d666723851a68f311cc86fdfb71db4bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d666723851a68f311cc86fdfb71db4bf_JaffaCakes118
Size

9.9MB
MD5

d666723851a68f311cc86fdfb71db4bf
SHA1

fd116e819deed04c4b45f8bfc67f279eef8ecd9d
SHA256

2ad197ccffa8d9d9a7ec711c6548b5c11194bd6ff3be04405395ac999c23b1a0
SHA512

5cc67e1e5d47e10e886e2b515c43088dd3b80551046840fd58493667e0759d9ae2d97219af05ad0c2fb5d6563ee58a2c3aa58ccedf7f05af445addced2f074c8
SSDEEP

196608:7IZg5MqhyZ8bgVH9coVD/LW3shCfBn5kIG00diBVch/LGbF1fc3fm3nf:7IZhR8uH9coVD/Rsp5T4KF1fTnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EULA.EXE
unpack001/EulaRes.dll
unpack001/MCAPPINS.EXE
unpack001/MCUNINST.DLL
unpack001/SETUP.EXE
unpack001/SETUPRES.DLL
unpack001/UNINST.DLL
unpack001/VSCFGINS.DLL
unpack001/mcinsres.dll
unpack003/McSubMgr.dll
unpack004/mccomctl.dll
unpack005/dunzip32.dll
unpack005/mghtml.exe
unpack006/McTskshd.exe
unpack007/McRegWiz.exe
unpack007/RegWizUI.dll
unpack008/McDash.exe
unpack008/McPatch.dll
unpack008/McScIndx.dll
unpack008/mcagent.exe
unpack008/mcagntps.dll
unpack008/mcaping.dll
unpack008/mcback.dll
unpack008/mcuilib.dll
unpack008/mcupdate.exe
unpack009/scres.dll

Files

d666723851a68f311cc86fdfb71db4bf_JaffaCakes118
.rar
AGENTINS.INF
AgOEMVer.ini
AgentVer.ini
.ps1
AgntIcfg.ini
EULA.EXE
.exe windows:4 windows x86 arch:x86

b2094e5ccb0e9ca64e91a9086c5b87e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent

kernel32

TerminateThread
WaitForSingleObject
GetCurrentThreadId
CreateEventA
GetVersionExA
GetProcAddress
DeleteCriticalSection
OpenEventA
GetSystemDirectoryA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteFileA
GetStringTypeW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetCPInfo
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapAlloc
HeapFree
FreeLibrary
CreateMutexA
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSection
lstrlenA
LocalAlloc
LocalFree
lstrcpynA
GetACP
FormatMessageA
lstrcpyA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetSystemDefaultLCID
GetSystemDefaultLangID
MulDiv
FindResourceA
SizeofResource
LoadResource
LockResource
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
GetPrivateProfileStringA
GetStringTypeA
GetPrivateProfileIntA
CloseHandle
GetModuleFileNameA
GetShortPathNameA
UnhandledExceptionFilter

user32

GetParent
SetPropA
LoadStringA
GetWindowLongA
GetCapture
InvalidateRect
SetCapture
SetCursor
RemovePropA
TabbedTextOutA
CreateDialogParamA
DestroyWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowTextA
DrawTextA
SetWindowLongA
CallWindowProcA
GetCursorPos
GetWindowRect
PtInRect
ReleaseCapture
ClientToScreen
SetWindowPos
LoadCursorA
GetClientRect
LoadBitmapA
PostQuitMessage
DefDlgProcA
GetDlgCtrlID
GetPropA
GetClassInfoA
RegisterClassA
GetWindowDC
ReleaseDC
EndDialog
EnableWindow
wsprintfA
MessageBoxA
SetDlgItemTextA
SetWindowTextA
GetDlgItem
ShowWindow
GetDC
DialogBoxParamA
SendMessageA

gdi32

GetTextExtentPointA
EndPage
EndDoc
GetTextMetricsA
SetAbortProc
StartDocA
SetTextColor
SetBkMode
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
TranslateCharsetInfo
DeleteObject
GetStockObject
GetObjectA
GetDeviceCaps
CreateFontIndirectA
StartPage

comdlg32

PrintDlgA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA

shell32

ShellExecuteA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EulaRes.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCAPPINS.EXE
.exe windows:4 windows x86 arch:x86

78574f9b9c3120ba21b6335f3561fbaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetProcAddress
LoadLibraryA
GetSystemDirectoryA
LocalFree
FormatMessageA
GetShortPathNameA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetCurrentThreadId
CloseHandle
GetPrivateProfileSectionA
CopyFileA
SetFileAttributesA
GetLongPathNameA
DeleteFileA
GetTempPathA
CreateEventA
lstrcpyA
SetEvent
WaitForMultipleObjects
CreateThread
GetFileAttributesA
GetCurrentDirectoryA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
MoveFileExA
FindClose
FindNextFileA
RemoveDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileIntA
CreateDirectoryA
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
GlobalFree
GlobalAlloc
lstrcpynA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
lstrcatA
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetStdHandle
GetSystemInfo
VirtualProtect
VirtualQuery
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FindFirstFileA
FreeLibrary
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
Sleep
InterlockedExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
MultiByteToWideChar
GetLastError
lstrlenA
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCPInfo
GetOEMCP
IsBadWritePtr
HeapReAlloc
VirtualAlloc
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree

user32

wsprintfA
PostThreadMessageA
GetSystemMetrics
LoadStringA
SetWindowTextA
SendMessageA
RegisterClassA
CreateWindowExA
UnregisterClassA
DefWindowProcA
FindWindowA
PostMessageA
ExitWindowsEx
CharLowerA
MessageBoxA
CharUpperA
CreateDialogParamA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SetDlgItemTextA

advapi32

RegQueryValueExA
RegEnumKeyExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MCAPPINS.INF
MCUNINST.DLL
.dll windows:4 windows x86 arch:x86

20a3d3944073cf43affad5adef34325a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
FindResourceA
WideCharToMultiByte
lstrlenW
GetShortPathNameA
GetSystemDirectoryA
GetModuleFileNameA
LoadResource
SizeofResource
OpenProcess
MultiByteToWideChar
lstrlenA
Sleep
OutputDebugStringA
GetVersionExA
RemoveDirectoryA
GetPrivateProfileSectionA
GetTempFileNameA
FindClose
FindNextFileA
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcpyA
CreateProcessA
MoveFileExA
SetFilePointer
ReadFile
GetFileSize
lstrcatA
lstrcpynA
LockResource
GetTempPathA
CloseHandle
CreateFileA
WriteFile
GetPrivateProfileIntA
GetLastError
FormatMessageA
GetVersion
GetPrivateProfileStringA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetWindowsDirectoryA
TlsSetValue
TlsAlloc
GetOEMCP
LCMapStringA
GetACP
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
GetCurrentThreadId
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
SetStdHandle
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
ExitProcess
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
HeapDestroy
HeapCreate
IsBadReadPtr
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetStdHandle
SetHandleCount
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsW
GetEnvironmentStrings
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

PostMessageA
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowA

advapi32

QueryServiceStatus
CloseServiceHandle
ControlService
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenServiceW
RegQueryValueExA
RegDeleteValueA
RegOpenKeyA
OpenSCManagerW
RegCreateKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CLSIDFromString
CoInitialize
CoUninitialize
CoGetClassObject
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
VariantInit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DHIsASInstalled
DHUninstall
DHUninstallAS
DHUninstallApp
DHUninstallFromFile
DHUninstallMPF
DHUninstallMPS
DHUninstallVSO

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SETUP.EXE
.exe windows:4 windows x86 arch:x86

a710771f77e0ef06dd30509e637cd387

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
IsBadReadPtr
IsBadWritePtr
CompareFileTime
SystemTimeToFileTime
lstrlenA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetPrivateProfileStructA
WritePrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
LocalFree
LocalAlloc
GetProcAddress
LeaveCriticalSection
LoadLibraryA
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
GetShortPathNameA
lstrcatA
MoveFileExA
RemoveDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetCurrentProcess
GlobalAlloc
GetLastError
GlobalFree
CloseHandle
WideCharToMultiByte
GetVersionExA
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileAttributesA
DeleteFileA
GetSystemTime
OpenFile
GetFileSize
ReadFile
GetModuleHandleA
MultiByteToWideChar
lstrcpyA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
GetOEMCP
HeapFree
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
FlushFileBuffers

user32

SendDlgItemMessageA
SetWindowTextA
SetDlgItemTextA
wsprintfA
LoadStringA
CharNextA
MessageBoxA
DialogBoxParamA
UpdateWindow
SetForegroundWindow
EndDialog

gdi32

DeleteObject
CreateFontIndirectA

advapi32

RegOpenKeyExA
RegDeleteValueA
OpenSCManagerA
LockServiceDatabase
CloseServiceHandle
OpenServiceA
ChangeServiceConfigA
UnlockServiceDatabase
RegEnumKeyExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

ole32

CoUninitialize
CoInitialize
CoGetClassObject
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SETUPRES.DLL
.dll windows:4 windows x86 arch:x86

b2e50cc60a521158b3ea2d099cbea42b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNINST.DLL
.dll windows:4 windows x86 arch:x86

3790726a7b40262bfc5c3d357df247a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalHandle
GetLocalTime
OpenProcess
FreeLibrary
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
GetDriveTypeA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
DeleteFileA
lstrlenA
lstrcpyA
lstrcatA
CreateFileA
SetLastError
SetFilePointer
ReadFile
WriteFile
CreateProcessA
WaitForSingleObject
GetFileAttributesA
SetFileAttributesA
OpenFile
FlushFileBuffers
CloseHandle
GetPrivateProfileSectionA
WritePrivateProfileStringA
SleepEx
TerminateProcess
GetTempPathA
GlobalReAlloc
CopyFileA
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
lstrcpynA
RtlUnwind
GetCommandLineA
GetVersion
GetLastError
GetFileType
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr

user32

wsprintfA
SendMessageA
FindWindowA

advapi32

DeleteService
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
GetUserNameA
RegSetValueExA
RegFlushKey
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

Dll_Uninstall
UninstReb

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VSCFGINS.DLL
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VSCUninst.log
VSOINS.INF
VsoVer.ini
.ps1
agentins.ui
.zip
install.ini
mcinsres.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Code\Vssd_2005_enus\installer\Mcappins_en-us\mcinsres\Release\mcinsres.pdb

Sections

.rdata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shared/AGENTSUB.CAB
.cab
McSubMgr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e75b5c5a124caa526a9dcdf26eb433b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetACP
GetLocaleInfoA
GetThreadLocale
GetShortPathNameA
GetModuleFileNameA
InterlockedExchange
RaiseException
lstrlenA
lstrlenW
SetFileAttributesA
GetFileAttributesA
CopyFileA
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentDirectoryA
lstrcpyA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
MoveFileExA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
WideCharToMultiByte
CreateDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
GetTempFileNameA
IsBadReadPtr
IsBadWritePtr
lstrcmpiA
DisableThreadLibraryCalls
lstrcpynA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
lstrcmpA
GetLocalTime
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
GetLastError
LocalAlloc
LocalFree
EnterCriticalSection
GetSystemDirectoryA
InitializeCriticalSection
LoadLibraryA
LeaveCriticalSection
GetProcAddress
FreeLibrary
DeleteCriticalSection
GetVersionExA
RemoveDirectoryA
CompareStringA
SetStdHandle
GetStartupInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadCodePtr
GetStringTypeW
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
GetStringTypeA
UnhandledExceptionFilter
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
GetEnvironmentStringsW

user32

wsprintfA
CharNextA
LoadStringA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
FreeSid
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SafeArrayCreate
VariantInit
SafeArrayPutElement
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agentsub.inf
shared/MCCOMCTL.CAB
.cab
mccomctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

57da3b7d668b26c10f80a2570f4dba29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
HeapReAlloc
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GlobalFree
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
SetErrorMode
lstrcpynA
GetLastError
lstrcpyA
lstrcatA
FreeResource
GetCurrentThreadId
HeapAlloc
InterlockedExchange
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
GetACP
GetStartupInfoA

user32

UnregisterClassA
SendMessageA
InvalidateRect
GetFocus
GetSysColor
CallWindowProcA
SetWindowLongA
FillRect
GetSysColorBrush
DrawFrameControl
OffsetRect
CopyRect
wsprintfA
BeginPaint
EndPaint
IsWindow
GetKeyState
UnionRect
PtInRect
CharNextA
SetForegroundWindow
ReleaseCapture
PostMessageA
SetCapture
GetCursor
SetCursor
DrawTextA
GetDC
GetClientRect
CreateWindowExA
LoadCursorA
GetClassInfoExA
GetScrollPos
GetParent
RegisterClassExA
ShowWindow
DestroyWindow
DefWindowProcA
IntersectRect
EqualRect
SetWindowRgn
SetWindowPos
ShowCaret
HideCaret
IsChild
SetFocus
UpdateWindow
ReleaseDC
GetWindowRect
GetWindowLongA

gdi32

CreateDCA
LPtoDP
SetMapMode
SetViewportOrgEx
GetDeviceCaps
CreateMetaFileA
SetWindowOrgEx
CloseMetaFile
DeleteMetaFile
SetTextAlign
GetStockObject
GetObjectA
SaveDC
SelectClipRgn
RestoreDC
SetTextColor
TextOutA
CreateRectRgnIndirect
CreateBrushIndirect
Polygon
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
DeleteDC
CreateFontIndirectA
CreateSolidBrush
DeleteObject
CreatePen
SelectObject
Polyline
SetWindowExtEx

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromGUID2
CreateOleAdviseHolder
CoCreateInstance
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateDataAdviseHolder

oleaut32

OleCreatePropertyFrame
OleLoadPicture
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SysFreeString
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayDestroy

shlwapi

PathFindExtensionA

comctl32

ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mccomctl.inf
shared/MCGDMGR.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

6fc943e5f85073be21cb0f72ca057ddd

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:d3:6a:e0:18:f5:2f:c2:7b:03:7f:93:a1:a7:93:d6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/10/2004, 00:00

Not After

07/10/2005, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
GetCurrentThreadId
ReadFile
CreateFileA
InterlockedIncrement
ResetEvent
DeleteFileA
SetEndOfFile
GetFileSize
SetFilePointer
GetTempFileNameA
MultiByteToWideChar
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
FlushFileBuffers
WriteFile
IsBadReadPtr
TerminateThread
WaitForMultipleObjects
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WideCharToMultiByte
lstrlenA
lstrcpynA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
lstrlenW
GetModuleFileNameA
CreateThread
GetModuleHandleA
WaitForSingleObject
GetCurrentDirectoryA
lstrcpyA
CreateDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
RemoveDirectoryA
FindNextFileA
ExitThread
OpenEventA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
DisableThreadLibraryCalls
HeapDestroy
lstrcatA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
InterlockedDecrement
CloseHandle
LeaveCriticalSection
EnterCriticalSection
CreateEventA
ResumeThread
FindFirstFileA
GetLastError
FindClose
GetFileAttributesA
SetFileAttributesA
DeleteCriticalSection
InitializeCriticalSection
SetCurrentDirectoryA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
SetLastError
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
RaiseException
TlsGetValue
TlsSetValue
HeapFree
RtlUnwind
InterlockedExchange
Sleep

user32

PostMessageA
MsgWaitForMultipleObjects
wsprintfA
CharNextA
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
DefWindowProcA
GetWindowLongA
RegisterClassA
DestroyWindow
SetWindowLongA
UnregisterClassA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
FreeSid
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
SysFreeString
VariantCopy
VariantInit
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringByteLen
SysStringByteLen

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shared/MCINSCTL.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

79d0e77d5447c8501c97dad33b1d71d4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:d3:6a:e0:18:f5:2f:c2:7b:03:7f:93:a1:a7:93:d6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/10/2004, 00:00

Not After

07/10/2005, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
SetFileAttributesA
GetFileAttributesA
CreateEventA
CloseHandle
ResetEvent
LocalFree
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
SetFilePointer
CreateFileA
WriteFile
GetLocalTime
GetComputerNameA
GetWindowsDirectoryA
GetCurrentProcess
CreateThread
TerminateThread
GetCurrentThreadId
GetModuleFileNameA
ExitThread
WaitForMultipleObjects
OpenEventA
lstrcatA
WritePrivateProfileStructA
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetModuleHandleA
IsBadReadPtr
IsBadWritePtr
MoveFileExA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcpyA
lstrcmpA
CreateProcessA
GetExitCodeProcess
OpenProcess
GlobalFree
GlobalAlloc
GetEnvironmentVariableA
RemoveDirectoryA
WritePrivateProfileSectionA
ReadFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetDiskFreeSpaceA
FileTimeToLocalFileTime
FileTimeToSystemTime
MoveFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetShortPathNameA
GetLastError
WaitForSingleObject
FindFirstFileA
FindClose
Sleep
WideCharToMultiByte
lstrlenW
SetEvent
CopyFileA
WritePrivateProfileStringA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
GetSystemDirectoryA
GetProcAddress
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
DisableThreadLibraryCalls
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
RaiseException
GetVersion
GetCommandLineA
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
InterlockedExchange

user32

MsgWaitForMultipleObjects
ExitWindowsEx
MessageBoxA
DestroyWindow
PostMessageA
PeekMessageA
CreateWindowExA
DefWindowProcA
GetWindowLongA
RegisterClassA
UnregisterClassA
TranslateMessage
DispatchMessageA
wsprintfA
SetWindowLongA
CharNextA
LoadStringA

advapi32

RegEnumKeyA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
LockServiceDatabase
OpenServiceA
ChangeServiceConfigA
UnlockServiceDatabase
CreateServiceA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyA
RegCreateKeyA
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoTaskMemAlloc
GetRunningObjectTable
CLSIDFromString
CoInitialize
CoUninitialize
CoTaskMemRealloc
CreateClassMoniker
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
SysStringLen
LoadRegTypeLi
VariantInit

wininet

InternetQueryOptionA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shared/MGHTML.CAB
.cab
dunzip32.dll
.dll windows:1 windows x86 arch:x86

55db3dac3abc59b975e94f989296b5e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
GlobalUnlock
lstrcmpA
lstrcmpiA
GlobalReAlloc
GetDriveTypeA
lstrcpyA
LocalFree
LocalLock
LocalAlloc
DeleteFileA
SetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
CloseHandle
LocalUnlock
GlobalLock
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
_lwrite
IsBadReadPtr
_lclose
_llseek
OpenFile
GetWindowsDirectoryA
WinExec
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
lstrlenA
GlobalAlloc
CreateFileA
FindClose
GetFileType
GetFullPathNameA
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
WriteFile
GetModuleFileNameA
MultiByteToWideChar
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
FlushFileBuffers
FileTimeToSystemTime
GlobalFree
CreateDirectoryA
GetLogicalDrives
SetEndOfFile
SetStdHandle
ReadFile
GetCPInfo
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
GetTimeZoneInformation
GetEnvironmentStrings
GetStartupInfoA
ExitProcess
LeaveCriticalSection
GetCurrentDirectoryA
GetLastError
SetFilePointer
GetStdHandle
EnterCriticalSection
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection

user32

GetDC
EndDialog
wsprintfA
CharUpperBuffA
OemToCharA
CharNextA
CharUpperA
CharLowerA
PostMessageA
IsWindow
FindWindowA
GetActiveWindow
ReleaseDC
DialogBoxParamA
SetCursor
MessageBoxA
LoadCursorA
TranslateMessage
GetClassNameA
SendMessageA
UpdateWindow
DispatchMessageA
PeekMessageA
SetForegroundWindow
SetWindowTextA
SetDlgItemTextA

gdi32

SetBkMode
SetBkColor
GetStockObject
GetBkColor

comdlg32

GetSaveFileNameA

mpr

WNetCancelConnectionA
WNetAddConnectionA
WNetGetConnectionA

Exports

Exports

dunzip
dunzipVB
getUnzipExternalCancel
getUnzipProgTitle
registerExternUnzipProg
resetUnzipProgTitle
setUnzipExternalCancel
setUnzipProgTitle

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mghtml.exe
.exe windows:4 windows x86 arch:x86

274d9617acc0116eae65c79e1abce90d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetGetSession

kernel32

FindResourceA
lstrlenA
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetSystemDirectoryA
CloseHandle
WriteFile
CreateFileA
lstrlenW
WideCharToMultiByte
GetPrivateProfileStringA
DeleteFileA
GetTempFileNameA
GetTempPathA
Sleep
GetShortPathNameA
GetCurrentThreadId
GetCurrentProcess
GetLastError
lstrcpyA
LoadLibraryExA
lstrcpynA
GetModuleHandleA
GetVersionExA
lstrcatA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
LoadResource
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
TerminateProcess
HeapReAlloc
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapAlloc
RaiseException
HeapFree
RtlUnwind
GetStdHandle
GetFileType
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
SetHandleCount
LockResource
SizeofResource
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
ReadFile
FreeEnvironmentStringsA
FlushFileBuffers

user32

CloseDesktop
SetThreadDesktop
OpenInputDesktop
TranslateMessage
DispatchMessageA
CloseWindowStation
PostQuitMessage
GetClientRect
LoadStringA
SetWindowTextA
GetKeyState
FindWindowA
SetProcessWindowStation
OpenWindowStationA
SetWindowPos
SetRect
ClientToScreen
GetWindowRect
IsIconic
SystemParametersInfoA
EnableWindow
CharNextA
PostMessageA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowLongA
GetWindowLongA
SetFocus
GetFocus
DefWindowProcA
UnregisterClassA
LoadCursorA
RegisterClassA
SendMessageA
GetDesktopWindow
CreateWindowExA
GetSystemMenu
EnableMenuItem
ShowWindow
SetForegroundWindow
LoadImageA
CopyImage
IsWindow
DestroyIcon
GetActiveWindow
GetSystemMetrics
wsprintfA
GetMessageA

gdi32

GetStockObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA

shell32

SHGetFileInfoA

ole32

CoGetClassObject
CLSIDFromString
CoInitialize
CoRegisterClassObject
CoDisconnectObject
CoRevokeClassObject
CoUninitialize
CoCreateInstance

oleaut32

CreateDispTypeInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
CreateStdDispatch
VariantCopy
VariantClear
SysAllocStringLen
VariantInit
SysFreeString

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mghtml.inf
shared/McTskshd.cab
.cab
McTskshd.exe
.exe windows:4 windows x86 arch:x86

0299606afe00a468a2d6f4fdd6f78637

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Code\Vssd_2005_enus\Agent\McTskshd\Release\McTskshd.pdb

Imports

kernel32

MultiByteToWideChar
GetACP
GetLocaleInfoA
GetThreadLocale
FlushFileBuffers
SetFilePointer
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetModuleHandleA
CreateMutexA
TerminateThread
WaitForSingleObject
GetCurrentThreadId
SetEvent
CreateThread
ResetEvent
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetShortPathNameA
GetModuleFileNameA
Sleep
FindClose
FindFirstFileA
SetConsoleCtrlHandler
WriteFile
GetLocalTime
OutputDebugStringA
GetFileSize
lstrcmpiA
LocalFree
LocalAlloc
WideCharToMultiByte
ExpandEnvironmentStringsA
EnterCriticalSection
GetCurrentDirectoryA
GetFileAttributesA
ReadFile
GetWindowsDirectoryA
MoveFileExA
FindNextFileA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
CompareStringA
SetStdHandle
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
VirtualQuery
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
TerminateProcess
LeaveCriticalSection
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
OpenProcess
GlobalAlloc
GlobalFree
GetCurrentProcess
CreateProcessA
CloseHandle
GetCurrentProcessId
GetLastError
FreeLibrary
GetVersionExA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
ExitProcess
HeapFree
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetOEMCP
GetCPInfo

user32

SetTimer
KillTimer
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
RegisterClassExA
RegisterClassA
ShowWindow
GetWindowLongA
PostQuitMessage
DefWindowProcA
SetWindowLongA
CharNextA
FindWindowA
PostMessageA
PostThreadMessageA
wsprintfA
CreateWindowExA

advapi32

RegOpenKeyA
RegEnumKeyExA
ControlService
RegCreateKeyExA
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
OpenProcessToken
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McTskshd.inf
shared/REGWIZ.CAB
.cab
McRegWiz.exe
.exe windows:4 windows x86 arch:x86

80d4a0058e6b6e781b66736a31a3bf6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetLastError
CreateEventA
GetVersionExA
CloseHandle
FreeLibrary
ExitThread
WaitForSingleObject
GetCurrentThreadId
WaitForMultipleObjects
DeleteCriticalSection
ResetEvent
OpenEventA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
SetEvent
CreateThread
GetProcAddress
LocalFree
LocalAlloc
GetSystemDirectoryA
OutputDebugStringA
GetModuleHandleA
lstrcmpiA
GetCommandLineA
lstrcatA
lstrcpyA
Sleep
FindClose
LoadLibraryA
GetPrivateProfileStringA
FindFirstFileA
GetShortPathNameA
DeleteFileA
CreateMutexA
SetFileAttributesA
GetFileAttributesA
GetPrivateProfileIntA
CreateProcessA
WritePrivateProfileStringA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
InitializeCriticalSection
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FindNextFileA
GetCPInfo
SetConsoleCtrlHandler
VirtualAlloc
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetVersion
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
RtlUnwind
SetEnvironmentVariableA

user32

DestroyWindow
GetSystemMetrics
PostMessageA
DispatchMessageA
PeekMessageA
DefWindowProcA
SetTimer
KillTimer
CharNextA
FindWindowA
MessageBoxA
CreateWindowExA
ShowWindow
RegisterClassExA
LoadStringA
UnregisterClassA
GetMessageA
TranslateMessage
PostQuitMessage

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoDisconnectObject
CoRevokeClassObject
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
CoRegisterClassObject

oleaut32

VariantInit
SysAllocString
VariantClear
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
CreateStdDispatch
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetQueryOptionA

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RegWizUI.dll
.dll .vbs windows:4 windows x86 arch:x86 polyglot

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oem.ini
regwiz.inf
rwconfig.ini
shared/agent.cab
.cab
McDash.exe
.exe windows:4 windows x86 arch:x86

5d71e2acec0c0fa686774b92c9c7b3a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryOptionA

kernel32

LoadLibraryA
GetSystemDirectoryA
EnterCriticalSection
LocalFree
LocalAlloc
GetLastError
WideCharToMultiByte
lstrlenA
GetShortPathNameA
GetModuleFileNameA
RaiseException
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
FindClose
FindFirstFileA
SearchPathA
FormatMessageA
lstrlenW
OpenEventA
TerminateThread
WaitForSingleObject
CloseHandle
GetCurrentThreadId
SetEvent
CreateThread
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateEventA
lstrcpynA
CreateMutexA
LeaveCriticalSection
Sleep
CreateProcessA
IsBadWritePtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
GetSystemInfo
VirtualProtect
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
VirtualQuery
LCMapStringW
LCMapStringA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeA
GetCPInfo
GetOEMCP
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetStringTypeW
IsBadReadPtr
SetFilePointer
QueryPerformanceCounter
FreeLibrary
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetStdHandle
ExpandEnvironmentStringsA
FlushFileBuffers
GetTickCount
GetCurrentProcessId

user32

SetForegroundWindow
GetForegroundWindow
AttachThreadInput
FindWindowA
SetDlgItemTextA
RegisterClassExA
DefWindowProcA
DestroyWindow
GetMessageA
TranslateMessage
CreateWindowExA
ShowWindow
DispatchMessageA
GetWindowThreadProcessId
LoadImageA
PostMessageA
GetSystemMetrics
MessageBoxA
UnregisterClassA
wsprintfA
DialogBoxParamA
SetWindowLongA
GetWindowLongA
GetDlgItem
SendMessageA
EnableWindow
SetWindowTextA
SetFocus
CharLowerBuffA
CharPrevA
EndDialog

gdi32

DeleteObject

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitialize
CoGetClassObject

oleaut32

VariantClear
SafeArrayGetElement
SafeArrayDestroy
LoadTypeLi
CreateStdDispatch
SysAllocStringLen
VariantCopy
SysFreeString
VariantInit

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McPatch.dll
.dll windows:4 windows x86 arch:x86

577cdacc35c00e195ffc15f37368ec02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GlobalFree
GlobalAlloc
GetCurrentProcess
lstrcpyA
lstrcmpiA
FormatMessageA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleFileNameA
Sleep
FindClose
FindFirstFileA
SearchPathA
WideCharToMultiByte
GetPrivateProfileStructA
GetShortPathNameA
lstrcpynA
FlushFileBuffers
SetStdHandle
IsBadReadPtr
SetFilePointer
GetStringTypeW
LocalAlloc
LocalFree
EnterCriticalSection
GetSystemDirectoryA
LoadLibraryA
LeaveCriticalSection
GetProcAddress
FreeLibrary
lstrlenA
GetLastError
IsBadCodePtr
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
InterlockedExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetPrivateProfileStringA
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
ExitProcess
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
LCMapStringA
LCMapStringW
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
VirtualProtect
GetSystemInfo

user32

UpdateWindow
SendMessageA
SetFocus
InvalidateRect
DialogBoxParamA
EndDialog
wsprintfA
GetDlgItem
SetWindowTextA
GetClientRect
MapWindowPoints

advapi32

QueryServiceStatus
QueryServiceConfigA
StartServiceA
OpenServiceA
ControlService
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

StrRChrA

ole32

CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysFreeString

Exports

Exports

DisableSC
EnableSC
GetContent
GetContentProviderVersion
InitializeContentProviders

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McScIndx.dll
.dll regsvr32 windows:4 windows x86 arch:x86

62ae64db45c661211fe8336fc99f530e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LeaveCriticalSection
LoadLibraryA
EnterCriticalSection
WideCharToMultiByte
GetShortPathNameA
GetModuleFileNameA
InterlockedExchange
FormatMessageA
FindClose
FindFirstFileA
SearchPathA
LocalFileTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CloseHandle
GlobalFree
GlobalAlloc
GetCurrentProcess
RaiseException
lstrcpynA
GetFileAttributesA
IsBadReadPtr
IsBadWritePtr
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
DisableThreadLibraryCalls
GetModuleHandleA
lstrlenA
lstrlenW
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
lstrcatA
lstrcpyA
lstrcmpA
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetPrivateProfileStringA
FindNextFileA
GetSystemTimeAsFileTime
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
FlushFileBuffers
ReadFile
SetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
IsBadCodePtr
SetFilePointer
GetStringTypeW
GetStringTypeA
WriteFile
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetLastError
GetCPInfo
GetOEMCP
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
GetEnvironmentStringsW
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
FreeEnvironmentStringsW

user32

SetWindowsHookExA
SendMessageA
LoadImageA
wsprintfA
UnhookWindowsHookEx
MessageBoxA
LoadStringA
CharNextA
CallNextHookEx
GetWindowTextA

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoGetClassObject

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen
VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agent.inf
mcagent.exe
.exe windows:4 windows x86 arch:x86

937dd513ff22a1e4bfb6ddfb564941a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetPrivateProfileStructA
Sleep
GetCurrentProcessId
lstrlenW
GetTempPathA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
lstrcatA
lstrcpyA
CreateProcessA
SetEvent
OpenEventA
IsBadReadPtr
IsBadWritePtr
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
MulDiv
GetLocalTime
GetWindowsDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CopyFileA
HeapAlloc
GetProcessHeap
lstrcmpA
FindNextFileA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
DeleteCriticalSection
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
VirtualQuery
HeapSize
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetPrivateProfileStringA
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
SetLastError
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
HeapReAlloc
HeapFree
RtlUnwind
GetStringTypeA
GetStringTypeW
SetFilePointer
QueryPerformanceCounter
GetTickCount
SetStdHandle
ReadFile
FlushFileBuffers
InitializeCriticalSection
LocalAlloc
GetLastError
LocalFree
GetFileType
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
lstrcpynA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
CreateThread
CloseHandle
lstrlenA
ExpandEnvironmentStringsA
lstrcmpiA
OpenSemaphoreA
CreateSemaphoreA
GetModuleHandleA
SearchPathA
FindFirstFileA
FindClose
FormatMessageA
RaiseException
IsBadCodePtr
GetModuleFileNameA
GetShortPathNameA
WideCharToMultiByte
EnterCriticalSection
GetSystemDirectoryA
LoadLibraryA
LeaveCriticalSection
GetProcAddress
VirtualAlloc
FreeLibrary
CompareStringA
CompareStringW
WriteFile
SetEnvironmentVariableA

user32

ReleaseDC
ClientToScreen
EnumChildWindows
InsertMenuItemA
DestroyMenu
TrackPopupMenu
SystemParametersInfoA
IsIconic
CreatePopupMenu
GetDesktopWindow
CopyRect
AdjustWindowRectEx
GetSystemMetrics
CreateWindowExA
LoadCursorA
RegisterClassA
DefWindowProcA
GetWindowRect
ScreenToClient
SetRect
InvalidateRect
UpdateWindow
GetCursorPos
GetDlgItem
DialogBoxParamA
EndDialog
DestroyIcon
GetMenuItemCount
InSendMessage
RegisterWindowMessageA
LoadIconA
SetForegroundWindow
SetWindowTextA
SetFocus
IsDialogMessageA
ShowWindow
IsWindow
CreateDialogParamA
SetWindowLongA
GetClientRect
MoveWindow
SetWindowPos
EnableWindow
GetParent
CallNextHookEx
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
FindWindowExA
GetWindowThreadProcessId
GetWindowLongA
FindWindowA
CharNextA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
DestroyWindow
SetTimer
KillTimer
LoadImageA
wsprintfA
SendMessageA
GetDC

gdi32

SetTextColor
SelectPalette
RealizePalette
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectA
TranslateCharsetInfo
GetDeviceCaps
CreateFontIndirectA
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
SetBkMode

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptVerifySignatureA
CryptGetUserKey
CryptReleaseContext
CryptGenKey
CryptAcquireContextA
CryptDeriveKey
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoRegisterClassObject
CLSIDFromString
GetRunningObjectTable
CreateClassMoniker
CoGetClassObject
CoRevokeClassObject
CoDisconnectObject
CoUninitialize

oleaut32

CreateStdDispatch
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysAllocStringLen
CreateDispTypeInfo
VariantInit
VariantClear
SysFreeString

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mcagntps.dll
.dll regsvr32 windows:4 windows x86 arch:x86

13ebdc320d233480db44de6697e336de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RtlUnwind

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrDllGetClassObject
NdrConvert
NdrProxySendReceive
NdrPointerMarshall
NdrProxyGetBuffer
NdrPointerBufferSize
RpcRaiseException
NdrProxyInitialize
NdrStubGetBuffer
NdrPointerUnmarshall
NdrStubInitialize
NdrPointerFree
NdrSimpleStructMarshall
NdrConformantArrayMarshall
NdrSimpleStructBufferSize
NdrConformantArrayBufferSize
NdrSimpleStructUnmarshall
NdrConformantArrayUnmarshall
NdrConformantStringMarshall
NdrConformantStringBufferSize
NdrConformantStringUnmarshall
NdrProxyFreeBuffer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 4KB - Virtual size: 898B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcaping.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1e1461111737d07ed070529cbdef87c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

LocalAlloc
InitializeCriticalSection
GetVersionExA
DeleteCriticalSection
FreeLibrary
GetProcAddress
LeaveCriticalSection
LoadLibraryA
GetSystemDirectoryA
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetLocaleInfoA
GetThreadLocale
InterlockedExchange
lstrlenA
lstrcpyA
lstrcpynA
lstrcatA
InterlockedIncrement
InterlockedDecrement
lstrlenW
HeapSize
LocalFree
GetModuleFileNameA
GetShortPathNameA
GetACP
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetOEMCP
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery

user32

wsprintfA

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA

ole32

StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcback.dll
.dll windows:4 windows x86 arch:x86

a8a09f591670182c3525fba3a38195c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetShortPathNameA
GetModuleFileNameA
GetLastError
MultiByteToWideChar
GetACP
GetLocaleInfoA
GetThreadLocale
lstrcpynA
lstrcatA
GetModuleHandleA
CreateMutexA
CloseHandle
WideCharToMultiByte
ExpandEnvironmentStringsA
ReleaseMutex
CreateProcessA
WaitForSingleObject
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLongPathNameA
GetPrivateProfileSectionA
DeleteFileA
GetWindowsDirectoryA
FormatMessageA
CreateFileA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcpyA
SetFilePointer
ReadFile
GetFileSize
Sleep
OutputDebugStringA
OpenProcess
lstrlenA
InterlockedExchange
GetFileAttributesA
MoveFileExA
SetFileAttributesA
RemoveDirectoryA
FlushFileBuffers
SetStdHandle
FindFirstFileA
FindNextFileA
FindClose
EnterCriticalSection
GetSystemDirectoryA
LoadLibraryA
LeaveCriticalSection
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
VirtualQuery
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
GetCurrentThreadId
GetCommandLineA
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW

user32

PostMessageA
FindWindowA
MessageBoxA
wsprintfA
GetWindowThreadProcessId

advapi32

RegDeleteValueA
RegCreateKeyA
OpenSCManagerW
OpenServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CoInitialize
CoUninitialize
CoGetClassObject
CoCreateInstance

Exports

Exports

DHGetAppVersion
DHUninstallAgent

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcuilib.dll
.dll windows:4 windows x86 arch:x86

c498c2688e5ea92b9e0caa4c8419a134

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

_TrackMouseEvent

kernel32

lstrlenA
MultiByteToWideChar
FreeLibrary
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
IsBadCodePtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualQuery
HeapSize
GetCurrentProcess
TerminateProcess
ExitProcess
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCommandLineA
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetSystemDefaultLangID
IsBadWritePtr
MulDiv
lstrcpynA
InterlockedDecrement
InterlockedIncrement
SetLastError
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WideCharToMultiByte
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
FindFirstFileA
FindClose
IsBadReadPtr
GetLastError
lstrlenW
GetCurrentThreadId
HeapAlloc
HeapFree
RtlUnwind

user32

GetClassInfoA
RegisterClassA
SendMessageA
GetWindowTextA
GetCursorPos
GetWindowRect
ReleaseCapture
ShowWindow
SetCursor
ScreenToClient
PtInRect
CreateWindowExA
MoveWindow
DrawIconEx
GetSystemMetrics
FillRect
InflateRect
LoadImageA
DestroyIcon
DestroyCursor
CopyImage
CallWindowProcA
DrawTextA
EnumChildWindows
GetClassNameA
SetWindowTextA
MapWindowPoints
DefDlgProcA
GetWindowDC
GetDesktopWindow
KillTimer
DefWindowProcA
UpdateWindow
GetUpdateRect
BeginPaint
GetClientRect
EndPaint
GetParent
GetDC
ReleaseDC
InvalidateRect
SetTimer
SetWindowPos
LoadBitmapA
SetWindowLongA
LoadIconA
LoadCursorA
RegisterClassExA
IsWindow
GetWindowLongA
DestroyWindow
UnregisterClassA

gdi32

CreateSolidBrush
SetTextColor
CreatePen
SetBkMode
Rectangle
StretchBlt
GetDIBColorTable
CreateHalftonePalette
TranslateCharsetInfo
GetStockObject
GetDeviceCaps
CreateFontIndirectA
GetTextAlign
SetTextAlign
TextOutW
GetTextMetricsA
GetTextExtentPointW
SelectObject
GetObjectA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
CreateCompatibleDC
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreatePalette
DeleteObject

shell32

SHAppBarMessage

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

CloseAlertWindow
InitMcuilib
ShowAlertWindow
ShowAlertWindowEx
ShowAlertWindowExW

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcupdate.exe
.exe windows:4 windows x86 arch:x86

e314a4fdc224e4fff3a1815f90ee6d76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
DeleteUrlCacheEntry
InternetQueryOptionA
HttpOpenRequestA
InternetCanonicalizeUrlA
HttpSendRequestA
HttpAddRequestHeadersA

shlwapi

AssocQueryStringA

kernel32

lstrcpynA
GetTimeFormatA
GetDateFormatA
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LeaveCriticalSection
LoadLibraryA
GetSystemDirectoryA
EnterCriticalSection
LocalFree
LocalAlloc
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
InterlockedIncrement
GetShortPathNameA
GetModuleFileNameA
RaiseException
IsBadCodePtr
SetLastError
lstrcatA
lstrcmpiA
FindClose
FindFirstFileA
SearchPathA
FormatMessageA
GetLocalTime
IsBadWritePtr
CloseHandle
WaitForSingleObject
SetEvent
FindNextFileA
CreateEventA
ExitThread
Sleep
lstrlenW
CreateThread
CompareFileTime
DeleteFileA
SetFileAttributesA
GetWindowsDirectoryA
GetCurrentProcess
GetCPInfo
CreateProcessA
GetCurrentThreadId
CreateSemaphoreA
OpenSemaphoreA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
lstrcpyA
LockResource
LoadResource
FindResourceA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
OpenEventA
TerminateThread
ResetEvent
WaitForMultipleObjects
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
ExpandEnvironmentStringsA
GetModuleHandleA
CreateMutexA
ReleaseMutex
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CopyFileA
GetTempPathA
TerminateProcess
ExitProcess
VirtualQuery
LCMapStringW
LCMapStringA
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
VirtualProtect
GetSystemInfo
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
lstrlenA
InterlockedDecrement
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
SetUnhandledExceptionFilter
GetFileType
IsBadReadPtr
GetStringTypeA
GetStringTypeW
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
GlobalAlloc

user32

BeginPaint
EndPaint
LoadBitmapA
GetParent
GetDC
ReleaseDC
DialogBoxParamA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
MessageBoxA
EndDialog
GetWindowLongA
DestroyIcon
DefWindowProcA
RegisterClassExA
LoadCursorA
LoadIconA
GetWindowThreadProcessId
SendMessageA
CopyRect
FindWindowA
CharNextA
CreateDialogParamA
DestroyWindow
PostQuitMessage
ReplyMessage
SetWindowLongA
ShowWindow
GetWindowTextA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
IsIconic
ClientToScreen
SetFocus
IsWindow
PostMessageA
GetDesktopWindow
GetWindowRect
SetWindowPos
GetDlgItem
SetWindowTextA
GetClientRect
MapWindowPoints
InvalidateRect
UpdateWindow
LoadImageA
PostThreadMessageA
GetSystemMetrics
wsprintfA
GetUpdateRect
SetRect
IsWindowVisible

gdi32

GetObjectA
SelectObject
DPtoLP
CreateDIBitmap
CreateDCA
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
SelectPalette
RealizePalette
CreateCompatibleDC
DeleteObject
CreatePalette

advapi32

RegDeleteValueA
RegOpenKeyA
FreeSid
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetMalloc
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CLSIDFromString
CoGetClassObject
StringFromCLSID
CoFreeUnusedLibraries

oleaut32

VariantInit
SysAllocString
SafeArrayGetElement
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantCopy
VariantClear
SysFreeString

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
shared/agentcfg.cab
.cab
Readme.txt
agent.chm
.chm
agentcfg.inf
mcltvers.ini
mcscentr.adf
mscuicfg.dat
oemcfg.ini
screm.ui
.zip
scres.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.ico
shared/agentdui.cab
.cab
shared/agentupd.cab
.cab
shared/mcdetect.cab
.cab
shared/mcscoem.cab
.cab
shared/mcuicfg.cab
.cab
shared/mcunilib.cab
.cab
shared/vsoreg.cab
.cab
uninst.ini
virusscan说明.txt
vso/MCINSUPD.CAB
.cab
vso/MCTCHDAT.CAB
.cab
vso/UNICOWS.cab
.cab
vso/en-us/us/AOLCFG.CAB
.cab
vso/en-us/us/emlscbin.cab
.cab
vso/en-us/us/emlscres.cab
.cab
vso/en-us/us/imscnbin.cab
.cab
vso/en-us/us/imscnres.cab
.cab
vso/en-us/us/oscnbin.cab
.cab
vso/en-us/us/oscnres.cab
.cab
vso/en-us/us/scrpsbin.cab
.cab
vso/en-us/us/scrstres.cab
.cab
vso/en-us/us/shextbin.cab
.cab
vso/en-us/us/shextres.cab
.cab
vso/en-us/us/vsagntui.cab
.cab
vso/en-us/us/vscfgui.cab
.cab
vso/en-us/us/vso.cab
.cab
vso/en-us/us/vsocfg.cab
.cab
vso/en-us/us/wrmstbin.cab
.cab
vso/en-us/us/wrmstres.cab
.cab
vso/vsodat.cab
.cab
vso/win9x/en-us/oasres.cab
.cab
vso/win9x/oasbin.cab
.cab
vso/win9x/vsoeng.cab
.cab
vso/winnt/OASBIN.CAB
.cab
vso/winnt/en-us/OASRES.cab
.cab
vso/winnt/vsoeng.cab
.cab
vsocfg.ini
vsoins.ui
.zip
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

b2094e5ccb0e9ca64e91a9086c5b87e2

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 28KB - Virtual size: 26KB

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 796KB - Virtual size: 794KB

.reloc Size: 8KB - Virtual size: 4KB

78574f9b9c3120ba21b6335f3561fbaa

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 32KB - Virtual size: 30KB

20a3d3944073cf43affad5adef34325a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 5KB

a710771f77e0ef06dd30509e637cd387

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 796KB - Virtual size: 794KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 100KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 4KB - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 130B

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 9KB