_wcsicmp
_snwprintf
wcscpy
wcsncpy
wcsstr
wcstombs
wcscmp
_wtoi
wcscat
_ultow
wcstoul
iswdigit
_wcsnicmp
wcschr
wcsncmp
qsort
iswalpha
wcspbrk
memmove
_initterm
_adjust_fdiv
?terminate@@YAXXZ
__CxxFrameHandler
??3@YAXPAX@Z

ntdll

RtlIpv4AddressToStringW
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
NtSetValueKey
NtClose
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
VerSetConditionMask
RtlStringFromGUID
RtlFreeUnicodeString
NtQueryValueKey
RtlInitUnicodeString
NtOpenKey
NtOpenFile

advapi32

CheckTokenMembership
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegNotifyChangeKeyValue
RegQueryValueExW
AllocateAndInitializeSid
RegDeleteKeyW
FreeSid
ChangeServiceConfigW
StartServiceW
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegEnumKeyExW

gdi32

GetTextExtentPointW
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
SetTextColor
SelectObject
DeleteObject
GetTextMetricsW

kernel32

WideCharToMultiByte
lstrcmpA
DeviceIoControl
SetLastError
DelayLoadFailureHook
GetCurrentThreadId
LockResource
GetModuleHandleW
FormatMessageW
GlobalAlloc
GlobalFree
InterlockedCompareExchange
IsBadReadPtr
LocalFree
LocalAlloc
FreeLibraryAndExitThread
OpenEventW
CloseHandle
VerifyVersionInfoW
ExpandEnvironmentStringsW
GlobalDeleteAtom
IsBadWritePtr
GetComputerNameExW
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetComputerNameA
WaitForSingleObject
OpenProcess
SetEvent
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
CreateEventW
CreateFileW
SwitchToThread
InterlockedExchange
QueueUserAPC
WaitForSingleObjectEx
UnregisterWaitEx
RegisterWaitForSingleObject
GlobalAddAtomW
CreateThread
FreeLibrary
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapDestroy
lstrcpynW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
HeapFree
HeapAlloc
GetProcessHeap
Sleep

rpcrt4

NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrOleAllocate
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrOleFree

user32

ReleaseDC
LoadIconW
SetPropW
GetPropW
CallWindowProcW
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetSysColor
GetSystemMetrics
GetWindowLongW
SetWindowLongW
GetWindowRect
SetWindowPos
LoadStringW
CharPrevW
CharNextW
GetDC
GetClientRect
IsWindowEnabled
GetDlgItem
wsprintfW
WinHelpW
UnhookWindowsHookEx
MessageBoxW
SetWindowsHookExW
BeginDeferWindowPos
DialogBoxParamW
EndDialog
IsDlgButtonChecked
GetDlgItemInt
SetFocus
CheckDlgButton
SetDlgItemTextW
SetDlgItemInt
RemovePropW
PostMessageW
ShowWindow
MapWindowPoints
EndDeferWindowPos
EnableWindow
SetWindowTextW
GetParent
DeferWindowPos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HNetDeleteRasConnection
HNetFreeFirewallLoggingSettings
HNetFreeSharingServicesPage
HNetGetFirewallSettingsPage
HNetGetShareAndBridgeSettings
HNetGetSharingServicesPage
HNetSetShareAndBridgeSettings
HNetSharedAccessSettingsDlg
HNetSharingAndFirewallSettingsDlg
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfCheckAppAuthorization
IcfCloseDynamicFwPort
IcfConnect
IcfDisconnect
IcfFreeAdapters
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeString
IcfFreeTickets
IcfGetAdapters
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsIcmpTypeAllowed
IcfIsPortAllowed
IcfOpenDynamicFwPort
IcfOpenDynamicFwPortWithoutSocket
IcfOpenFileSharingPorts
IcfRefreshPolicy
IcfRemoveDisabledAuthorizedApp
IcfSetProfile
IcfSetServicePermission
IcfSubNetsGetScope
IcfSubNetsIsStringValid
IcfSubNetsToString
WinBomConfigureWindowsFirewall

Sections

.text
Size: 259KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_d23ff45d9af7e5e10bcf73d28bebfb3b
.dll windows:5 windows x86 arch:x86

ca9067d44c94cd8b6f01ab628299122b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3d8thk.pdb

Imports

gdi32

DdEntry1
DdEntry2
DdEntry3
DdEntry5
DdEntry4
DdEntry7
DdEntry8
DdEntry9
DdEntry10
DdEntry11
DdEntry13
DdEntry12
DdEntry14
DdEntry17
DdEntry15
DdEntry18
DdEntry16
DdEntry50
DdEntry19
DdEntry20
DdEntry21
DdEntry24
DdEntry22
DdEntry23
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry30
DdEntry31
DdEntry6
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry37
DdEntry36
DdEntry38
DdEntry39
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virussign.com_d5e652ce82e8ec6eacf8d83ee210a81f
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\sun.rmi\java-rmi\obj\java-rmi.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_e71dd4679481f780521e7ad07bf7bdfa
.exe windows:4 windows x86 arch:x86

18842d719b3276439c3f30a230e56d2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\sun\sun.tools.security\policytool\obj\policytool.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virussign.com_fae608cd6ea7c2207c30f1e4daa4cd11
.exe windows:4 windows x86 arch:x86

79a1ab37da36cff15bf347149fc3fab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateThread
SetEvent
Sleep
LocalFree
WaitForSingleObject
GetModuleHandleA
CopyFileA
FreeEnvironmentStringsW
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAlloc
VirtualFree
CreateEventA
HeapCreate
HeapDestroy
GetWindowsDirectoryA
WriteFile
GetLastError
HeapFree
lstrcpyA
lstrcatA
GetCurrentDirectoryA
ExitProcess
GetVersion
HeapAlloc
GetStartupInfoA

user32

DialogBoxParamA
EnableMenuItem
EndDialog
GetMenu
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
UpdateWindow
InvalidateRect
PostMessageA
CheckRadioButton
PostQuitMessage
DefWindowProcA
CreateDialogParamA
RedrawWindow
MessageBoxA
DestroyWindow
GetSystemMenu
LoadAcceleratorsA
BeginPaint
GetClientRect
EndPaint
GetWindowRect
SetWindowPos
LoadMenuA
GetSubMenu
ClientToScreen
TrackPopupMenu
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA

gdi32

SetPixel
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap
StretchBlt
SelectObject

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

sti

StiCreateInstanceW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89f80dc11d8b77aa9859a13b7977c203

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 30KB

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 964KB

.rsrc Size: 21KB - Virtual size: 21KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

6fc127ddc1f903ae92e3e32f5c32ec1c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

netapi32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 12KB

099c0646ea7282d232219f8807883be0

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 964KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 12KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 29KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 864KB - Virtual size: 861KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 64B