c_g18030.pdb
Overview
overview
8Static
static
8U盘痕迹...30.dll
windows7-x64
3U盘痕迹...30.dll
windows10-2004-x64
3U盘痕迹...JG.dll
windows7-x64
3U盘痕迹...JG.dll
windows10-2004-x64
3U盘痕迹...EC.exe
windows7-x64
3U盘痕迹...EC.exe
windows10-2004-x64
3U盘痕迹...7z.dll
windows7-x64
3U盘痕迹...7z.dll
windows10-2004-x64
3U盘痕迹...7z.exe
windows7-x64
3U盘痕迹...7z.exe
windows10-2004-x64
3U盘痕迹...PI.dll
windows7-x64
3U盘痕迹...PI.dll
windows10-2004-x64
3U盘痕迹...rk.exe
windows7-x64
3U盘痕迹...rk.exe
windows10-2004-x64
3U盘痕迹...30.bat
windows7-x64
6U盘痕迹...30.bat
windows10-2004-x64
6U盘痕迹...er.dll
windows7-x64
3U盘痕迹...er.dll
windows10-2004-x64
3U盘痕迹...st.exe
windows7-x64
3U盘痕迹...st.exe
windows10-2004-x64
3U盘痕迹...��.exe
windows7-x64
3U盘痕迹...��.exe
windows10-2004-x64
3Behavioral task
behavioral1
Sample
U盘痕迹清除/C_G18030.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
U盘痕迹清除/C_G18030.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
U盘痕迹清除/ETJG.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
U盘痕迹清除/ETJG.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
U盘痕迹清除/PSEXEC.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
U盘痕迹清除/PSEXEC.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
U盘痕迹清除/Tool/7z.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
U盘痕迹清除/Tool/7z.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
U盘痕迹清除/Tool/7z.exe
Resource
win7-20240708-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
U盘痕迹清除/Tool/7z.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
U盘痕迹清除/USB_KEY_API.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
U盘痕迹清除/USB_KEY_API.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
U盘痕迹清除/drk.exe
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral14
Sample
U盘痕迹清除/drk.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral15
Sample
U盘痕迹清除/fixgb18030.bat
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral16
Sample
U盘痕迹清除/fixgb18030.bat
Resource
win10v2004-20240802-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
U盘痕迹清除/obEraser.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral18
Sample
U盘痕迹清除/obEraser.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral19
Sample
U盘痕迹清除/psloglist.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral20
Sample
U盘痕迹清除/psloglist.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
U盘痕迹清除/天桥存储介质信息消除工具.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
U盘痕迹清除/天桥存储介质信息消除工具.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
72dce5e971de29a9b7c0d79d09d1b12e709b41c9ff732d99b03ad5d71b31fe9a
-
Size
11.0MB
-
MD5
8d80a81a72cdbcd1d651935641904587
-
SHA1
baf748a1c6f694f23fd34cd3109dfd249c419fc7
-
SHA256
72dce5e971de29a9b7c0d79d09d1b12e709b41c9ff732d99b03ad5d71b31fe9a
-
SHA512
60ef0231a38c29eadc3f2320f84d35b4556c1e0e5cfe9c99019de9682874f9df698a32dd0e5070c65cd52147ca4be89dbeca126c72531186bb7fee6a492765a9
-
SSDEEP
196608:MAepKF59Ame+ueSPfXno2Yd52grM3ttMKKlki/15TC+7zzFC3b+R+lPd6/PJH:MAep69+eAfXn4d9Vki/1lI3M/PJH
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
resource yara_rule sample office_macro_on_action -
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/U盘痕迹清除/C_G18030.DLL unpack001/U盘痕迹清除/ETJG.dll unpack001/U盘痕迹清除/Tool/7z.dll unpack001/U盘痕迹清除/Tool/7z.exe unpack001/U盘痕迹清除/drk.bat unpack001/U盘痕迹清除/obEraser.dll unpack001/U盘痕迹清除/天桥存储介质信息消除工具.exe
Files
-
72dce5e971de29a9b7c0d79d09d1b12e709b41c9ff732d99b03ad5d71b31fe9a.zip
-
U盘痕迹清除/AUTORUN.INF
-
U盘痕迹清除/BOOTMGR
-
U盘痕迹清除/C_G18030.DLL.dll .ps1 windows:6 windows x86 arch:x86 polyglot
043bad9ec7ba75947e71fe646933d6da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
kernel32
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
Sleep
Exports
Exports
NlsDllCodePageTranslation
Sections
.text Size: 212KB - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 868B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 892B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/DB.MDB
-
U盘痕迹清除/ETJG.bin
-
U盘痕迹清除/ETJG.dll.dll windows:4 windows x86 arch:x86
6dae78a1437c31b0268260619f91de67
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
shlwapi
StrToIntExA
setupapi
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
hid
HidD_GetPreparsedData
HidP_GetCaps
HidD_GetProductString
HidD_GetAttributes
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetHidGuid
kernel32
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
GetStartupInfoA
GetVersionExA
CreateMutexA
CloseHandle
GetLastError
CreateFileA
ReleaseMutex
WaitForSingleObject
ReadFile
GetOverlappedResult
WriteFile
CreateEventA
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetFileType
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetConsoleCtrlHandler
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
Sleep
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
Exports
Exports
ETJG3DES
ETJGChangeDir
ETJGChangePin
ETJGClose
ETJGControl
ETJGCreateDir
ETJGCreateDirEx
ETJGCreateFile
ETJGEnum
ETJGEraseDir
ETJGExecute
ETJGFormatErrorMessage
ETJGGenRsaKey
ETJGGenUpdatePacket
ETJGOpen
ETJGOpenEx
ETJGPrivateDecrypt
ETJGPublicEncrypt
ETJGReadFile
ETJGUpdate
ETJGVerifyPin
ETJGWriteDataFile
ETJGWriteFile
ETJGWriteFileEx
PETJGWriteFile
Sections
.text Size: 212KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/PSEXEC.EXE.exe windows:5 windows x86 arch:x86
7d320143a97f5ff2b2c22306359754be
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fcSigner
Actual PE Digest3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\src\Pstools\psexec\EXE\Release\psexec.pdb
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetAddConnection2W
WNetCancelConnection2W
kernel32
SetConsoleTitleW
DuplicateHandle
GetCurrentProcessId
TransactNamedPipe
SetNamedPipeHandleState
SetConsoleCtrlHandler
CreateEventW
GetExitCodeProcess
ResumeThread
SetProcessAffinityMask
GetEnvironmentVariableW
WaitForMultipleObjects
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
CopyFileW
SetFileAttributesW
WaitNamedPipeW
GetFileTime
ReadConsoleW
GetFileAttributesW
DisconnectNamedPipe
SetEvent
ConnectNamedPipe
GetModuleFileNameW
GetVersion
GetCurrentProcess
MultiByteToWideChar
GetComputerNameW
GetSystemDirectoryW
DeleteFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExW
FormatMessageA
GetStdHandle
FreeLibrary
SetEnvironmentVariableA
CreateFileW
GetTickCount
Sleep
SetLastError
GetCurrentThread
GetLastError
WaitForSingleObject
CloseHandle
GetCommandLineW
LocalAlloc
GetModuleHandleW
WriteFile
ReadFile
LocalFree
SetPriorityClass
LoadLibraryW
GetProcAddress
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetFullPathNameW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringA
user32
LoadCursorW
SetCursor
SetWindowTextW
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
InflateRect
gdi32
SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps
comdlg32
PrintDlgW
advapi32
CryptDestroyKey
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LogonUserW
ImpersonateLoggedOnUser
RegConnectRegistryW
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptAcquireContextW
CryptReleaseContext
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
SetTokenInformation
GetSecurityInfo
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetSecurityInfo
FreeSid
LsaOpenPolicy
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaFreeMemory
LsaClose
Sections
.text Size: 149KB - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/Tool/7z.dll.dll windows:4 windows x86 arch:x86
e72d28c75d6b8f29b0da6108e7f5d423
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear
user32
CharPrevExA
CharUpperW
msvcrt
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler
kernel32
GetProcAddress
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
VirtualFree
VirtualAlloc
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
SetFileAttributesW
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 746KB - Virtual size: 746KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/Tool/7z.exe.exe windows:4 windows x86 arch:x86
a01d0c00ae4ce56b6886f26ab65d8fd9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
oleaut32
VariantCopy
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
VariantClear
SysAllocString
user32
CharUpperW
advapi32
OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_purecall
strlen
memcmp
memset
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcpy
__CxxFrameHandler
_isatty
_fileno
kernel32
WaitForSingleObject
SetEvent
InitializeCriticalSection
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
FileTimeToLocalFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetFileAttributesW
GetModuleHandleA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
FindNextFileW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
VirtualFree
Sections
.text Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/USB_KEY_API.DLL.dll windows:4 windows x86 arch:x86
e2d1b2ffa4a28c81124f88c56ed492a6
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7c:69:ee:7c:8d:36:5d:b9:2c:cc:e3:49:57:80:78:cfCertificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before28/05/2007, 00:00Not After02/06/2010, 23:59SubjectCN=Feitian Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Feitian Technologies Co.\, Ltd.,L=Beijing\,China,ST=Beijing\,China,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8Signer
Actual PE Digest76:49:ab:f1:75:02:12:06:3b:f4:83:c9:a3:77:df:ac:80:34:23:c8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateFileA
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetVersionExA
TerminateProcess
WideCharToMultiByte
GetEnvironmentStrings
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
IsBadReadPtr
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
setupapi
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
hid
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetFeature
HidD_GetAttributes
HidD_SetFeature
Exports
Exports
MD5_HMAC
et_ChangeUserPIN
et_CloseToken
et_FindToken
et_GenPID
et_GenRandom
et_GenSOPIN
et_GetSN
et_HMAC_MD5
et_OpenToken
et_Read
et_ResetPIN
et_ResetSecurityState
et_SetKey
et_SetupToken
et_TurnOffLED
et_TurnOnLED
et_Verify
et_Write
Sections
.text Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/[BOOT]/Bootable_NoEmulation.img
-
U盘痕迹清除/drk.bat.exe windows:4 windows x86 arch:x86
73ce15e886f7459609db4da9b1552082
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegCloseKey
user32
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharUpperA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
kernel32
GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
gdi32
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
comctl32
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
Sections
.text Size: 381KB - Virtual size: 381KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 19KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 56B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 404KB - Virtual size: 404KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/fixgb18030.bat
-
U盘痕迹清除/obEraser.dll.dll windows:5 windows x86 arch:x86
e12e5664643e05408e9cfeedcfb8c611
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Git\erasertool\cd\release\Eraser.pdb
Imports
kernel32
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoW
FatalAppExitA
TerminateProcess
GetConsoleCP
GetConsoleMode
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
GetFileType
SetStdHandle
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetCommandLineA
SizeofResource
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
LocalLock
LocalUnlock
ReplaceFileA
SearchPathA
GetProfileIntA
GetTempPathA
GetStringTypeW
GetNumberFormatA
GetWindowsDirectoryA
FindResourceExW
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExA
GetFullPathNameA
DuplicateHandle
UnlockFile
LockFile
MoveFileA
lstrcmpiA
GetStringTypeExA
lstrcpyA
FileTimeToSystemTime
GetThreadLocale
GetCPInfo
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
VirtualProtect
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SuspendThread
ResumeThread
SetThreadPriority
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
GetModuleHandleW
lstrcmpA
GetModuleFileNameA
LCMapStringW
IsValidCodePage
GetTempFileNameA
IsProcessorFeaturePresent
GetAtomNameA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
FindResourceA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryW
MultiByteToWideChar
lstrcmpW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetProcessHeap
GlobalMemoryStatus
GetThreadTimes
GetProcessTimes
GetProcessWorkingSetSize
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetSystemDefaultLangID
GetSystemDefaultLCID
GetOEMCP
GetACP
GetLogicalDrives
GetSystemInfo
GetStartupInfoA
InitializeCriticalSection
CreateEventA
QueryPerformanceCounter
VirtualUnlock
VirtualLock
GetSystemTime
GetFileTime
CreateDirectoryA
GetVolumeInformationA
ActivateActCtx
DeactivateActCtx
GetModuleHandleA
GetCurrentDirectoryA
lstrlenA
GetFileAttributesA
GetFileSize
SetEndOfFile
SetLastError
FormatMessageA
LocalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
Sleep
CreateFileA
CloseHandle
DeviceIoControl
ReadFile
VirtualAlloc
VirtualFree
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GetExitCodeThread
TerminateThread
GetShortPathNameA
GetCurrentThreadId
GetVersionExA
SetEvent
SetFileAttributesA
DeleteFileA
MoveFileExA
lstrcpynA
SetFilePointer
WaitForSingleObject
WriteFile
FlushFileBuffers
ResetEvent
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SetConsoleCtrlHandler
user32
DefMDIChildProcA
DefFrameProcA
WaitMessage
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
SetClassLongA
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageA
CopyImage
GetIconInfo
OffsetRect
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
CharUpperA
DestroyIcon
IsIconic
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
SetTimer
DeleteMenu
GetSysColorBrush
RealChildWindowFromPoint
UnregisterClassA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
IntersectRect
EndPaint
BeginPaint
GetWindowDC
FillRect
MapDialogRect
GetAsyncKeyState
ShowOwnedPopups
ValidateRect
PostQuitMessage
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
GetWindowThreadProcessId
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MsgWaitForMultipleObjectsEx
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
wsprintfA
GetCaretPos
GetActiveWindow
GetClipboardOwner
GetClipboardViewer
GetDesktopWindow
GetForegroundWindow
GetInputState
GetTabbedTextExtentA
GetTabbedTextExtentW
GetDCEx
GetWindowRgn
WindowFromDC
DestroyCursor
DrawIcon
EnumChildWindows
SubtractRect
CharUpperBuffA
CopyIcon
RegisterClipboardFormatA
GetUpdateRect
FrameRect
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetDialogBaseUnits
GetKeyboardLayout
GetKeyboardType
GetDoubleClickTime
GetCaretBlinkTime
GetKeyState
SendNotifyMessageA
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
InSendMessage
TranslateMDISysAccel
ScrollWindowEx
DrawMenuBar
TranslateMessage
DispatchMessageA
GetWindowLongA
LoadMenuW
GetSubMenu
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetClipCursor
GetCursorPos
ClipCursor
ReleaseCapture
SetCursor
GetClassInfoA
DefWindowProcA
LoadCursorA
GetParent
SetCapture
GetCapture
InvalidateRect
ScreenToClient
ClientToScreen
GetWindowRect
InvertRect
InflateRect
PtInRect
GetSysColor
GetFocus
IsWindowEnabled
SetFocus
IsWindow
GetSystemMetrics
GetClientRect
PostMessageA
MessageBeep
IsCharAlphaNumericA
SendMessageA
EnableWindow
GetMessageA
gdi32
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
EnumFontFamiliesExA
GetCharWidthA
CreateFontA
StretchDIBits
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
Rectangle
OffsetRgn
CreateFontIndirectA
ExtCreatePen
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetColorAdjustment
SetArcDirection
SetLayout
CreateHatchBrush
CreateSolidBrush
GetRgnBox
DeleteObject
GetLayout
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
RoundRect
GetObjectA
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
GetCurrentObject
BitBlt
Polygon
CreateCompatibleDC
CreateCompatibleBitmap
SelectClipRgn
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
winspool.drv
ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA
advapi32
RegSetValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
GetTokenInformation
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExW
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidA
OpenThreadToken
OpenProcessToken
shell32
SHBrowseForFolderA
ExtractIconA
SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
SHAppBarMessage
SHAddToRecentDocs
SHGetMalloc
DragQueryFileA
DragFinish
comctl32
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
shlwapi
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFileExistsA
PathIsUNCA
ole32
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleSave
StgCreateDocfileOnILockBytes
PropVariantCopy
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoRegisterClassObject
CreateStreamOnHGlobal
CoInitialize
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleCreate
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleRun
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
OleLoad
GetHGlobalFromILockBytes
OleCreateStaticFromData
OleCreateLinkFromData
OleSaveToStream
OleCreateFromData
StgCreateDocfile
WriteClassStm
oleaut32
VariantClear
SysAllocString
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
SafeArrayGetLBound
gdiplus
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI
imm32
ImmGetOpenStatus
ImmReleaseContext
ImmGetContext
winmm
PlaySoundA
oledlg
ord8
Exports
Exports
eraserAddItemA
eraserAddItemW
eraserClearItems
eraserCompleted
eraserCreateContext
eraserCreateContextEx
eraserDestroyContext
eraserDispFlags
eraserEnd
eraserErrorStringA
eraserErrorStringCount
eraserErrorStringW
eraserFailed
eraserFailedCount
eraserFailedStringA
eraserFailedStringW
eraserGetClusterSizeA
eraserGetClusterSizeW
eraserGetDataType
eraserGetFreeDiskSpaceA
eraserGetFreeDiskSpaceW
eraserGetWindow
eraserGetWindowMessage
eraserInit
eraserIsRunning
eraserIsValidContext
eraserProgGetCurrentDataStringA
eraserProgGetCurrentDataStringW
eraserProgGetCurrentPass
eraserProgGetMessageA
eraserProgGetMessageW
eraserProgGetPasses
eraserProgGetPercent
eraserProgGetTimeLeft
eraserProgGetTotalPercent
eraserRemoveFileA
eraserRemoveFileW
eraserRemoveFolderA
eraserRemoveFolderW
eraserSetDataType
eraserSetWindow
eraserSetWindowMessage
eraserShowOptions
eraserShowReport
eraserStart
eraserStartSync
eraserStatGetArea
eraserStatGetTime
eraserStatGetTips
eraserStatGetWiped
eraserStop
eraserTerminated
eraserTestContinueProcess
eraserTestEnable
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 515KB - Virtual size: 514KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 177KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/psloglist.exe.exe windows:5 windows x86 arch:x86
fdd454d119a63499b070a81a331060e5
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 22:40Not After07/03/2011, 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:a2:30:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:01Not After25/07/2013, 19:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
23:03:07:18:57:c3:a6:45:e3:ce:a5:2a:d0:39:d2:6a:ba:c0:18:33Signer
Actual PE Digest23:03:07:18:57:c3:a6:45:e3:ce:a5:2a:d0:39:d2:6a:ba:c0:18:33Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\src\Pstools\psloglist\Release\psloglist.pdb
Imports
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetAddConnection2A
WNetCancelConnection2A
kernel32
GetCommandLineW
GetProcAddress
SetLastError
Sleep
GetTickCount
CloseHandle
CreateFileA
FreeLibrary
WriteFile
GetStdHandle
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryA
WideCharToMultiByte
GetModuleFileNameA
SetEvent
ConnectNamedPipe
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetVersion
GetComputerNameA
CreateEventA
SystemTimeToFileTime
FindFirstFileA
GetSystemTimeAsFileTime
FindClose
GetLastError
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
FormatMessageA
LocalAlloc
LocalFree
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetSystemDirectoryA
IsValidLocale
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapSize
GetLocaleInfoW
ReadFile
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
DeleteFileA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetModuleHandleW
ExitProcess
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
user32
LoadCursorA
SetCursor
SetWindowTextA
SendMessageA
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
InflateRect
gdi32
SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps
comdlg32
PrintDlgA
advapi32
RegCreateKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
ImpersonateLoggedOnUser
RegConnectRegistryA
RevertToSelf
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
RegSetValueExA
OpenBackupEventLogA
OpenEventLogA
BackupEventLogA
CloseEventLog
NotifyChangeEventLog
ReadEventLogA
LookupAccountSidA
RegEnumKeyA
ClearEventLogA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
Sections
.text Size: 131KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
U盘痕迹清除/天桥存储介质信息消除工具.exe.exe windows:5 windows x86 arch:x86
7c991979f5004dfd140d7e8926b66054
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\gitcodespace\erasertool\cd\Release\obEraser_cd.pdb
Imports
oberaser
eraserIsValidContext
eraserCreateContextEx
eraserSetWindow
eraserSetWindowMessage
eraserClearItems
eraserSetDataType
eraserAddItemA
eraserRemoveFolderA
eraserStart
eraserGetDataType
eraserProgGetCurrentDataStringA
eraserProgGetMessageA
eraserDispFlags
eraserProgGetPercent
eraserProgGetTotalPercent
eraserProgGetCurrentPass
eraserProgGetPasses
eraserProgGetTimeLeft
eraserStop
eraserIsRunning
eraserFailedCount
eraserErrorStringCount
eraserCompleted
eraserTerminated
eraserFailed
eraserStatGetWiped
eraserStatGetTime
eraserErrorStringA
eraserFailedStringA
eraserInit
eraserDestroyContext
kernel32
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
GetStringTypeW
FreeEnvironmentStringsW
HeapSize
QueryPerformanceCounter
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetExitCodeProcess
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
GetLogicalDriveStringsA
GetDriveTypeA
GetOverlappedResult
ReleaseMutex
LCMapStringA
InterlockedCompareExchange
HeapQueryInformation
ExitThread
GetEnvironmentStringsW
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetVolumeInformationA
GetWindowsDirectoryA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetLocalTime
GetACP
MultiByteToWideChar
GetLastError
FormatMessageA
LocalFree
TerminateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateThread
lstrlenA
lstrcpyA
OutputDebugStringA
GetCurrentProcess
CloseHandle
GetEnvironmentVariableA
CreateFileA
SetFilePointer
ReadFile
GetDiskFreeSpaceA
FileTimeToLocalFileTime
WriteFile
FlushFileBuffers
Sleep
DeleteFileA
OpenProcess
TerminateProcess
InterlockedDecrement
WinExec
IsValidCodePage
lstrcmpA
DeviceIoControl
GetLogicalDrives
GetFileAttributesA
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetNumberFormatA
GetTempFileNameA
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
SetErrorMode
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
InterlockedExchange
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
FindFirstFileW
InterlockedIncrement
FindNextFileW
GetStringTypeExA
CopyFileA
GlobalSize
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
GetCurrentProcessId
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
ActivateActCtx
DeactivateActCtx
SetLastError
lstrcmpW
IsWow64Process
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
FindNextFileA
FindFirstFileA
GetFileSize
GetFileInformationByHandle
WaitForMultipleObjects
CreateEventA
SetEvent
WaitForSingleObject
CreateProcessA
GetVersionExA
GetModuleFileNameA
CreateMutexA
GlobalFree
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetDriveTypeW
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetFilePointerEx
GetDiskFreeSpaceExA
MoveFileA
FindClose
user32
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LoadImageA
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
IsZoomed
DestroyIcon
MessageBeep
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
DeleteMenu
WaitMessage
UnregisterClassA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoA
ShowOwnedPopups
GetMessageA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IntersectRect
InflateRect
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
DefFrameProcA
GetKeyNameTextA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
BeginPaint
GetDC
SendMessageA
GetClientRect
LoadStringA
IsWindow
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
IsWindowEnabled
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
GetMenuItemID
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
LoadImageW
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
DestroyCursor
MapVirtualKeyA
GetWindowRgn
GetWindowDC
ReleaseDC
GetWindowRect
EnableWindow
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
GetMessagePos
ScreenToClient
wsprintfA
KillTimer
LoadBitmapW
CopyRect
DrawFocusRect
EndPaint
OffsetRect
InvalidateRect
LockWindowUpdate
PostMessageA
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
LoadMenuW
GetSubMenu
GetWindowLongA
GetCapture
GetCursorPos
WindowFromPoint
GetSysColor
ClientToScreen
ReleaseCapture
GetParent
GetNextDlgGroupItem
SystemParametersInfoA
PtInRect
DrawTextA
TabbedTextOutA
DrawTextExA
GrayStringA
SetCapture
SetTimer
FillRect
SetWindowRgn
LoadCursorA
SetCursor
SetWindowTextA
GetWindowThreadProcessId
GetWindow
SetWindowPos
SetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
DefMDIChildProcA
gdi32
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
GetStockObject
PatBlt
CreateCompatibleDC
GetObjectA
SelectObject
BitBlt
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgn
SetBkMode
SetTextColor
CreateFontIndirectA
SetBkColor
GetDeviceCaps
CopyMetaFileA
CreateDCA
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
CreatePalette
SetStretchBltMode
msimg32
TransparentBlt
AlphaBlend
comdlg32
GetFileTitleA
winspool.drv
OpenPrinterA
ClosePrinter
DocumentPropertiesA
advapi32
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueA
RegDeleteValueA
RegCreateKeyExA
AddAce
RegGetKeySecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CopySid
GetTokenInformation
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
ClearEventLogA
GetUserNameA
RegQueryInfoKeyA
RegSetValueExA
GetSecurityInfo
LookupAccountSidA
RegLoadKeyA
CloseEventLog
OpenEventLogA
RegEnumValueA
RegQueryValueExA
RegUnLoadKeyA
RegFlushKey
AdjustTokenPrivileges
shell32
DragFinish
SHGetSpecialFolderPathA
SHEmptyRecycleBinA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHChangeNotify
DragQueryFileA
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderLocation
SHGetDesktopFolder
comctl32
ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent
shlwapi
SHDeleteKeyA
PathFileExistsA
StrStrIA
SHDeleteValueA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA
ole32
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromString
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CoInitializeEx
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoTaskMemFree
CoLockObjectExternal
RegisterDragDrop
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
OleGetClipboard
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SafeArrayDestroy
SysAllocStringLen
SysStringLen
VariantChangeType
SysAllocString
VariantCopy
VariantInit
SysAllocStringByteLen
SysFreeString
VariantClear
oledlg
ord8
gdiplus
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
setupapi
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
hid
HidD_GetAttributes
HidD_GetHidGuid
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_FlushQueue
wininet
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundA
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 385KB - Virtual size: 384KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 221KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ