c784b03030d2a4101be5fd60ebfb8906_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c784b03030d2a4101be5fd60ebfb8906_JaffaCakes118
Size

8.8MB
MD5

c784b03030d2a4101be5fd60ebfb8906
SHA1

c27611d4c10655c9c9a97bbcbf1918b9882af4dc
SHA256

6f3aace79c91bd49aa7be2dff5cf4adc59e9db63c76120cbb74a2f060316bca4
SHA512

88c1adea509faa9e232632ea9a9ec5a3a05adf41fdbb567eaf9c3edd7f3d3098a2b700479d6ebea96b82513b8cb33e3f0cb831f776561ee10be0e67b59daa8f0
SSDEEP

196608:rYS+W49oILWz/WPJEA9OaYvOrIwsu9h5ijmQGSnLi12LA:rAWIoIL4/+EAklvOrbv5iC5Sm3

Score

7^/10

vmprotect aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/dm.dll	acprotect

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/UpdateLab.dll	aspack_v212_v242
static1/unpack001/VBRouterChangeIP.dll	aspack_v212_v242
static1/unpack001/save/Routers/tmp/Update.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/dm.dll	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/SoftAttr.dll	vmprotect

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FastVerCode.dll
unpack001/Newtonsoft.Json.dll
unpack001/SoftAttr.dll
unpack001/UUWiseHelper.dll
unpack001/UpdateLab.dll
unpack001/VBRouterChangeIP.dll
unpack001/bfbr.dll
unpack001/dm.dll
unpack002/out.upx
unpack001/lua5.1.dll
unpack001/plug/UnRAR.exe
unpack001/save/Routers/tmp/Update.exe
unpack001/softUpdate.exe
unpack001/thread/Thread.exe
unpack001/一百分QQ综合采集软件.exe

Files

c784b03030d2a4101be5fd60ebfb8906_JaffaCakes118
.rar
163City
COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ctry.xml
FastVerCode.dll
.dll windows:4 windows x86 arch:x86

018dd474ecd799abb2a53bc709d521b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

Netbios

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord540
ord858
ord939
ord2915
ord3584
ord543
ord803
ord3663
ord3922
ord541
ord941
ord4129
ord2764
ord860
ord2393
ord690
ord1988
ord5808
ord1074
ord1075
ord5204
ord1116
ord389
ord665
ord1979
ord5186
ord354
ord6663
ord5710
ord5683
ord4278
ord823
ord5442
ord3318
ord6283
ord6282
ord2614
ord4202
ord6662
ord6874
ord5207
ord1158
ord5440
ord6383
ord5450
ord6394
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord535
ord940
ord825
ord800
ord537
ord1176
ord801
ord3229

msvcrt

_adjust_fdiv
__CxxFrameHandler
_CxxThrowException
_mbscmp
rand
srand
time
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
malloc

kernel32

LocalFree
WideCharToMultiByte
GetComputerNameA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
MultiByteToWideChar

shlwapi

StrToIntA

wininet

InternetSetOptionA

Exports

Exports

GetUserInfo
GetUserInfo_A
LzGetVcodeResult
LzPutVCodeByteToServer
LzPutVCodePathToServer
RecByte
RecByte_2
RecByte_A
RecByte_A_2
RecYZM
RecYZM_2
RecYZM_A
RecYZM_A_2
Reglz
ReportError

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dev\Releases\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repair.ini
Res/oem
Res/oem2
SoftAttr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

84bdcafc7e3c7332ed8718aefb1140a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_adj_fdivr_m64

kernel32

GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
getSoftAttr

Sections

.text
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TABCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aa8b0ec5b7d56e08d6614ae243221096

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
HeapReAlloc
lstrcmpA
GetProcessHeap
InitializeCriticalSection
lstrcatA

user32

SetFocus
MoveWindow
GetWindow
ShowWindow
IsWindowEnabled
PtInRect
IsWindowVisible
GetParent
SetWindowRgn
GetSysColor
CopyRect
DrawFocusRect
DestroyWindow
GetWindowDC
GetWindowRect
CreateWindowExA
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetRectEmpty
SetWindowPos
OffsetRect
WinHelpA
GetNextDlgTabItem
CharNextA
GetClipboardFormatNameA
ScreenToClient
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
InvalidateRect
ReleaseCapture
CreateDialogIndirectParamA
IsChild
SetParent
EndPaint
IsDialogMessageA
FillRect
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetSystemMetrics
ClientToScreen
GetClientRect
BeginPaint
IntersectRect

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
SysStringLen
OleTranslateColor
GetErrorInfo
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
OleCreatePictureIndirect
SysAllocString
SysFreeString

gdi32

LPtoDP
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
SetMapMode
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
CreateICA
GetPaletteEntries

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUExtConfig.ini
UUWiseHelper.dll
.dll windows:5 windows x86 arch:x86

e0e9f277ce989ebccdd368f3ac3dd37c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\992UDLL\输出目录\UUWiseHelper.pdb

Imports

kernel32

ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalSize
SetUnhandledExceptionFilter
lstrcmpiW
lstrcatW
lstrcpyW
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
lstrlenA
WaitForSingleObject
CreateThread
CreateDirectoryW
GetPrivateProfileIntW
WriteFile
SetFilePointer
InitializeCriticalSection
FreeLibrary
LoadLibraryW
SetEvent
WaitForMultipleObjects
DeviceIoControl
GetSystemInfo
GetVersionExW
FindNextFileW
FindFirstFileW
lstrcpynW
IsBadWritePtr
IsBadReadPtr
lstrcpyA
lstrcpynA
CompareStringW
WriteConsoleW
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
GetConsoleMode
CloseHandle
lstrlenW
GetModuleHandleW
GetProcAddress
CreateFileW
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStdHandle
SetEnvironmentVariableA
ExitProcess
IsProcessorFeaturePresent
HeapCreate
LCMapStringW
GetStringTypeW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
DecodePointer
EncodePointer
RtlUnwind
GetTickCount
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException

user32

PrintWindow
FindWindowW
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
GetWindowDC
wsprintfA

gdi32

DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

advapi32

CryptReleaseContext
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SafeArrayGetLBound
VariantClear
SysAllocString
SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
SysFreeString

shlwapi

PathFileExistsW
StrStrIW

urlmon

FindMimeFromData

dbghelp

MiniDumpWriteDump

gdiplus

GdiplusStartup
GdipFree
GdipGetImageEncodersSize
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipGetImageEncoders
GdipDisposeImage
GdipAlloc

iphlpapi

GetAdaptersInfo

ws2_32

GetAddrInfoW
sendto
recvfrom
setsockopt
WSAStartup
closesocket
socket

Exports

Exports

uu_AsyncRecognizeByCodeTypeAndPathA
uu_CheckApiSignA
uu_CheckApiSignW
uu_CloseAsyncRecognizeHandle
uu_GetAsyncRecognizeResultA
uu_SysCallOneParam
uu_UploadFileA
uu_UploadFileW
uu_UploadScreen
uu_easyRecognizeBytesA
uu_easyRecognizeBytesW
uu_easyRecognizeFileA
uu_easyRecognizeFileW
uu_easyRecognizeScreenA
uu_easyRecognizeScreenW
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
uu_easyRecognizeWndByHWndAndPosA
uu_easyRecognizeWndByHWndAndPosW
uu_easyRecognizeWndByTitleAndPosA
uu_easyRecognizeWndByTitleAndPosW
uu_getResultA
uu_getResultW
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_payA
uu_payW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
uu_recognizeScreenByCodeTypeA
uu_recognizeScreenByCodeTypeW
uu_recognizeWndByHWndAndPosA
uu_recognizeWndByHWndAndPosW
uu_recognizeWndByTitleAndPosA
uu_recognizeWndByTitleAndPosW
uu_reguserA
uu_reguserW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateLab.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CheckUpdateA
CheckUpdateV2A
CheckUpdateV2W
CheckUpdateW
GetUpdateStats
TMethodImplementationIntercept

Sections

.text
Size: 387KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 999KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VBRouterChangeIP.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ChangeIPA
ChangeIPW
ConnectionA
ConnectionW
DisconnectionA
DisconnectionW
TMethodImplementationIntercept

Sections

.text
Size: 556KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 92KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VersionConfig.cfg
bfbr.dll
.exe windows:4 windows x86 arch:x86

71825f2e838423d0bc44968f8cc0bb7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
ord690
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrAryToUnicode
__vbaStrI4
__vbaVarMove
ord693
__vbaVarVargNofree
__vbaStrAryToAnsi
__vbaAryMove
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
ord696
__vbaEnd
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
ord698
ord620
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaResume
__vbaCopyBytes
ord629
__vbaStrCat
__vbaVarCmpNe
__vbaError
ord660
ord553
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
ord557
ord558
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaForEachCollObj
ord593
__vbaExitProc
__vbaVarForInit
ord300
ord594
__vbaFileCloseAll
__vbaStrLike
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaFpR4
ord306
__vbaStrFixstr
__vbaForEachCollVar
ord705
__vbaBoolVar
ord520
ord309
__vbaRefVarAry
__vbaVarTstLt
__vbaVargVar
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
ord709
__vbaNextEachCollObj
ord525
__vbaVarZero
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaChkstk
ord526
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaCyI2
__vbaGet3
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaCyI4
__vbaNextEachCollVar
__vbaPrintObj
__vbaObjVar
ord561
ord562
DllFunctionCall
ord563
ord670
__vbaVarOr
__vbaVarLateMemSt
ord564
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaR8Cy
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
_CIsqrt
__vbaRedimVar
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
ord710
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
ord711
__vbaInputFile
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaI2Str
ord607
ord714
__vbaVarDiv
ord608
ord531
__vbaVarCmpLe
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
ord534
__vbaVarCat
ord535
__vbaI2Var
__vbaStopExe
ord537
ord644
__vbaExitEachVar
ord645
_CIlog
__vbaFileOpen
ord570
ord648
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaR8Str
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaVarSetObj
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaFpCy
ord610
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrComp
ord612
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord616
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaVarCopy
__vbaFpI4
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaCastObj
__vbaAryCopy
__vbaStrMove
__vbaI4Cy
__vbaR8IntI4
__vbaForEachVar
__vbaStrVarCopy
ord619
ord542
__vbaVarNeg
ord543
_allmul
__vbaLenVarB
ord544
__vbaVarLateMemCallSt
__vbaLateIdSt
ord545
_CItan
ord546
__vbaFPInt
__vbaUI1Var
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaRecAssign
__vbaI4ErrVar
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CBFunA
CBFunB
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 615KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 652KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zp0
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zp1
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
login.cfg
lua5.1.dll
.dll windows:4 windows x86 arch:x86

df5ee731556844566bd09eb9e0c19cfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

strtoul
strcoll
strerror
ungetc
strstr
__iob_func
_errno
fopen
fread
fprintf
ferror
freopen
realloc
fclose
getc
feof
free
fputs
fgets
setvbuf
fwrite
ftell
fseek
clearerr
fscanf
tmpfile
_pclose
fflush
_popen
ceil
modf
ldexp
rand
srand
strcspn
_HUGE
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
getenv
_difftime64
_time64
rename
memchr
ispunct
tolower
isupper
toupper
islower
strpbrk
isxdigit
strrchr
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strncpy
strncat
sprintf
strtod
localeconv
isspace
iscntrl
isdigit
isalpha
isalnum
exit
longjmp
strchr
frexp
_setjmp3
_CIpow
floor
memcpy
_CIexp
_CIlog10
_CIlog
_CIsqrt
_CIfmod
_CIatan2
_CIatan
_CIacos
_CIasin
_CItanh
_CItan
_CIcosh
_CIcos
_CIsinh
_CIsin

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pic/pageN.bmp
plug/UnRAR.exe
.exe windows:4 windows x86 arch:x86

cf6ca145896f9d37f7f4799cce56ed2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
MoveFileA
MultiByteToWideChar
RaiseException
ReadConsoleA
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetPriorityClass
SetThreadPriority
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
LoadStringA
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plug/ver.ini
router.cfg
save/NewCity.ini
save/Noname1.html
.html .js polyglot
save/Routers/Compatible_635574497933895731.lua
save/Routers/Compatible_635574497933945163.lua
save/Routers/Compatible_635574497933965149.lua
save/Routers/Compatible_635574497933985144.lua
save/Routers/Compatible_635574497934005149.lua
save/Routers/Compatible_635574497934035148.lua
save/Routers/Compatible_635574497934055158.lua
save/Routers/Compatible_635574497934085156.lua
save/Routers/Compatible_635574497934105157.lua
save/Routers/Compatible_635574497934135160.lua
save/Routers/Compatible_635574497934175161.lua
save/Routers/Compatible_635574497934205164.lua
save/Routers/Compatible_635574497934235186.lua
save/Routers/Compatible_635574497934265194.lua
save/Routers/Compatible_635574497934285170.lua
save/Routers/Compatible_635574497934305166.lua
save/Routers/Compatible_635574497934325166.lua
save/Routers/Compatible_635574497934345167.lua
save/Routers/Compatible_635574497934375185.lua
save/Routers/Compatible_635574497934395175.lua
save/Routers/Compatible_635574497934415176.lua
save/Routers/Compatible_635574497934435186.lua
save/Routers/Compatible_635574497934465194.lua
save/Routers/Compatible_635574497934485175.lua
save/Routers/Compatible_635574497934505180.lua
save/Routers/Compatible_635574497934535178.lua
save/Routers/Compatible_635574497934555179.lua
save/Routers/Compatible_635574497934575179.lua
save/Routers/Compatible_635574497934605182.lua
save/Routers/Compatible_635574497934625183.lua
save/Routers/Compatible_635574497934655186.lua
save/Routers/Compatible_635574497934675191.lua
save/Routers/Compatible_635574497934695192.lua
save/Routers/Compatible_635574497934725190.lua
save/Routers/Compatible_635574497934745190.lua
save/Routers/Compatible_635574497934775198.lua
save/Routers/Compatible_635574497934795194.lua
save/Routers/Compatible_635574497934815199.lua
save/Routers/Compatible_635574497934845198.lua
save/Routers/Compatible_635574497934865198.lua
save/Routers/Compatible_635574497934885203.lua
save/Routers/Compatible_635574497934915211.lua
save/Routers/Compatible_635574497934935197.lua
save/Routers/Compatible_635574497934965210.lua
save/Routers/Compatible_635574497934985206.lua
save/Routers/Compatible_635574497935015209.lua
save/Routers/Compatible_635574497935045207.lua
save/Routers/Compatible_635574497935075210.lua
save/Routers/Compatible_635574497935095215.lua
save/Routers/Compatible_635574497935115211.lua
save/Routers/Compatible_635574497935145219.lua
save/Routers/Compatible_635574497935175217.lua
save/Routers/Compatible_635574497935205220.lua
save/Routers/Compatible_635574497935225221.lua
save/Routers/Compatible_635574497935245226.lua
save/Routers/Compatible_635574497935275224.lua
save/Routers/Compatible_635574497935295225.lua
save/Routers/Compatible_635574497935315225.lua
save/Routers/Compatible_635574497935345233.lua
save/Routers/Compatible_635574497935365234.lua
save/Routers/HUAWEI EchoLife HG510a.lua
save/Routers/TPFastMercurySOHOV1.lua
save/Routers/TPFastMercurySOHOV2.lua
save/Routers/TPFastMercurySOHOV3.lua
save/Routers/TPFastMercurySOHOV4.lua
save/Routers/TPFastMercurySOHOV5.lua
save/Routers/TPFastMercurySOHOV6.lua
save/Routers/TPLinkEnterprise.lua
save/Routers/VersionConfig.cfg
save/Routers/mapping.map
save/Routers/tmp/Update.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 697KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
save/city_id.txt
save/country.txt
save/file1.ini
save/locationLatQQ.txt
save/router/ALCATEL SpeedTouch511e.ini
save/router/ALPHA AFW-GR55 mini.ini
save/router/ALPHA K3.ini
save/router/ALPHA V4.ini
save/router/ASUS WL530g.ini
save/router/AboveCable ACRT2010-11.ini
save/router/Alpha GR50.ini
save/router/D-Link DI-504.ini
save/router/D-Link DI-524.ini
save/router/D-Link DI-524M.ini
save/router/D-Link DI-604+.ini
save/router/D-Link DI-604.ini
save/router/D-Link DI-624+A.ini
save/router/D-Link DI-624.ini
save/router/D-Link DI-7001.ini
save/router/D-Link DI-808HV.ini
save/router/D-Link DIR-100.ini
save/router/D-Link DIR-300.ini
save/router/D-Link DIR-600.ini
save/router/FAST FR40.ini
save/router/FAST FR48.ini
save/router/HL-RT700.ini
save/router/Hi-Spider Hotel_V3.ini
save/router/HuaWei 3COM BR104.ini
save/router/HuaWei 3COM BR204+.ini
save/router/HuaWei WBR204G+.ini
save/router/HuaWei WBR204G.ini
save/router/KINGNET KN-S1060.ini
save/router/KINGNET KN-S1060T.ini
save/router/KINGNET KN-WR710H.ini
save/router/LINKSYS WRT54G.ini
save/router/LINKSYS WRT54GC.ini
save/router/LinkSYS BEFSR41.ini
save/router/LinkSYS BEFW11S4.ini
save/router/LinkSYS WRK54G(2).ini
save/router/LinkSYS WRK54G.ini
save/router/LinkSYS WRT150N.ini
save/router/Mercury MR808v2.ini
save/router/Mercury MW54R.ini
save/router/Mercury Soho MR804.ini
save/router/NetCore 2105+NR.ini
save/router/NetCore 2505+NR.ini
save/router/NetCore 2805NR.ini
save/router/NetCore 605GR.ini
save/router/NetCore NR+205.ini
save/router/NetCore NW705+.ini
save/router/NetCore NW705P V2.ini
save/router/NetCore NW705P.ini
save/router/NetShare R-1200.ini
save/router/NetShare R-1800.ini
save/router/Netgear JWNR2000T.ini
save/router/Netgear WGR614.ini
save/router/SMC SMC7004VBR.ini
save/router/TOTOLINK N300R.ini
save/router/TP-Link 402M.ini
save/router/TP-Link TD-8810.ini
save/router/TP-Link TD-W89741N.ini
save/router/TP-Link TL-MR11U.ini
save/router/TP-Link TL-R402.ini
save/router/TP-Link TL-R402M.ini
save/router/TP-Link TL-R406.ini
save/router/TP-Link TL-R410.ini
save/router/TP-Link TL-R460.ini
save/router/TP-Link TL-WR340G V5.ini
save/router/TP-Link TL-WR340G.ini
save/router/TP-Link TL-WR641G 642G.ini
save/router/TP-Link TL-WR740N.ini
save/router/TP-Link、FAST、Mercury 通用1.ini
save/router/TP-Link、FAST、Mercury 通用2.ini
save/router/TP-Link、FAST、Mercury 通用3.ini
save/router/TP-Link、FAST、Mercury 通用4.ini
save/router/Tenda NAT Router.ini
save/router/Tenda TEI402.ini
save/router/Tenda TEI402M.ini
save/router/Tenda TEI480T+.ini
save/router/Tenda TEI6606.ini
save/router/Tenda TEI6608.ini
save/router/Tenda TEI6608S 2.ini
save/router/Tenda TEI6608S.ini
save/router/Tenda TEI6611S.ini
save/router/Tenda W541R.ini
save/router/Wealnet R-2804P.ini
save/router/Wealnet R-2808M.ini
softUpdate.exe
.exe windows:5 windows x86 arch:x86

a8aad6ea80af5a700d81aa38a465509a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord591
ord592
ord593
__vbaExitProc
__vbaFileCloseAll
__vbaStrLike
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaStrFixstr
ord520
__vbaBoolVarNull
_CIsin
ord709
ord631
__vbaErase
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaFpUI1
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaUI1I4
__vbaStr2Vec
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord570
__vbaVar2Vec
ord648
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaStrComp
ord612
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaVarCopy
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaAryCopy
ord618
__vbaStrMove
ord619
__vbaStrVarCopy
_allmul
__vbaVarLateMemCallSt
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

kernel32

LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW
CharUpperBuffW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
thread/Thread.exe
.exe windows:4 windows x86 arch:x86

fde6b885d37438e46931b17aae9a7a7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord593
__vbaExitProc
ord594
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaBoolVarNull
_CIsin
ord631
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaGet3
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaLbound
__vbaStrR4
_adj_fpatan
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
ord617
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
_allmul
__vbaVarLateMemCallSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zk
一百分QQ综合采集软件.exe
.exe windows:4 windows x86 arch:x86

4cd9cf51af43eb6b0b30ad27d0b3abd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
ExitProcess
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasGetConnectStatusA

winspool.drv

OpenPrinterA

ole32

CLSIDFromProgID

comctl32

ord17

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Exports

Exports

��y�k'.;��𪫊Bf9�[�B�G�H�V-��|�F^$`1�N��|�<�SW��g��1BL�i 1R&Y Ng��I8HL�Nc��͑�Y/��F�0�lsVA@ML|��Y),t^ p#KEYd��U\��|��$vV87�[��;x��mo�D⻸�M�~Dô�=��L2PN��S͉;u��+,z�2ە{�|��Q �{J4n��@n�mq�:�~� {��-�D=�Қ��%��=rl��1� ��׃G=�BsD��4 "1!:�2h��mn7r��:h ��3��&4�55��i_�Ηa^�R1�D"�#m��i{�d<qh��S��Dm��4�z��ў*I�V��f0�Y ��na&�W�۲��P"�O��qp|��{he�o��D��*q�VD�m��7��Y��͂��B��/;ؐ*�X�o��o1�}0�_>m��w ��3�!��/[�H��D�q'�@[+�� E��j�l��Ka��!��&�,�P-��ŭTI桫KL�S�Z�<�U�`ֻ ��G��l8��h�E/R�z/G=�|Iק��B��&h]X�>�>r�G#'�� u\ɾ�9t��s��4k�>�� -8�3�E9jԌ�h#W��"��ฯt�y��4� m|Cn%��Y<��6��$ъON�+��04|��\yԡ��m��OMo�~�t��r��$�[x��#�<�qLn�>�[Z�m�-��w� 6W� 6��e�A'[ƽ��(�?N / K�ۿ��b��q>��7��'�%n�(�4L�_!o}AP��;؀/�1��[�c�m�92�q��C��.}tчSs3��g��=��j��V�s��2`>`��#��:oE�� ^7j.��čLp�[�5 <��F=��d��qs��ޯ��4��@d�*"|?'4�$#�\D�kV� � O�."�u!`��93:��;��I�ɪ��?��;�I� Y��l�/!�+hu�J-��8��yp~�z��. A@A��P��3o�j��acG�'��:��p��w�MGMxG��)��3��Z9[<�ka<v�3�z%�X��v)A�O@m0�&M��z�ٸ�� Lhj]��E��~|�Ȼ��z\)'D�ǁ��R��b��:Ÿ�A�=��E+W$��|4��H��-Gޡ��dW� ��O�/!C�#�+ka"��!�TG��S_�C�i��/P�]�[�`XZ��lf �`xH��t�,��U��(u\c��/��i��l"��]�Ҁ<J�� m��tT΂��WB*�1��h��f�Nά71�fel��=��^��t�O��֍;#g��Rb(#g|�%V��!� �'��ńH��c�Ӛu��i��*�O��rx�S+c��[��Bj��6��@��n�� -��9�7@��iBK{�;~�-%S/H��W�~�K"�@��L��Â��1��̔[!�۪��'$\rܴ�)vE�I��F��[S��zu�W/��vt��rK߸N�|��% ��Cf �� v�j�[�|�\\f��,��d�h�Ҵ�#_>�M��n�U�8�}5�?��i� 5��E�'ׯ~��Z�7W@�NY��Z ��-�-P��5m1��]JvrF= 0S*�V�k��d�̘��&�`~��g��].D�� 뉎�d��E�J��/�F՞ev�5b�,/��g6`��W�{�7Ж��i#ld#�ȑ]�D�� %�"5@�,299)��}aY��.x\�� v Mo-2��r:�ô$��8I��f�n��=�i��V�p�s��. N�)E� ��ϴ)�@?^Tb� vHqD (��s��di��u �I��Ex�Z�Sq�آ��E�+L#U��r ��;�r!�JG;ώy:;��dg��W��wL<)5��!_VM��9�vg�I+�ݙg�pp��Z�]G-�y64�lu=G�5��w�:��*�*�ۧ��i|�Ǿ��g��Z�R's�!m#m�{{�WO�,f��"�c ��ĩ��b�]Wl�wC��5Q��xS� ��{BQBGL��`�CEB6�~Q�c��M��lmk��4�l/��F]�lM��uS��2v��+�*O�cN�� j�^�>P �;/� �+(Cq��4� c^��ԯ��9I%\�jd.��3��a��q l��k�e�4>>�v�A�ӝ7�8�� $8Iɚ�?�P\T�0�l�M��e맷��,��g��ي�:L�F��{�X�<p�U1#j�� 9� � �鎗ZK�e�=��\e}Ө/�xv��uƗ��emk��D�\�u��"i��K��A#�l�F7��D�-9�jO� Ԙ�!J�W�5�W��g�gY5x��A6b�*TtǄ�D&J��4@I�A�>+��V�py�Ga��_��m��|�;4ña��ث~�Y>_p:,��Vc�w9rA$;:;��n�\�~��~��翴��$�a?��g��c0zB��&�F��"+�qnv�qַ2X�֮о�� Ǩ��ť�=z1>=�jb��9��L%�4q,>��N��i��7�|��虾�V-��^��s��*�P�� 8��d��j�Z�|~�� Z��p��F�U��vG,$߷ȒP��l�N�$�� >�`�J&-*i�ٿ��5��}�E�|��tp��>��׭J'R��Fm9m�2)�$�'�JAr:��v��w��Jо��mJ�Ã��Y{��;#w��tW�L\؍n$ �CЫ ?��О��X7�[��*�+�

Sections

Size: 428KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 260KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
更多营销软件下载.lnk
.lnk
更多软件下载.url
.url
若软件运行出错请运行此文件.bat
解压密码123456.txt
高级过滤使用帮助文档.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

988f29c1eb8054253091352741683c76

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

018dd474ecd799abb2a53bc709d521b1

Headers

File Characteristics

Imports

netapi32

mfc42

msvcrt

kernel32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 8KB - Virtual size: 4KB

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 688KB - Virtual size: 687KB

.data Size: 32KB - Virtual size: 28KB

.rsrc Size: 280KB - Virtual size: 279KB

.reloc Size: 40KB - Virtual size: 38KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 8KB - Virtual size: 4KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 688KB - Virtual size: 687KB

.data
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 375KB - Virtual size: 374KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 972B

.vmp0
Size: - Virtual size: 60KB

.vmp1
Size: 124KB - Virtual size: 122KB

.reloc
Size: 4KB - Virtual size: 148B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB