d9bb97df89be6b3785c408042ec58476_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9bb97df89be6b3785c408042ec58476_JaffaCakes118
Size

12.1MB
MD5

d9bb97df89be6b3785c408042ec58476
SHA1

d66bb2592362253055d0a082193eb0dc54c7b718
SHA256

df8c0fdeb042356ca49ebe77248c206e591fa549875f074cc90fd00f4e2cd30b
SHA512

2b90ca45b18e27118ae8379e2022c4e9d7e162f10943fd579f1210e1608ddc1832fe6cb09facd487cd3a3e7c0c2ffac41a0296c06fc4607a6f7bce46010fe9f5
SSDEEP

393216:xl28W8ZgbBxnvfTdgK+PRe4D8PeDLgOC3AC:xlFEzv1+PUqgjX

Score

3^/10

Malware Config

Signatures

Unsigned PE 39 IoCs

Checks for missing Authenticode signature.

resource
unpack001/McAfee.com/Agent/McRegWiz.exe
unpack001/McAfee.com/Agent/regwizui.dll
unpack001/McAfee.com/Agent/scres.dll
unpack001/McAfee.com/Agent/scui.dll
unpack001/McAfee.com/Shared/dunzip32.dll
unpack001/McAfee.com/Shared/mcappins.exe
unpack001/McAfee.com/Shared/mcinsres.dll
unpack001/McAfee.com/Shredder/Centenu.dll
unpack001/McAfee.com/Shredder/Dmdll32.dll
unpack001/McAfee.com/Shredder/Shredenu.dll
unpack001/McAfee/McAfee QuickClean/ARCRes.dll
unpack001/McAfee/McAfee QuickClean/AppClRes.dll
unpack001/McAfee/McAfee QuickClean/AppClean.dll
unpack001/McAfee/McAfee QuickClean/CustCRes.dll
unpack001/McAfee/McAfee QuickClean/Exedecoy.exe
unpack001/McAfee/McAfee QuickClean/FBRes.dll
unpack001/McAfee/McAfee QuickClean/Miscres.dll
unpack001/McAfee/McAfee QuickClean/Mscsubclnres.dll
unpack001/McAfee/McAfee QuickClean/PlgunRes.dll
unpack001/McAfee/McAfee QuickClean/RestRes.dll
unpack001/McAfee/McAfee QuickClean/Restore.dll
unpack001/McAfee/McAfee QuickClean/SpMakRes.dll
unpack001/McAfee/McAfee QuickClean/SpMaker.dll
unpack001/McAfee/McAfee QuickClean/Uni.exe
unpack001/McAfee/McAfee QuickClean/UniCoRes.dll
unpack001/McAfee/McAfee QuickClean/UniShRes.dll
unpack001/McAfee/McAfee Shared Components/Centralv3/CentENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Clea0ENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Clea2ENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Clea3ENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Clea4ENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner0.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner2.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner3.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner4.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/QCleaENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/QltCoENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/UPlugENU.dll
unpack001/McAfee/McAfee Shared Components/QuickClean Lite 3/qclean.dll

Files

d9bb97df89be6b3785c408042ec58476_JaffaCakes118
.rar
McAfee.com/Agent/McRegWiz.exe
.exe windows:4 windows x86 arch:x86

80d4a0058e6b6e781b66736a31a3bf6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetLastError
CreateEventA
GetVersionExA
CloseHandle
FreeLibrary
ExitThread
WaitForSingleObject
GetCurrentThreadId
WaitForMultipleObjects
DeleteCriticalSection
ResetEvent
OpenEventA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
SetEvent
CreateThread
GetProcAddress
LocalFree
LocalAlloc
GetSystemDirectoryA
OutputDebugStringA
GetModuleHandleA
lstrcmpiA
GetCommandLineA
lstrcatA
lstrcpyA
Sleep
FindClose
LoadLibraryA
GetPrivateProfileStringA
FindFirstFileA
GetShortPathNameA
DeleteFileA
CreateMutexA
SetFileAttributesA
GetFileAttributesA
GetPrivateProfileIntA
CreateProcessA
WritePrivateProfileStringA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
InitializeCriticalSection
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
lstrlenW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FindNextFileA
GetCPInfo
SetConsoleCtrlHandler
VirtualAlloc
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetVersion
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
RtlUnwind
SetEnvironmentVariableA

user32

DestroyWindow
GetSystemMetrics
PostMessageA
DispatchMessageA
PeekMessageA
DefWindowProcA
SetTimer
KillTimer
CharNextA
FindWindowA
MessageBoxA
CreateWindowExA
ShowWindow
RegisterClassExA
LoadStringA
UnregisterClassA
GetMessageA
TranslateMessage
PostQuitMessage

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoDisconnectObject
CoRevokeClassObject
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
CoRegisterClassObject

oleaut32

VariantInit
SysAllocString
VariantClear
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
CreateStdDispatch
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetQueryOptionA

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Agent/app/QCL.ADF
McAfee.com/Agent/app/shred.adf
McAfee.com/Agent/mcscentr.adf
McAfee.com/Agent/regwizui.dll
.dll .vbs windows:4 windows x86 arch:x86 polyglot

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Agent/scres.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Agent/scui.dll
.dll .vbs windows:4 windows x86 arch:x86 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 680KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Shared/dunzip32.dll
.dll windows:1 windows x86 arch:x86

55db3dac3abc59b975e94f989296b5e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
GlobalUnlock
lstrcmpA
lstrcmpiA
GlobalReAlloc
GetDriveTypeA
lstrcpyA
LocalFree
LocalLock
LocalAlloc
DeleteFileA
SetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
CloseHandle
LocalUnlock
GlobalLock
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
_lwrite
IsBadReadPtr
_lclose
_llseek
OpenFile
GetWindowsDirectoryA
WinExec
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
lstrlenA
GlobalAlloc
CreateFileA
FindClose
GetFileType
GetFullPathNameA
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
WriteFile
GetModuleFileNameA
MultiByteToWideChar
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
FlushFileBuffers
FileTimeToSystemTime
GlobalFree
CreateDirectoryA
GetLogicalDrives
SetEndOfFile
SetStdHandle
ReadFile
GetCPInfo
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
SetEnvironmentVariableA
GetTimeZoneInformation
GetEnvironmentStrings
GetStartupInfoA
ExitProcess
LeaveCriticalSection
GetCurrentDirectoryA
GetLastError
SetFilePointer
GetStdHandle
EnterCriticalSection
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection

user32

GetDC
EndDialog
wsprintfA
CharUpperBuffA
OemToCharA
CharNextA
CharUpperA
CharLowerA
PostMessageA
IsWindow
FindWindowA
GetActiveWindow
ReleaseDC
DialogBoxParamA
SetCursor
MessageBoxA
LoadCursorA
TranslateMessage
GetClassNameA
SendMessageA
UpdateWindow
DispatchMessageA
PeekMessageA
SetForegroundWindow
SetWindowTextA
SetDlgItemTextA

gdi32

SetBkMode
SetBkColor
GetStockObject
GetBkColor

comdlg32

GetSaveFileNameA

mpr

WNetCancelConnectionA
WNetAddConnectionA
WNetGetConnectionA

Exports

Exports

dunzip
dunzipVB
getUnzipExternalCancel
getUnzipProgTitle
registerExternUnzipProg
resetUnzipProgTitle
setUnzipExternalCancel
setUnzipProgTitle

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Shared/mcappins.exe
.exe windows:4 windows x86 arch:x86

78574f9b9c3120ba21b6335f3561fbaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetProcAddress
LoadLibraryA
GetSystemDirectoryA
LocalFree
FormatMessageA
GetShortPathNameA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetCurrentThreadId
CloseHandle
GetPrivateProfileSectionA
CopyFileA
SetFileAttributesA
GetLongPathNameA
DeleteFileA
GetTempPathA
CreateEventA
lstrcpyA
SetEvent
WaitForMultipleObjects
CreateThread
GetFileAttributesA
GetCurrentDirectoryA
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
MoveFileExA
FindClose
FindNextFileA
RemoveDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileIntA
CreateDirectoryA
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
GlobalFree
GlobalAlloc
lstrcpynA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
lstrcatA
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetStdHandle
GetSystemInfo
VirtualProtect
VirtualQuery
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FindFirstFileA
FreeLibrary
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
Sleep
InterlockedExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
MultiByteToWideChar
GetLastError
lstrlenA
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
TerminateProcess
ExitProcess
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCPInfo
GetOEMCP
IsBadWritePtr
HeapReAlloc
VirtualAlloc
RtlUnwind
HeapFree
HeapAlloc
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree

user32

wsprintfA
PostThreadMessageA
GetSystemMetrics
LoadStringA
SetWindowTextA
SendMessageA
RegisterClassA
CreateWindowExA
UnregisterClassA
DefWindowProcA
FindWindowA
PostMessageA
ExitWindowsEx
CharLowerA
MessageBoxA
CharUpperA
CreateDialogParamA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SetDlgItemTextA

advapi32

RegQueryValueExA
RegEnumKeyExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McAfee.com/Shared/mcinsres.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Code\Vssd_2005_enus\installer\Mcappins_en-us\mcinsres\Release\mcinsres.pdb

Sections

.rdata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Shredder/Centenu.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee.com/Shredder/Dmdll32.dll
.dll windows:1 windows x86 arch:x86

5edd3e9052cc7147853426e58f08b9e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GlobalUnlock
lstrcpynA
GetModuleFileNameA
GetFileAttributesA
lstrlenA
EnterCriticalSection
ExitProcess
LockResource
LoadLibraryA
InitializeCriticalSection
GetDriveTypeA
GlobalHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
CloseHandle
RaiseException
LocalAlloc
GetLastError
LeaveCriticalSection
CreateFileA
ReadFile
GlobalLock
GetCommandLineA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
FileTimeToDosDateTime
RtlUnwind
GetModuleHandleA
FindResourceA
LocalFree
GetLocalTime
LoadLibraryExA
FreeEnvironmentStringsA
LoadResource
GetFileType
IsBadReadPtr
FreeResource
DeviceIoControl
GlobalMemoryStatus
GetEnvironmentStrings
GetPrivateProfileStringA
SetConsoleCtrlHandler
SetFileAttributesA
SetFilePointer
SetHandleCount
SetPriorityClass
SetThreadPriority
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
_lclose
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcpyA

user32

wsprintfA
ShowWindow
SetWindowTextA
SetWindowPos
SetFocus
SendMessageA
SendDlgItemMessageA
ReleaseDC
PeekMessageA
OemToCharA
MessageBoxA
GetWindowRect
GetSystemMetrics
GetSysColor
GetDlgItem
GetDC
GetClientRect
ExitWindowsEx
EnumThreadWindows
MapWindowPoints
DrawTextExA
DispatchMessageA
CharToOemA
PostQuitMessage
CharPrevA
CharNextA
TranslateMessage

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

gdi32

SelectObject
GetTextMetricsA
DeleteObject
CreateSolidBrush

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
DiskFixDialogProc
DllMain
GetUndoDrvProc
MainDriveScan
__DebuggerHookData

Sections

CODE
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McAfee.com/Shredder/Shredenu.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/ARCRes.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/AppClRes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/AppClean.dll
.dll windows:4 windows x86 arch:x86

6e2bab6538b738c5865293921e93e8bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
RemoveDirectoryA
IsDBCSLeadByte
OutputDebugStringW
GetModuleFileNameW
GetStringTypeW
GetVersion
GetStringTypeA
lstrlenW
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetWindowsDirectoryA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
GetCurrentThreadId
GetCommandLineA
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetDriveTypeA
WideCharToMultiByte
lstrcatA
GetLocalTime
InterlockedDecrement
GetLastError
LoadLibraryExA
SetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
OpenProcess
CreateFileA
LocalAlloc
LocalFree
ReadFile
SetFilePointer
CreateProcessA
FindClose
MultiByteToWideChar
VirtualFree
lstrcpynA
RaiseException
RtlUnwind
GetSystemDirectoryA
FindFirstFileA
GetShortPathNameA
FindNextFileA
GetModuleFileNameA
CreateEventA
ResetEvent
CloseHandle
GlobalHandle
GlobalUnlock
GlobalFree
lstrcmpA
GlobalAlloc
GlobalLock
CreateThread
SetEvent
Sleep
lstrcmpiA
InterlockedIncrement
ExitProcess
GetCurrentDirectoryA
lstrlenA
GetModuleHandleA
lstrcpyA

user32

SetDlgItemTextA
wsprintfA
CharNextA
LoadStringA
GetWindowLongA
SetWindowTextA
SetFocus
GetWindowTextA
CheckRadioButton
EnableMenuItem
GetSubMenu
LoadMenuA
DestroyIcon
ShowWindow
PostQuitMessage
EndDialog
SendDlgItemMessageA
GetDlgCtrlID
PostMessageA
SetForegroundWindow
MessageBoxA
CharUpperA
GetDlgItemTextA
DrawTextA
CheckDlgButton
CharPrevA
CharLowerW
CharUpperW
IsDlgButtonChecked
EnableWindow
GetDlgItem
LoadCursorA
SetCursor
SendMessageA
SetWindowLongA
GetParent
wvsprintfA
MoveWindow
CopyRect
MapWindowPoints
GetWindowTextLengthA
ReleaseDC
GetWindowRect
DestroyMenu
IsWindow
FindWindowA
DialogBoxParamA
GetDC

gdi32

SetBkMode
GetTextExtentPoint32A
SelectObject
GetTextMetricsA
SetTextColor
DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

unicore

UNICORE_CalculateDiskSpace
UNICORE_GetNextActionPosition
UNICORE_CalculateTransportDiskSpace
UNICORE_CalculateMoveDiskSpace
UNICORE_CalculateArchiveDiskSpace
UNICORE_CalculateBackupDiskSpace
UNICORE_DoDeleteActions
UNICORE_Init
UNICORE_ScanForDelete
UNICORE_LogDebugEvent
UNICORE_GetFlags
UNICORE_SetFlags
UNICORE_CloseActionList
UNICORE_Trace
UNICORE_ModifyAction
UNICORE_GetAction

shlwapi

PathFindExtensionA

unicomn

??1CUniStringArray@@QAE@XZ
??0CUniStringArray@@QAE@XZ
?UniComnSetWindowTextToFilePath@@YGHPAUHWND__@@PBD@Z
??BCUniString@@QBEPBDXZ
?LoadStringA@CUniString@@QAEHPAUHINSTANCE__@@IH@Z
?RemoveAll@CUniStringArray@@QAEXXZ
ord18
?FormatV@CUniString@@QAEXPAUHINSTANCE__@@IPAD@Z
?UniComn_EnableArcMonitor@@YGHH@Z
?UniComn_WaitForProcessToFinishCompletely@@YGKPAUHWND__@@AAPAXPAXKK@Z
?GetValue@MHRegistryKey@@QBE?AVCUniString@@PBD0@Z
?FitFilePathToWindow@@YGXPADHPAUHWND__@@@Z
?UniComnOverrideFileProtection@@YG?AW4enumOverrideCode@@PAUHWND__@@PAUUNIFileInfo@@@Z
?Add@CUniStringArray@@QAEHPBD@Z
?MakeUpper@CUniString@@QAEXXZ
?DisplayDataBaseErrorEx@@YGXPAUHWND__@@KPAD@Z
?UniComnBuildSmartLinksDataBase@@YGHPAUHWND__@@KPAK1@Z
??ACUniStringArray@@QAEAAVCUniString@@H@Z
?SetSize@CUniStringArray@@QAEXHH@Z
?UniComn_IsArcMonitorEnabled@@YGHXZ
?GetRegInfo@@YGHPAD@Z
?NTGetSubString@@YGPADPAD0@Z
?GetSubString@@YGPADPAD0@Z
?StaticCallback@CUniCoreCallBackThunk@@CGHGKK@Z
??1MHGlobalPreferencesData@@UAE@XZ
??0MHGlobalPreferencesData@@QAE@XZ
?UniComnReportError@@YGXPAUHWND__@@J@Z
?UtilIsCurrentUserAdministrator@@YGHXZ
?SetValue@MHRegistryKey@@QAEHPBDK@Z
?CreateKey@MHRegistryKey@@QAEHPAUHKEY__@@PBDKK@Z
?GetValueDWORD@MHRegistryKey@@QBEKPBDK@Z
?UniComnGetHelpFile@@YGPBDPAUHINSTANCE__@@@Z
?MakeUniqueBackupFileNameFromDescription@@YG?AVCUniString@@PBD0@Z
?InitThunk@CUniCoreCallBackThunk@@QAEXP6GHGKKJ@ZJ@Z
?CanCreateFileInPath@@YGHPBDH@Z
?UniComnDeleteFileConfirmation@@YGHPAUHWND__@@PBDPAUUNIActionItem@@@Z
?UniComnGenericConfirmation@@YGHPAUHWND__@@PBD1@Z
?UtilExitWindowsEx@@YGHIK@Z
??YCUniString@@QAEABV0@ABV0@@Z
?ReportError@@YGXPAUHWND__@@PBDI@Z
?MHGetDiskFreeSpace@@YGHPBDPA_K1@Z
?IsUNCPath@@YGHPBD@Z
?GetIcon@@YGHPAU_ITEMIDLIST@@I@Z
?GetFolder@@YGPAUIShellFolder@@PAU_ITEMIDLIST@@@Z
?ConcatPidls@@YGPAU_ITEMIDLIST@@PAU1@0PAUIMalloc@@@Z
?GetFullyQualPIDL@@YGPAU_ITEMIDLIST@@PBD@Z
?GetLargeIcon@@YGPAUHICON__@@PBD@Z
?IsNT@@YGHXZ
?GetLength@CUniString@@QBEHXZ
?SetBackupTargetFolder@MHGlobalPreferencesData@@QAEXVCUniString@@@Z
?MHCreateDirectory@@YGHPBD@Z
?DoesDirectoryExist@@YGHPBD@Z
??4CUniString@@QAEABV0@PBD@Z
?GetSize@CUniStringArray@@QBEHXZ
?at@CUniStringArray@@QBE?AVCUniString@@H@Z
?UniComnGetFileLocation@@YGKW4UNICOMN_FILEID_TYPE@@PADK@Z
?UniComn_FormatByteSize@@YGPBDKKPADK@Z
??0CUniString@@QAE@ABV0@@Z
??YCUniString@@QAEABV0@PBD@Z
??0CUniString@@QAE@XZ
?substr@CUniString@@QBE?AV1@HH@Z
??4CUniString@@QAEABV0@ABV0@@Z
??0CUniString@@QAE@PBD@Z
?UniComnHelp@@YGHPAUHWND__@@IK@Z
??0MHRegistryKey@@QAE@XZ
?OpenKey@MHRegistryKey@@QAEHPAUHKEY__@@PBDK@Z
?IsEmpty@CUniString@@QBEHXZ
??1CUniString@@QAE@XZ
??1MHRegistryKey@@QAE@XZ
?UniComnCenterDialog@@YGHPAUHWND__@@0@Z
?Format@CUniString@@QAAXPAUHINSTANCE__@@IZZ
ord15

qcutil

ord1
ord3

arc

ord6
ord7
?ARCRemoveUninstallFoldersFromRegistry@@YG_NPBD@Z
?ARCWasUninstallCompleted@@YG_NPBD@Z

Exports

Exports

DoAppCleanWizard
McRtlComponentsKeyA
McRtlSharedComponentsKeyA

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/CustCRes.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/Exedecoy.exe
.exe windows:4 windows x86 arch:x86

4e29d4c30152e889eea31fe82431215d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetModuleFileNameA
GetStringTypeW
FlushFileBuffers
GetShortPathNameA
LCMapStringW
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
SetFilePointer
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
CloseHandle

user32

MessageBoxA
LoadStringA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/FBRes.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/Miscres.dll
.dll windows:4 windows x86 arch:x86

2013be6d8ab57d6abc7d20d2178d81f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/Mscsubclnres.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/PlgunRes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 26B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/RestRes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/Restore.dll
.dll windows:4 windows x86 arch:x86

36de6f908772b00f97ae3e59b8a40985

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

unicore

UNICORE_GetAction
UNICORE_DoRestoreActions
UNICORE_CalculateDiskSpace
UNICORE_ModifyAction
UNICORE_GetRestoreActions
UNICORE_GetNextActionPosition
UNICORE_CloseActionList
UNICORE_Trace
UNICORE_GetBackupHeader
UNICORE_GetBackupDetailedInfo
UNICORE_Init

kernel32

FreeLibrary
InterlockedDecrement
GetLastError
LoadLibraryExA
lstrcpynA
GetTickCount
FindClose
FindFirstFileA
DeleteFileA
lstrcmpiA
lstrlenA
FindNextFileA
SetLastError
lstrcpyA
FlushFileBuffers
SetStdHandle
LoadLibraryA
LCMapStringW
LCMapStringA
SetFilePointer
CloseHandle
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
ExitProcess
GetCurrentDirectoryA
GetProcAddress
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetVersion
GetStringTypeW
GetModuleFileNameW
OutputDebugStringW
GetModuleFileNameA
IsDBCSLeadByte

user32

CharUpperA
CharPrevA
CharNextA
SendMessageA
SendDlgItemMessageA
SetWindowLongA
LoadBitmapA
CallWindowProcA
GetParent
EnableWindow
GetDlgItem
PostMessageA
LoadStringA
ShowWindow
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
PeekMessageA
CreateDialogParamA
GetWindowLongA
GetDlgCtrlID
GetSystemMetrics
GetClientRect
SetCursor
LoadCursorA
DialogBoxParamA
SetDlgItemTextA
ReleaseDC
GetWindowDC
SetWindowTextA
CheckDlgButton
IsDlgButtonChecked
CharLowerW
CharUpperW
IsDialogMessageA
wvsprintfA
MessageBoxA

gdi32

SetTextColor
DeleteObject
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetMalloc

comctl32

ImageList_Create
ImageList_AddMasked

unicomn

?UniComnBuildSmartLinksDataBase@@YGHPAUHWND__@@KPAK1@Z
?UniComnGetHelpFile@@YGPBDPAUHINSTANCE__@@@Z
??1MHGlobalPreferencesData@@UAE@XZ
?LoadStringA@CUniString@@QAEHPAUHINSTANCE__@@IH@Z
??1CUniString@@QAE@XZ
?StaticCallback@CUniCoreCallBackThunk@@CGHGKK@Z
??0CUniString@@QAE@XZ
?FormatV@CUniString@@QAEXPAUHINSTANCE__@@IPAD@Z
??0CUniString@@QAE@ABV0@@Z
??0CUniString@@QAE@PBD@Z
?UniComnGetFileLocation@@YGKW4UNICOMN_FILEID_TYPE@@PADK@Z
?FitFilePathToWindow@@YGXPADHPAUHWND__@@@Z
?DisplayDataBaseErrorEx@@YGXPAUHWND__@@KPAD@Z
?UniComnConfirmFileOperation@@YGHPAUHWND__@@PAUtagUNICOMNFILEOPCONFIRMPARAMS@@@Z
?UniComnGenericConfirmation@@YGHPAUHWND__@@PBD1@Z
??BCUniString@@QBEPBDXZ
?FormatMessageV@CUniString@@QAEXPAUHINSTANCE__@@IPAD@Z
?UniComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
??0CUniStringArray@@QAE@XZ
??1CUniStringArray@@QAE@XZ
??1MHRegistryKey@@QAE@XZ
?DeleteValue@MHRegistryKey@@QAEHPBD@Z
?SetValue@MHRegistryKey@@QAEHPBD0@Z
??ACUniStringArray@@QAEAAVCUniString@@H@Z
?GetSize@CUniStringArray@@QBEHXZ
??YCUniString@@QAEABV0@PBD@Z
??4CUniString@@QAEABV0@PBD@Z
?SetValue@MHRegistryKey@@QAEHPBDPAEK@Z
?CreateKey@MHRegistryKey@@QAEHPAUHKEY__@@PBDKK@Z
??0MHRegistryKey@@QAE@XZ
?GetValueBinary@MHRegistryKey@@QBEHPBDPAEK@Z
?GetValueDataSize@MHRegistryKey@@QBEKPBD@Z
?Add@CUniStringArray@@QAEHABVCUniString@@@Z
?IsEmpty@CUniString@@QBEHXZ
??4CUniString@@QAEABV0@ABV0@@Z
?GetIcon@@YGHPBDIK@Z
?UniComnFormatFileTime@@YGKPBU_FILETIME@@PADK@Z
?Format@CUniString@@QAAXPAUHINSTANCE__@@IZZ
?UniComnHelp@@YGHPAUHWND__@@IK@Z
?ReportError@@YGXPAUHWND__@@PBDI@Z
?UniComn_FormatByteSize@@YGPBDKKPADK@Z
?RemoveAll@CUniStringArray@@QAEXXZ
?OpenKey@MHRegistryKey@@QAEHPAUHKEY__@@PBDK@Z
?GetValueDWORD@MHRegistryKey@@QBEKPBDK@Z
??0MHGlobalPreferencesData@@QAE@XZ
?GetValue@MHRegistryKey@@QBE?AVCUniString@@PBD0@Z
?SetValue@MHRegistryKey@@QAEHPBDK@Z

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

LaunchRestore

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/SpMakRes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/SpMaker.dll
.dll windows:4 windows x86 arch:x86

ad55d23a26a10710532d2393a40f83a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetConsoleCtrlHandler
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
GetThreadLocale
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetEnvironmentVariableA
GetModuleHandleA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsFree
TlsAlloc
GetCurrentThreadId
GetShortPathNameA
FindNextFileA
GetDiskFreeSpaceA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetSystemDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GetTempPathA
GetLastError
VirtualAlloc
GetWindowsDirectoryA
SystemTimeToFileTime
lstrcmpA
lstrcmpiA
GetVolumeInformationA
GetSystemTime
GetDateFormatA
FindFirstFileA
HeapAlloc
GetCommandLineA
HeapFree
CloseHandle
ExitThread
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
lstrcpynA
lstrcpyA
lstrcatA
FindClose
SetLastError
GetVersionExA
RaiseException
RtlUnwind
GetDiskFreeSpaceExA
CreateDirectoryA
GetFileAttributesA
ExitProcess
GetCurrentDirectoryA
GetProcAddress
GetNumberFormatW
GetFullPathNameA
LocalFree
LocalAlloc
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetVersion
GetStringTypeW
GetModuleFileNameW
OutputDebugStringW
GetNumberFormatA
IsDBCSLeadByte
lstrlenA

user32

InvalidateRect
GetMessageA
DispatchMessageA
PeekMessageA
CharPrevA
SetDlgItemTextA
ShowWindow
GetWindowRect
BeginPaint
EndPaint
GetClientRect
CharLowerA
MoveWindow
GetWindowLongA
UpdateWindow
SetWindowLongA
DestroyIcon
LoadImageA
CallWindowProcA
FindWindowA
LoadIconA
CreateDialogParamA
ShowScrollBar
ReleaseDC
IsWindow
IsDialogMessageA
OffsetRect
SetCapture
GetDC
GetCursor
PtInRect
wsprintfA
CharUpperA
LoadBitmapA
GetDlgCtrlID
EnableWindow
IsDlgButtonChecked
GetDlgItem
GetKeyState
GetCursorPos
MapWindowPoints
LoadMenuA
GetSubMenu
CharLowerW
CharUpperW
MessageBoxA
wvsprintfA
DrawTextA
CopyRect
GetWindowTextA
GetWindowTextLengthA
GetParent
SendDlgItemMessageA
TrackPopupMenuEx
PostMessageA
CharNextA
SendMessageA
LoadCursorA
CheckDlgButton
SetCursor
TranslateMessage
LoadStringA
SetWindowTextA

gdi32

CreatePatternBrush
PatBlt
GetObjectA
CreateFontIndirectA
SetBkColor
CreateSolidBrush
GetStockObject
Rectangle
SetMapMode
DPtoLP
CreateDCA
SelectObject
GetTextMetricsA
DeleteDC
DeleteObject
SetTextColor
CreateBitmap
GetTextExtentPoint32A

advapi32

RegCreateKeyA
RegOpenKeyA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetMalloc
SHGetFileInfoA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoInitialize

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_AddMasked

unicore

UNICORE_GetNextActionPosition
UNICORE_ModifyAction
UNICORE_AddAction
UNICORE_CloseFileDataBase
UNICORE_LoadFileDataBase
UNICORE_CreateFileDataBase
UNICORE_CreateActionList
UNICORE_CloseActionList
UNICORE_DoActions
UNICORE_LogDebugEvent
UNICORE_GetAction
_UNICORE_IsDirExcluded@4
UNICORE_CalculateDiskSpace
UNICORE_Trace
UNICORE_Init
_UNICORE_IsFileProtected@4
_UNICORE_IsFileTypeExcluded@4

shlwapi

SHDeleteKeyA

unicomn

?GetFiltersDocs@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersArchive@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
??BCUniDialog@@QBEPAUHWND__@@XZ
?Create@CUniDialog@@QAEHPAUHINSTANCE__@@PBDPAUHWND__@@@Z
??0CUniDialog@@QAE@XZ
?GetFiltersHelp@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetWindowRect@CUniDialog@@QBEHPAUtagRECT@@@Z
?SetDlgItemTextA@CUniDialog@@QAEHHPBD@Z
?GetFiltersSetup@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersScreenSaver@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersWallpaper@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?c_str@CUniString@@QBEPBDXZ
??1CUniString@@QAE@XZ
?GetFiltersGraphics@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersWave@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetSoundFilesList@MHSpaceMakerPreferencesData@@QAEXAAVCUniStringArray@@@Z
?GetFiltersVideo@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetWindowTextA@CUniString@@QAEHPAUHWND__@@@Z
?GetFiltersMidi@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersBackup@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetFiltersTemp@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?GetInternetCacheFolderList@MHSpaceMakerPreferencesData@@QAEXAAVCUniStringArray@@@Z
??0CUniStringArray@@QAE@XZ
??0MHGlobalPreferencesData@@QAE@XZ
??0MHSpaceMakerPreferencesData@@QAE@XZ
?SavePreferences@MHSpaceMakerPreferencesData@@QAEHXZ
??1CUniStringArray@@QAE@XZ
??1MHGlobalPreferencesData@@UAE@XZ
??1MHSpaceMakerPreferencesData@@QAE@XZ
?GetDlgItem@CUniDialog@@QBEPAUHWND__@@H@Z
?UniComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
?UniComn_GetFileTypeDescription@@YGHPBDPADK@Z
?LoadPreferences@MHSpaceMakerPreferencesData@@QAEHXZ
?UniComnDoesFileExist@@YGHPBD@Z
?UniComnBuildSmartLinksDataBase@@YGHPAUHWND__@@KPAK1@Z
?GetFiltersFont@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
?find@CUniString@@QBEHPBDH@Z
?npos@CUniString@@2HB
?GetFiltersBackupRejects@MHSpaceMakerPreferencesData@@QAEAAVCUniString@@XZ
??ACUniStringArray@@QAEAAVCUniString@@H@Z
?size@CUniStringArray@@QBEHXZ
?IsNT@@YGHXZ
?UniComnSetWindowTextToFilePath@@YGHPAUHWND__@@PBD@Z
?MHGetDiskFreeSpace@@YGHPBDPA_K1@Z
?MakeUpper@CUniString@@QAEXXZ
ord15
?UniComnRestoreBackup@@YGJPAUHWND__@@PBD1H@Z
??0CUniString@@QAE@PAUHINSTANCE__@@IH@Z
?UniComnGenericConfirmation@@YGHPAUHWND__@@PBD1@Z
?UniComnDeleteFileConfirmation@@YGHPAUHWND__@@PBDPAUUNIActionItem@@@Z
?FormatV@CUniString@@QAEXPAUHINSTANCE__@@IPAD@Z
??YCUniString@@QAEABV0@ABV0@@Z
?DisplayDataBaseErrorEx@@YGXPAUHWND__@@KPAD@Z
??BCUniCoreCallBackThunk@@QBEP6GHGKK@ZXZ
?MakeUniqueBackupFileNameFromDescription@@YG?AVCUniString@@PBD0@Z
ord18
?length@CUniString@@QBEHXZ
?UniComnReportError@@YGXPAUHWND__@@J@Z
?UniComnGetFileLocation@@YGKW4UNICOMN_FILEID_TYPE@@PADK@Z
?GetBackupJunk@MHSpaceMakerPreferencesData@@QAEHXZ
?GetBackupNonCritical@MHSpaceMakerPreferencesData@@QAEHXZ
?GetBackupMultimedia@MHSpaceMakerPreferencesData@@QAEHXZ
?GetBackupOldData@MHSpaceMakerPreferencesData@@QAEHXZ
??0CUniCoreCallBackThunk@@QAE@P6GHGKKJ@ZJ@Z
?InitThunk@CUniCoreCallBackThunk@@QAEXP6GHGKKJ@ZJ@Z
?UniComnGetHelpFile@@YGPBDPAUHINSTANCE__@@@Z
?LoadStringA@CUniString@@QAEHPAUHINSTANCE__@@IH@Z
?empty@CUniString@@QAEHXZ
?DoesDirectoryExist@@YGHPBD@Z
?MHCreateDirectory@@YGHPBD@Z
?ReportError@@YGXPAUHWND__@@PBDI@Z
?UniComnHelp@@YGHPAUHWND__@@IK@Z
?ConfigQCLFeature@@YGIPAUHWND__@@W4enumFeatureOptions@@J@Z
?GetBackupTargetFolder@MHGlobalPreferencesData@@QAEAAVCUniString@@XZ
?Format@CUniString@@QAAXPAUHINSTANCE__@@IZZ
?InvokeHelperFromFileName@@YGHPAUHWND__@@PAD11@Z
?ExecuteQuickView@@YGHPAUHWND__@@PAD1@Z
?QuickViewExists@@YGHXZ
??BCUniString@@QBEPBDXZ
??4CUniString@@QAEABV0@PBD@Z
?UniComnFormatFileTime@@YGKPBU_FILETIME@@PADK@Z
?UniComn_FormatByteSize@@YGPBDKKPADK@Z
??0CUniString@@QAE@ABV0@@Z
??0CUniString@@QAE@PBD@Z
??YCUniString@@QAEABV0@PBD@Z
??4CUniString@@QAEABV0@ABV0@@Z
??1CUniDialog@@UAE@XZ
??0CUniString@@QAE@XZ

mcpie

ord2
ord3

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CentralAppInit
CentralAppShutDown
CentralCanUnloadNow
CentralCreateSubPage
CentralCreateWindow
DoSpaceMakerWizard
McRtlComponentsKeyA
McRtlSharedComponentsKeyA

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/Uni.exe
.exe windows:4 windows x86 arch:x86

a06d18e8cf3007d310852cc2cdf534b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetStringTypeW
GetVersion
GetStringTypeA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetProcAddress
GetCurrentDirectoryA
ExitProcess
ReleaseMutex
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
OutputDebugStringW
IsDBCSLeadByte
lstrcpynA
OutputDebugStringA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetLocalTime
GetLastError
LoadLibraryExA
CreateMutexA
GetFileType
GetStdHandle
FreeLibrary
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapReAlloc

user32

GetDesktopWindow
CharUpperA
CharLowerW
CharUpperW
wvsprintfA
CharPrevA
wsprintfA
LoadImageA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

OleInitialize
OleUninitialize
CoGetClassObject

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

unicomn

?UniComnRestoreBackup@@YGJPAUHWND__@@PBD1H@Z
?UniComnBuildSmartLinksDataBase@@YGHPAUHWND__@@KPAK1@Z
?UniComnSetMonitorSettings@@YGJPBUtagUNICOMNMONITORSETTINGS@@@Z
?UniComnGetMonitorSettings@@YGJPAUtagUNICOMNMONITORSETTINGS@@@Z
?UniComnShowARC@@YGJPAUHWND__@@PBD@Z
?UniComnRemoveProgram@@YGJPAUHWND__@@PBD@Z

unicore

UNICORE_InitializeLogging
UNICORE_Trace
UNICORE_LogDebugEvent

mscsubclnt

ord1

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/UniCoRes.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee QuickClean/UniShRes.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/Centralv3/CentENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Clea0ENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Clea2ENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Clea3ENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Clea4ENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner0.dll
.dll windows:4 windows x86 arch:x86

e496215864fe4a5028553f24bccb4dfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
lstrcatA
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalHandle
lstrcpyA
GlobalLock
GlobalAlloc
lstrlenA
FindClose
FindFirstFileA
lstrcpynA
GetSystemTimeAsFileTime
GetDriveTypeA
GetLogicalDriveStringsA
GetProcAddress
LoadLibraryA
SetFileAttributesA
GetFileAttributesA
CompareFileTime
FindNextFileA
WriteFile
GetShortPathNameA
GetTempPathA
GetVersionExA
RemoveDirectoryA
IsDBCSLeadByte
GetNumberFormatA
GetLocaleInfoA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
LCMapStringA
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleA
OutputDebugStringW
GetModuleFileNameW
GetStringTypeW
GetVersion
GetStringTypeA
WideCharToMultiByte
LocalAlloc
LocalFree
RtlUnwind
GetCommandLineA
GetCurrentThreadId
SetLastError
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringW

user32

wsprintfA
CharLowerW
CharPrevA
CharUpperA
CharNextA
CharUpperW
LoadStringA
MessageBoxA
GetSystemMetrics

advapi32

RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
OleInitialize
OleUninitialize

qltcomn

?QltComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
?QltComnGetOS@@YG?AW4QLTCOMN_OS@@XZ
?IsFAT32@@YGHPBD@Z
?QltIsValidUserSID@@YGHPBD@Z

tlsxpand

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc

Exports

Exports

_CleanerAction@24
_CleanerEnumerate@32
_CleanerUndo@8
_GetCleanerInfo@24
_GetModuleVersion@8

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner2.dll
.dll windows:4 windows x86 arch:x86

48b3f5280681fda082b79531b54845fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GlobalLock
GlobalAlloc
FindClose
FindFirstFileA
lstrlenA
lstrcmpiA
GetShortPathNameA
lstrcpynA
WriteFile
GetWindowsDirectoryA
GetSystemDirectoryA
GetDriveTypeA
GetVersionExA
GetNumberFormatA
GetLocaleInfoA
ExpandEnvironmentStringsA
FindNextFileA
RtlUnwind
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
GlobalHandle
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GlobalUnlock
GlobalFree
GetTickCount
Sleep
GetModuleFileNameA
FreeLibrary
lstrcpyA
TlsGetValue
lstrcatA
RaiseException

user32

MessageBoxA
CharNextA
CharPrevA
CharLowerBuffA
wsprintfA
LoadStringA
GetSystemMetrics

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueA
RegSetValueExA
RegCloseKey

qltcore

UNICORE_DoActions
UNICORE_CloseActionList
UNICORE_AddAction
UNICORE_CreateActionList
UNICORE_ModifyAction

qltcomn

?QltComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z

Exports

Exports

_ADV_CleanControlsFolder@8
_ADV_CleanFilters@8
_ADV_CleanIEExtensionMappings@8
_ADV_CleanMIMEContent@8
_ADV_CleanMSNDebris@8
_ADV_CleanMultimediaExtensions@8
_ADV_CleanNameSpaces@8
_CleanerAction@24
_CleanerEnumerate@32
_CleanerUndo@8
_GetCleanerInfo@24
_GetModuleVersion@8
_STD_CleanAppPaths@8
_STD_CleanClsIds@8
_STD_CleanFileExtensions@8
_STD_CleanFileTypes@8
_STD_CleanFonts@8
_STD_CleanInterface@8
_STD_CleanMediaTypes@8
_STD_CleanSharedDlls@8
_STD_CleanSoundSchemes@8
_STD_CleanTypeLibs@8
_STD_CleanVxDServices@8
_STD_CleanWindowsHelp@8

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner3.dll
.dll windows:4 windows x86 arch:x86

fb70f3ff72a637ec3c2194404f9baf6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CloseHandle
SetFileAttributesA
GetFileAttributesA
CreateFileA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
lstrlenA
FindClose
FindNextFileA
FindFirstFileA
GetNumberFormatA
GetLocaleInfoA
IsDBCSLeadByte
OutputDebugStringW
GetModuleFileNameW
GetProcAddress
GetVersion
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
GetStringTypeW
lstrcpynA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
VirtualAlloc
LeaveCriticalSection
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
SetLastError
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection

user32

CharUpperW
CharLowerW
CharUpperA
CharPrevA
CharNextA
MessageBoxA
GetSystemMetrics
LoadStringA
wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

qltcomn

?QltComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
?QltComnGetOS@@YG?AW4QLTCOMN_OS@@XZ

tlsxpand

TlsGetValue
TlsFree
TlsSetValue
TlsAlloc

Exports

Exports

SetCleanerShredderProperties
_CleanerAction@24
_CleanerClose@4
_CleanerEnumerate@32
_CleanerOpen@4
_CleanerUndo@8
_GetCleanerInfo@24
_GetModuleVersion@8

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/Cleaner4.dll
.dll windows:4 windows x86 arch:x86

5d58c06a432b45882b4f1fcaaeb15e2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetVersion
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryExA
GetCurrentDirectoryA
ExitProcess
lstrcpynA
GetModuleFileNameW
FlushFileBuffers
LoadLibraryA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
WriteFile
CloseHandle
OutputDebugStringW
IsDBCSLeadByte
lstrlenA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
FindFirstFileA
FindNextFileA
GetLastError
FindClose
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
GetModuleFileNameA
FreeLibrary
SetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
RtlUnwind
HeapFree
RaiseException
GetCommandLineA
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetCurrentThreadId
SetLastError
GetModuleHandleA

user32

GetWindowLongA
SendMessageA
LoadBitmapA
wvsprintfA
CharUpperW
MapWindowPoints
CharUpperA
GetParent
GetDlgItem
SetWindowTextA
CharLowerW
SetWindowLongA
GetWindowRect
CharPrevA
CharNextA
LoadStringA
MessageBoxA
GetSystemMetrics
GetCursorPos

gdi32

DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetSpecialFolderPathA
SHAddToRecentDocs

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_Create
ImageList_AddMasked

qltcomn

?QltComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
?QltComnHelp@@YGHPAUHWND__@@IK@Z
?QltComnComposeHelpPath@@YGKPAUHINSTANCE__@@PBDPADK@Z

tlsxpand

TlsGetValue
TlsFree
TlsAlloc
TlsSetValue

Exports

Exports

_CleanerAction@24
_CleanerEnumerate@32
_CleanerProperties@8
_CleanerUndo@8
_GetCleanerInfo@24
_GetModuleVersion@8

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/QCleaENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/QltCoENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/UPlugENU.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McAfee/McAfee Shared Components/QuickClean Lite 3/qclean.dll
.dll windows:4 windows x86 arch:x86

d78a0214c257f2cb52012c317906c346

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
FindFirstFileA
lstrcmpiA
RemoveDirectoryA
GetFileAttributesA
OutputDebugStringA
IsDBCSLeadByte
OutputDebugStringW
GetModuleFileNameW
GetStringTypeW
GetVersion
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LocalAlloc
LocalFree
GetModuleFileNameA
GetCurrentDirectoryA
ExitProcess
CreateThread
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
SetFilePointer
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
SetLastError
GetCurrentThreadId
HeapSize
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetCommandLineA
HeapReAlloc
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetTickCount
TerminateThread
CloseHandle
FindClose
DeleteFileA
GetLocalTime
LoadLibraryExA
GetProcAddress
GetSystemTime
GetDateFormatA
InterlockedDecrement
lstrcatA
GetLocaleInfoA
GetNumberFormatA
lstrcpyA
Sleep
GetLastError
lstrlenA
GetTempPathA
FreeLibrary
GetDriveTypeA
lstrcpynA
LoadLibraryA
GetLogicalDriveStringsA

user32

GetWindowTextLengthA
DialogBoxParamA
wvsprintfA
SetWindowLongA
GetWindowTextA
CharUpperW
CharLowerW
CharUpperA
CharPrevA
CharNextA
SetPropA
GetPropA
LoadMenuA
GetSubMenu
TrackPopupMenu
ScreenToClient
ClientToScreen
KillTimer
DestroyWindow
GetDC
ReleaseDC
CopyRect
GetSysColorBrush
FillRect
InflateRect
DrawIcon
GetSysColor
DrawTextA
InvalidateRect
CreateWindowExA
SetRect
MoveWindow
UpdateWindow
ShowWindow
IsDlgButtonChecked
GetDlgItemTextA
SetWindowTextA
GetParent
CheckDlgButton
EnableWindow
GetDlgCtrlID
LoadIconA
DestroyIcon
GetClientRect
SendDlgItemMessageA
GetWindowRect
GetCursorPos
MapWindowPoints
LoadBitmapA
MessageBoxA
CreateDialogParamA
SetTimer
SetDlgItemTextA
GetWindowLongA
LoadStringA
wsprintfA
SendMessageA
PostMessageA
GetDlgItem
EndDialog
EnableMenuItem

gdi32

GetTextExtentPoint32A
SelectObject
GetStockObject
CreateSolidBrush
SetBkMode
SetTextColor
SetBkColor
DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey

shell32

ExtractIconA

qltcomn

?QltComnLoadResourceLibrary@@YGPAUHINSTANCE__@@PBD@Z
?QltComnCenterDialog@@YGHPAUHWND__@@0@Z
?QltComnSetWindowTextToFilePath@@YGHPAUHWND__@@PBD@Z
?QltComnComposeHelpPath@@YGKPAUHINSTANCE__@@PBDPADK@Z
_SubPageCreate@16
?QltComnGetFont@@YGPAUHFONT__@@W4QLTCOMN_FONT_TYPE@@@Z
?QltComnResizerDestroy@@YGHPAUtagQLTCOMNRESIZER@@@Z
_SubPageDestroy@4
_SubPageOnNotify@12
_SubPageGetActivePage@4
?QltComnDoesMcAfeeShredderExist@@YGHXZ
?MHShutDownWindows@@YGHI@Z
??0QuickCleanLitePreferencesData@@QAE@XZ
??1QuickCleanLitePreferencesData@@QAE@XZ
?CleanerIsSelectedByDefault@QuickCleanLitePreferencesData@@QAEHPBDGG@Z
?LoadPreferences@QuickCleanLitePreferencesData@@QAEHXZ
?SavePreferences@QuickCleanLitePreferencesData@@QAEXPBD_N@Z

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Destroy

qltcore

UNICORE_LogDebugEvent
UNICORE_GetShredderLocation
UNICORE_LogWarnEvent
UNICORE_DebugPrintf

tlsxpand

TlsFree
TlsAlloc
TlsSetValue
TlsGetValue

Exports

Exports

CentralAppInit
CentralAppShutDown
CentralCanUnloadNow
CentralCreateSubPage
CentralCreateWindow
LaunchQcleanHostPage
McRtlComponentsKeyA
McRtlSharedComponentsKeyA
QCCleanInternetFiles
QLT_LoadReportPage
QuickCleanMessageBox
QuickClean_DoAutoClean
QuickClean_GetJunkFileInfo
QuickClean_QCDeleteFile

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
原版.exe
.exe windows:4 windows x86 arch:x86

81638d02019c0bfcaaf23a9c69f2f12c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:d3:6a:e0:18:f5:2f:c2:7b:03:7f:93:a1:a7:93:d6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/10/2004, 00:00

Not After

07/10/2005, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80d4a0058e6b6e781b66736a31a3bf6e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 8KB - Virtual size: 7KB

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 900KB - Virtual size: 900KB

.reloc Size: 8KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 548KB - Virtual size: 548KB

.reloc Size: 4KB - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 680KB - Virtual size: 677KB

.reloc Size: 4KB - Virtual size: 8B

55db3dac3abc59b975e94f989296b5e1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

mpr

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.bss Size: - Virtual size: 41KB

.data Size: 16KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 275B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

78574f9b9c3120ba21b6335f3561fbaa

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 900KB - Virtual size: 900KB

.reloc
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 548KB - Virtual size: 548KB

.reloc
Size: 4KB - Virtual size: 8B

.rsrc
Size: 680KB - Virtual size: 677KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 65KB - Virtual size: 64KB

.bss
Size: - Virtual size: 41KB

.data
Size: 16KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 275B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 32KB - Virtual size: 32KB

.rdata
Size: 512B - Virtual size: 130B

.rsrc
Size: 30KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 8B

.text
Size: 4KB - Virtual size: 16B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 12B

CODE
Size: 123KB - Virtual size: 124KB

DATA
Size: 22KB - Virtual size: 32KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 4KB - Virtual size: 16B

.rsrc
Size: 228KB - Virtual size: 228KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 48B

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 4KB - Virtual size: 12B