d12fa4c0d0ebb92ad2e1151e995f24bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d12fa4c0d0ebb92ad2e1151e995f24bf_JaffaCakes118
Size

1.1MB
MD5

d12fa4c0d0ebb92ad2e1151e995f24bf
SHA1

52bf9307ac43091675f9688bb6d578d5d88d0477
SHA256

6240e6ff078aacb916534f69417efd89940829bc2fc5ce55d34fb2df4492da0c
SHA512

626d7bee0c07ea348203b608d4edba202a2aea0bebb808da76452e7940e334c5a57f7415204eb4a91e891233323b96f88f93bb95720b9b6d84479c2d0f52123e
SSDEEP

24576:9npfUkOwKrPAx3d0nKexVbMRMm/IwbEcYSrlvc87TefK4gp6BGgr:9nlOwmYNWVkLEcZFTmg6Bvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ConNet.exe
unpack001/CutConnectInterNet.dll
unpack001/Disk32.dll
unpack001/LapTopSwitchSrv.dll
unpack001/SetUp.dll
unpack001/StartServer.exe
unpack001/WinIo.dll
unpack001/WinIo.sys
unpack001/ZFCard.exe
unpack001/ZFDEL.EXE
unpack001/unload.exe
unpack001/zfsoft.exe

Files

d12fa4c0d0ebb92ad2e1151e995f24bf_JaffaCakes118
.zip
ConNet.exe
.exe windows:4 windows x86 arch:x86

2a6dd7f959ece816ce047fd57559aa50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winio

SetPortVal

mfc42

ord5289
ord5307
ord4698
ord5714
ord3147
ord3259
ord4465
ord2982
ord3262
ord3136
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord2985
ord4622
ord4424
ord3738
ord4080
ord4079
ord815
ord2621
ord6117
ord1134
ord540
ord800
ord537
ord1200
ord665
ord6283
ord2818
ord1979
ord5442
ord2725
ord354
ord941
ord4129
ord5683
ord858
ord4277
ord2764
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord825
ord561
ord5186
ord1576
ord1168

msvcrt

_controlfp
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__commode
_acmdln
_XcptFilter
_exit
__set_app_type
__dllonexit
_mbscmp
fopen
fprintf
fclose
__CxxFrameHandler
exit
_onexit
_setmbcp

kernel32

Sleep
GetProcAddress
LoadLibraryA
FreeLibrary
ReadFile
SetFilePointer
GetLastError
GetVersion
CreateFileA
GetCommandLineA
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetStartupInfoA
GetModuleHandleA

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CutConnectInterNet.dll
.dll windows:4 windows x86 arch:x86

f1f7c3497329ebafd4a948f432e7531f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\WorkDir\隔离卡\阻止连接互联网\CutConnectInterNet\CutConnectInterNet\Release\CutConnectInterNet.pdb

Imports

kernel32

CompareStringW
SetLastError
GetModuleFileNameA
GetLastError
Sleep
lstrlenA
lstrcpyA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapAlloc
SetEnvironmentVariableA
HeapFree
CompareStringA
GetSystemInfo
VirtualProtect
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualQuery
CloseHandle
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LoadLibraryA
SetStdHandle
FlushFileBuffers
GetOEMCP
GetCPInfo
CreateFileA
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
SetEndOfFile
ReadFile

advapi32

QueryServiceStatus
ControlService
DeleteService
RegQueryValueExA
RegSetValueExA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
OpenServiceA

iphlpapi

DeleteIpForwardEntry
GetIpForwardTable

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UnInstaService

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DISK16.DLL
Disk32.dll
.dll windows:4 windows x86 arch:x86

a0e4f543c8a56bc720eb38d4ccdb60a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SMapLS_IP_EBP_28
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
GetEnvironmentStrings
SUnMapLS_IP_EBP_28
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SMapLS_IP_EBP_28
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

CheckInt13Extension32
Disk_ThunkData32
ReadDisk32
WriteDisk32

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LapTopSwitchSrv.dll
.dll windows:4 windows x86 arch:x86

f039c0fc20143ca0d5515131bcbcd4e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Gelika\利用服务实现笔记本隔离卡切换网络\LapTopSwitchSrv\LapTopSwitchSrv\Release\LapTopSwitchSrv.pdb

Imports

kernel32

lstrlenA
GetModuleFileNameA
GetPrivateProfileIntA
lstrcpyA
Sleep
SetEnvironmentVariableA
CompareStringW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
SetupComm
GetCommState
SetCommState
PurgeComm
WriteFile
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
SetLastError
CompareStringA
DeleteFileA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
HeapFree
GetCurrentThreadId
GetCommandLineA
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
WideCharToMultiByte
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
ReadFile

advapi32

QueryServiceStatus
ControlService
DeleteService
RegSetValueExA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
OpenServiceA

shlwapi

PathRemoveFileSpecA

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UnInstaService

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SetUp.dll
.exe windows:4 windows x86 arch:x86

2b60a63d3dafb044a88da007209a1da9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Zns-u\UnLoad\UnLoad\Release\UnLoad.pdb

Imports

winio

RemoveWinIoDriver

kernel32

VirtualQuery
GetStartupInfoA
HeapReAlloc
SetStdHandle
GetFileType
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetSystemInfo
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
ExitProcess
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
GetCurrentDirectoryA
GetFileTime
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
WriteFile
GetSystemDirectoryA
GetCurrentProcess
lstrcmpA
CompareStringW
CompareStringA
lstrcmpiA
GetLastError
MultiByteToWideChar
WritePrivateProfileStringA
FindNextFileA
RemoveDirectoryA
DeleteFileA
Sleep
MoveFileExA
GetVersion
FindFirstFileA
FindClose
GetCommandLineA
GetVolumeInformationA
GetPrivateProfileStringA
GetModuleFileNameA
GetDriveTypeA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateFileA
CloseHandle
lstrlenA
lstrcpynA
GetStringTypeW

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
PostThreadMessageA
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfA
ReleaseDC
GetDC
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
GetMenuState
GetMenuItemID
RegisterClipboardFormatA
GetMenuItemCount
GetSubMenu
GetCursorPos
ClientToScreen
WindowFromPoint
GetSysColor
GetWindowRect
DrawEdge
GetCapture
ReleaseCapture
GetWindowTextA
AdjustWindowRectEx
InvalidateRect
SetRect
CopyRect
ExitWindowsEx
GetSystemMetrics
LoadIconA
EnableWindow
FindWindowA
GetClientRect
IsIconic
GetSystemMenu
PostMessageA
SendMessageA
AppendMenuA
DrawIcon
CharUpperA
MessageBoxA
ScreenToClient

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
GetStockObject
ExtTextOutA
GetTextMetricsA
SelectObject
SetStretchBltMode
SetDIBitsToDevice

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA

shell32

ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

SysFreeString
OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SorftType.txt
StartServer.exe
.exe windows:4 windows x86 arch:x86

f5d3271e402583d98fc7a27fc0917833

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCurrentProcess
CloseHandle
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetShortPathNameA
MultiByteToWideChar
lstrlenW
GetModuleFileNameA
lstrlenA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
WinExec
HeapCreate
SetLastError
TlsGetValue
GetStringTypeA
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
InterlockedDecrement
CompareStringW
CompareStringA
GetStringTypeW
DeleteCriticalSection
VirtualFree
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
ReadFile
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
IsBadReadPtr
SetHandleCount
VirtualAlloc
IsBadWritePtr
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
GetStdHandle
GetFileType
WriteFile
SetStdHandle
InterlockedIncrement
CreateFileA
SetFilePointer
SetUnhandledExceptionFilter

user32

CharNextA
MessageBoxA
PostThreadMessageA
DispatchMessageA
GetMessageA
LoadStringA

advapi32

GetTokenInformation
OpenThreadToken
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
SetSecurityDescriptorOwner
CloseServiceHandle
SetSecurityDescriptorGroup
OpenProcessToken
GetLengthSid

ole32

CoTaskMemFree
CoCreateInstance
CoRevokeClassObject
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoRegisterClassObject

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WINIO.VXD
WinIo.dll
.dll windows:4 windows x86 arch:x86

b9b2bee901bb36181f387e1e336faa1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
DeviceIoControl
GetEnvironmentVariableA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

advapi32

ControlService
CloseServiceHandle
OpenSCManagerA
CreateServiceA
StartServiceA
OpenServiceA
DeleteService

Exports

Exports

GetPhysLong
GetPortVal
InitializeWinIo
InstallWinIoDriver
MapPhysToLin
RemoveWinIoDriver
SetPhysLong
SetPortVal
ShutdownWinIo
UnmapPhysicalMemory

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinIo.sys
.sys windows:4 windows x86 arch:x86

172b54da983eaa27abf08d8ed525b840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoCreateDevice
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IoCreateSymbolicLink
IofCompleteRequest
Ke386IoSetAccessProcess
IoDeleteSymbolicLink
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
ZwUnmapViewOfSection
IoDeleteDevice
IoGetCurrentProcess

hal

HalTranslateBusAddress

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 544B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ZFCard.exe
.exe windows:4 windows x86 arch:x86

4db11c510893d743dd6a8eec68c2cb3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winio

SetPortVal
GetPortVal

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
HeapReAlloc
SetStdHandle
GetFileType
TerminateProcess
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualProtect
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
SetErrorMode
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DeleteFileA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
RaiseException
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SetCommState
GetCommState
SetupComm
PurgeComm
WriteFile
WritePrivateProfileStringA
CreateMutexA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetPrivateProfileStringA
lstrlenA
lstrcpynA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeA
GetCommandLineA
MulDiv
DeviceIoControl
CreateFileA
SetFilePointer
ReadFile
lstrcmpA
EnterCriticalSection
Sleep
GetCurrentProcess
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
GetLastError
SetLastError
LeaveCriticalSection
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr

user32

PostThreadMessageA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
SetWindowContextHelpId
MapDialogRect
wsprintfA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
PtInRect
GetWindow
GetMenuState
GetCursorPos
IsWindow
LoadIconA
SetForegroundWindow
GetWindowDC
BringWindowToTop
IsIconic
GetSystemMenu
CreatePopupMenu
DrawIcon
MessageBoxA
FindWindowA
ShowWindow
UpdateWindow
SetRect
CharUpperA
GetSystemMetrics
DrawIconEx
SystemParametersInfoA
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
AppendMenuA
DrawFrameControl
DrawEdge
KillTimer
SetTimer
LoadBitmapA
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
MapVirtualKeyA
GetKeyNameTextA
ExitWindowsEx
LoadImageA
GetSysColor
GetSubMenu
TrackPopupMenuEx
PostMessageA
SetCursor
DestroyCursor
DestroyMenu
GetWindowLongA
CopyAcceleratorTableA
IsRectEmpty
CharNextA
TrackPopupMenu
EnableWindow
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
GetDC
ReleaseDC
DrawStateA
DestroyIcon
SendMessageA
UnhookWindowsHookEx

gdi32

CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetRgnBox
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteDC
GetStockObject
DeleteObject
GetDeviceCaps
CreatePen
PatBlt
Rectangle
GetTextColor
CreateFontA
CreateFontIndirectA
CreateDIBitmap
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegOpenKeyA
GetUserNameW
RegCreateKeyA

shell32

ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantTimeToSystemTime
SysAllocString
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
SystemTimeToVariantTime
OleCreateFontIndirect

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZFDEL.EXE
.exe windows:4 windows x86 arch:x86

6c1a522dd6adb1f2bf1759e0a0ba6dc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FormatMessageA
MoveFileA
WriteFile
SetFilePointer
VirtualFree
VirtualAlloc
DeleteFileA
CloseHandle
GetLastError
CreateFileA
WaitForSingleObject
GetDiskFreeSpaceA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetProcAddress
GetModuleHandleA
GetVersion
GetCurrentDirectoryA
GetFullPathNameA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
LocalFree
InterlockedIncrement
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
IsBadWritePtr
IsBadReadPtr
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
SetStdHandle
HeapAlloc
HeapReAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unload.exe
.exe windows:4 windows x86 arch:x86

3af19230ad093b3439669fb0f00a46e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\隔离卡\优化后的管理工具\UnInstall\UnInstall\Release\UnInstall.pdb

Imports

kernel32

RtlUnwind
ExitProcess
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
VirtualQuery
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
GetTickCount
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
WritePrivateProfileStringA
FreeResource
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetTempPathA
CopyFileA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
FreeEnvironmentStringsW
InterlockedExchange

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
CharUpperA
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
RegisterClipboardFormatA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetTopWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostMessageA
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetMapMode
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc
OleInitialize

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zfsoft.exe
.exe windows:4 windows x86 arch:x86

6e427e3593eeda6875af5a218878740a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3874
ord540
ord5875
ord2859
ord613
ord1641
ord1640
ord6880
ord289
ord1146
ord2122
ord4160
ord6197
ord283
ord4133
ord4297
ord5788
ord472
ord2567
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord941
ord5710
ord535
ord356
ord2614
ord940
ord859
ord537
ord860
ord5220
ord913
ord4189
ord5645
ord5265
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord641
ord324
ord2370
ord2302
ord4234
ord4853
ord4376
ord858
ord4129
ord5683
ord2652
ord1200
ord4224
ord939
ord1669
ord1168
ord3825
ord3499
ord2515
ord355
ord5651
ord3616
ord1979
ord665
ord3127
ord5186
ord350
ord354
ord823
ord4710
ord4644
ord1771
ord800
ord2413
ord2024
ord4217
ord2576
ord4397
ord3352
ord3577
ord692
ord5890
ord2937
ord2289
ord5572
ord2915
ord2086
ord6215
ord5440
ord6383
ord5450
ord6394
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord700
ord5214
ord398
ord296
ord2621
ord1134
ord3092
ord6241
ord2863
ord755
ord470
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord2864
ord5981
ord5053
ord2405
ord2379
ord4284
ord4275
ord5785
ord2414
ord3663
ord3626
ord825
ord567
ord556
ord323
ord609
ord809
ord640
ord3574
ord4424
ord4627
ord4080
ord6366
ord3079
ord1776
ord4078
ord6055
ord2575
ord6334
ord3571
ord1576

msvcrt

__CxxFrameHandler
_ftol
_mbsnbcpy
_mbscmp
sprintf
_mbsicmp
fprintf
_iob
free
fwrite
fread
malloc
fclose
fopen
rewind
printf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetModuleHandleA
GetLogicalDriveStringsA
WaitForSingleObject
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CopyFileA
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindClose
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
GetVersionExA
GetWindowsDirectoryA
GetComputerNameA
DeleteFileA
GetStartupInfoA

user32

SendMessageA
GetWindowLongA
GetSystemMetrics
DestroyCursor
DestroyMenu
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
RedrawWindow
GetDlgItem
SetFocus
EnableWindow
FrameRect
LoadImageA
GetNextDlgTabItem
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
IsIconic
InvalidateRect
SetCursor
DestroyIcon
GetParent

gdi32

GetObjectA
GetPixel
SetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject

advapi32

CryptDestroyHash
CryptCreateHash
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey
RegCloseKey
CryptEncrypt
GetUserNameA
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptHashData
CryptDeriveKey
CryptAcquireContextA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

ole32

CoCreateInstance

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ʹ˵.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

2a6dd7f959ece816ce047fd57559aa50

Headers

File Characteristics

Imports

winio

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 660B

.rsrc Size: 4KB - Virtual size: 2KB

f1f7c3497329ebafd4a948f432e7531f

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

iphlpapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 4KB

a0e4f543c8a56bc720eb38d4ccdb60a6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

f039c0fc20143ca0d5515131bcbcd4e6

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 5KB

2b60a63d3dafb044a88da007209a1da9

Headers

File Characteristics

PDB Paths

Imports

winio

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 660B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 4B

INIT
Size: 544B - Virtual size: 536B

.reloc
Size: 128B - Virtual size: 108B

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB