895f092c6c6c5f35063e3a2dab272bf1dfe6b93bf5c0aae4f9bd6ef88bf1914d

Sharing

Copy URL Twitter E-mail

General

Target

895f092c6c6c5f35063e3a2dab272bf1dfe6b93bf5c0aae4f9bd6ef88bf1914d
Size

6.3MB
MD5

c0aa3abe6b102b7f120f43dd41e9397a
SHA1

06956cf5e257a20676e542e563ef340a2e0579e3
SHA256

895f092c6c6c5f35063e3a2dab272bf1dfe6b93bf5c0aae4f9bd6ef88bf1914d
SHA512

2476ad665a3f7da3812f5fb1ca34011d134bbfe6bbf58a5929364a5224eab24f06a9db0fb9190ecfa7cfe9ae56ad1cdcf8d45729cb9ec28c6573a7ef84477f5a
SSDEEP

98304:ESm7dt1axv/TAqZAM/eYTSpH+pCza11N4pHfMgVj8naqC5ve49QUO8/efQg7CyUj:ytgTH2huSpese13eMRnS2/amTQUGSYZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Black Myth Wukong v1.0 Plus 42 Trainer.exe
unpack002/dlssg_to_fsr3_amd_is_better.dll
unpack002/winhttp.dll

Files

895f092c6c6c5f35063e3a2dab272bf1dfe6b93bf5c0aae4f9bd6ef88bf1914d
.zip
Black Myth Wukong v1.0 Plus 42 Trainer.exe
.exe windows:6 windows x64 arch:x64

dc476f375d0ae515788ba7b61cf7e31c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetLastError
CreateFileW
WriteFile
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
DecodePointer
GetModuleFileNameW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateProcessW
GetTickCount
GetTempPathW
WaitNamedPipeW
ReadFile
GetModuleHandleA
LoadLibraryA
MapViewOfFile
WritePrivateProfileStringW
FindResourceW
LoadResource
SizeofResource
LockResource
GetFileAttributesW
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
GetTickCount64
SetLastError
ResumeThread
WaitForSingleObject
GetFileSizeEx
LocalFree
CreateDirectoryW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileMappingW
UnmapViewOfFile
CloseHandle
GetPrivateProfileStringW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
QueryPerformanceCounter
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RaiseException
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
RtlUnwind

user32

MessageBoxA
SetProcessDPIAware
MessageBoxW

advapi32

SetEntriesInAclW
ConvertStringSidToSidW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData

mscoree

CLRCreateInstance
CorBindToRuntime

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundW

Sections

.text
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
黑神话悟空dlss＋fsr补丁.zip
.zip
READ ME.txt
dlssg_to_fsr3_amd_is_better.dll
.dll windows:6 windows x64 arch:x64

5d9a93a1804b8b71b79681500a8122cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dlssg_to_fsr3_amd_is_better.pdb

Imports

kernel32

GetModuleHandleW
CloseHandle
GetModuleHandleExW
GetModuleFileNameW
GetPrivateProfileIntW
IsDebuggerPresent
GetEnvironmentVariableA
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
WaitForSingleObject
OutputDebugStringW
FlushFileBuffers
GetFileAttributesA
Sleep
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetLastError
VirtualAlloc
VirtualFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
CreateThread
SetThreadPriority
SetThreadDescription
WriteConsoleW
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
SetEndOfFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetStdHandle
GetFileType
ExitProcess
HeapFree
HeapAlloc
GetTimeZoneInformation
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
CreateDirectoryW
GetConsoleOutputCP
GetFileSizeEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
CreateFileW
ReadFile
ReadConsoleW
HeapSize

user32

GetAsyncKeyState

Exports

Exports

NVSDK_NGX_CUDA_CreateFeature
NVSDK_NGX_CUDA_EvaluateFeature
NVSDK_NGX_CUDA_GetScratchBufferSize
NVSDK_NGX_CUDA_Init
NVSDK_NGX_CUDA_ReleaseFeature
NVSDK_NGX_CUDA_Shutdown
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_Init
NVSDK_NGX_D3D11_PopulateParameters_Impl
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_Init
NVSDK_NGX_D3D12_Init_Ext
NVSDK_NGX_D3D12_PopulateParameters_Impl
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_GetAPIVersion
NVSDK_NGX_GetApplicationId
NVSDK_NGX_GetDriverVersion
NVSDK_NGX_GetDriverVersionEx
NVSDK_NGX_GetGPUArchitecture
NVSDK_NGX_GetSnippetVersion
NVSDK_NGX_ProcessCommand
NVSDK_NGX_SetInfoCallback
NVSDK_NGX_SetTelemetryEvaluateCallback
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_Init_Ext
NVSDK_NGX_VULKAN_Init_Ext2
NVSDK_NGX_VULKAN_PopulateParameters_Impl
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1
NvOptimusEnablementCuda

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14.2MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flysheep资源避难所全游戏列表备用地址.url
.url
flysheep资源避难所全游戏列表.url
.url
winhttp.dll
.dll windows:6 windows x64 arch:x64

e1f6884dd43a874ea5b53219d70cfc32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nvngx.pdb

Imports

kernel32

GetModuleHandleW
OutputDebugStringW
GetModuleHandleExW
GetModuleFileNameW
VirtualProtect
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetSystemDirectoryW
TerminateProcess
GetProcAddress
VirtualQuery
GetCurrentThreadId
WriteConsoleW
CreateFileW
LoadLibraryExW
SetLastError
GetLastError
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
HeapSize
HeapReAlloc
CloseHandle

user32

MessageBoxW

advapi32

RegGetValueW
RegOpenKeyExW
RegCloseKey

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
DllCanUnloadNow
DllGetClassObject
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetSymLoadError
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump
NVSDK_NGX_CUDA_AllocateParameters
NVSDK_NGX_CUDA_CreateFeature
NVSDK_NGX_CUDA_DestroyParameters
NVSDK_NGX_CUDA_EvaluateFeature
NVSDK_NGX_CUDA_GetCapabilityParameters
NVSDK_NGX_CUDA_GetParameters
NVSDK_NGX_CUDA_GetScratchBufferSize
NVSDK_NGX_CUDA_Init
NVSDK_NGX_CUDA_Init_Ext
NVSDK_NGX_CUDA_Init_ProjectID
NVSDK_NGX_CUDA_ReleaseFeature
NVSDK_NGX_CUDA_Shutdown
NVSDK_NGX_D3D11_AllocateParameters
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_DestroyParameters
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_GetCapabilityParameters
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetParameters
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_Init
NVSDK_NGX_D3D11_Init_Ext
NVSDK_NGX_D3D11_Init_ProjectID
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D11_Shutdown1
NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_Init
NVSDK_NGX_D3D12_Init_Ext
NVSDK_NGX_D3D12_Init_ProjectID
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_OTA_UPDATES_CheckForUpdate
NVSDK_NGX_OTA_UPDATES_GetPath
NVSDK_NGX_OTA_UPDATES_Install
NVSDK_NGX_OTA_UPDATES_Register
NVSDK_NGX_OTA_UPDATES_Unregister
NVSDK_NGX_OTA_UPDATES_Update
NVSDK_NGX_UpdateFeature
NVSDK_NGX_VULKAN_AllocateParameters
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_DestroyParameters
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_GetCapabilityParameters
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetParameters
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_Init_Ext
NVSDK_NGX_VULKAN_Init_Ext2
NVSDK_NGX_VULKAN_Init_ProjectID
NVSDK_NGX_VULKAN_Init_ProjectID_Ext
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_RequiredExtensions
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1
Ordinal_1101
Ordinal_1102
Ordinal_1103
Ordinal_1104
Ordinal_1105
Ordinal_1106
Ordinal_1107
Ordinal_1108
Ordinal_1109
Ordinal_1110
Ordinal_1115
Ordinal_1116
Ordinal_1117
Ordinal_1118
Ordinal_1119
Private1
RangeMapAddPeImageSections
RangeMapCreate
RangeMapFree
RangeMapRead
RangeMapRemove
RangeMapWrite
RemoveInvalidModuleList
ReportSymbolLoadSummary
SearchTreeForFile
SearchTreeForFileW
SetCheckUserInterruptShared
SetSymLoadError
StackWalk
StackWalk64
StackWalkEx
SvchostPushServiceGlobals
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymAllocDiaString
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFreeDiaString
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetDiaSession
SymGetDiaSource
SymGetExtendedOption
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrEx
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameEx
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextEx
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevEx
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileChecksum
SymGetSourceFileChecksumW
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetDiaSession
SymSetExtendedOption
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
WinDbgExtensionDllInit
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryHeadersEx
WinHttpQueryOption
WinHttpReadData
WinHttpReadDataEx
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetSecureLegacyServersAppCompat
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings
_EFN_DumpImage
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
补丁使用方法.txt

Sharing

General

Malware Config

Signatures

Files

dc476f375d0ae515788ba7b61cf7e31c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

mscoree

wininet

version

winmm

Sections

.text Size: 702KB - Virtual size: 701KB

.rdata Size: 371KB - Virtual size: 370KB

.data Size: 10KB - Virtual size: 86KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 527KB - Virtual size: 527KB

.reloc Size: 3KB - Virtual size: 3KB

5d9a93a1804b8b71b79681500a8122cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 644KB - Virtual size: 643KB

.rdata Size: 14.2MB - Virtual size: 14.2MB

.data Size: 83KB - Virtual size: 90KB

.pdata Size: 20KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 59KB - Virtual size: 59KB

e1f6884dd43a874ea5b53219d70cfc32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 5KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 702KB - Virtual size: 701KB

.rdata
Size: 371KB - Virtual size: 370KB

.data
Size: 10KB - Virtual size: 86KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 527KB - Virtual size: 527KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 644KB - Virtual size: 643KB

.rdata
Size: 14.2MB - Virtual size: 14.2MB

.data
Size: 83KB - Virtual size: 90KB

.pdata
Size: 20KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 59KB - Virtual size: 59KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB