ddba672965e6eefa9864df5f5f45994f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddba672965e6eefa9864df5f5f45994f_JaffaCakes118
Size

15.1MB
MD5

ddba672965e6eefa9864df5f5f45994f
SHA1

0a9b682c2bd184de10915e469c598f8b66000cd7
SHA256

b7c7f37fe38e5806a5b44fdb9848a6255d28b6ce452259c61c2d997692f3c032
SHA512

31e6c5ee883171c4639ad68ac5e3bb2ce3b9f988ced6f6c0dece5c0eec921150b8e45f3359251d105b6f3faac5c9c98ee5f384edb6272e428a10e2f2e0d4dfa5
SSDEEP

393216:VarJg41eQPL+7zB5ZeXIgYivVI5+422z49AUC3UgtbfgQwU+0cWt:or31eQPLsB/gYivV1422zeAUV4bfBwfs

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect
static1/unpack005/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx
static1/unpack005/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
ddba672965e6eefa9864df5f5f45994f_JaffaCakes118
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/MyNsisExtend.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/$TEMP/$_83_/MyNsisSkin.dll
unpack001/mamep.exe
unpack001/mamepgui.ocx
unpack001/mameplib.dll
unpack001/uninst.exe
unpack005/$PLUGINSDIR/ButtonEvent.dll
unpack005/$PLUGINSDIR/MyNsisExtend.dll
unpack005/$PLUGINSDIR/NSISdl.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/nsDialogs.dll
unpack005/$PLUGINSDIR/nsRandom.dll
unpack006/out.upx
unpack005/$TEMP/$_84_/MyNsisExtend.dll
unpack005/$TEMP/$_84_/MyNsisSkin.dll
unpack001/ʼϷ.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

ddba672965e6eefa9864df5f5f45994f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MyNsisExtend.dll
.dll windows:4 windows x86 arch:x86

d5fdbf71a74f3a5f78815dc26c4d999f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.3.3\TextAD\build_temp\Win32\compile\release_staticA2\tool\GMNsisExtend\MyNsisExtend.pdb

Imports

shlwapi

PathSkipRootA
PathCombineA
StrStrIA

wininet

InternetOpenUrlA
InternetSetOptionA
InternetSetFilePointer
HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetOpenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleFileNameExA

kernel32

InterlockedExchange
GetLocaleInfoW
TlsFree
TlsSetValue
SetEvent
Sleep
ResetEvent
CreateEventA
ReadFile
GetFileSize
CreateFileA
SetEndOfFile
WriteFile
SetFilePointer
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CloseHandle
GetPrivateProfileIntA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrcmpiA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
DisableThreadLibraryCalls
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExA
lstrcmpA
CreateFileW
GetVersionExA
GetCurrentThreadId
ResumeThread
GetTickCount
CreateToolhelp32Snapshot
Module32First
Process32First
Process32Next
Module32Next
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
CopyFileA
SetFileAttributesA
CreateDirectoryA
FindNextFileA
FindClose
WriteConsoleA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetVersion
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
LoadLibraryA
GetSystemInfo
GetSystemDirectoryA
lstrcatA
SearchPathA
GetFullPathNameA
GetFileInformationByHandle
GetTempFileNameA
GetTempPathA
GetFileSizeEx
SetCurrentDirectoryA
SetFileTime
MoveFileA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetLongPathNameA
DeviceIoControl
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetFileTime
GetLocaleInfoA
SetConsoleCtrlHandler
InitializeCriticalSection
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
TlsAlloc
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetTimeZoneInformation
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
InterlockedIncrement
SetLastError
InterlockedDecrement
FindFirstFileA
InterlockedCompareExchange
TlsGetValue
CreateThread
ExitThread
GetProcessHeap
GetCommandLineA
HeapAlloc
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCurrentThread

user32

ShowWindow
wsprintfA
SetTimer
KillTimer
GetWindowLongA
SystemParametersInfoA
AttachThreadInput
IsWindowVisible
SetWindowTextA
MapWindowPoints
GetForegroundWindow
IsIconic
SetWindowPos
GetWindow
GetWindowTextA
IsZoomed
GetClientRect
GetWindowTextLengthA
SetForegroundWindow
GetWindowRect
GetParent
LoadStringW
GetActiveWindow
GetDlgItem
GetSystemMetrics
EnumThreadWindows
GetClassNameA
SendMessageA
SendMessageTimeoutA
GetWindowThreadProcessId

advapi32

AllocateAndInitializeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegLoadKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
FreeSid

shell32

ShellExecuteExA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

Exports

Exports

AddExistAdvertID
AddInsAdvertID
AddToFirewall
AllHomePageChecksOut
ChangeInstDirtoMax
Check360Install
CheckHomeState
CheckInstallLimit
CheckInstalled
CheckKuaibaInstalled
ConvertSoftInstallTime
CreateShortcut
CreateTimer
DestroyTimer
Exec
ExecWait
ForceDeleteFile
Get7zOriginalSize
GetAdvertFileName
GetAdvertID
GetAdvertIDEx
GetAdvertIcon
GetAdvertLocalFile
GetAdvertName
GetAdvertUrl
GetBaiduHomePageURL
GetChromeHomePageURL
GetExeFileNameFromUrl
GetForceAdvertFileName
GetForceAdvertID
GetForceAdvertIDEx
GetForceAdvertLocalFile
GetForceAdvertName
GetForceAdvertUrl
GetHomePageName
GetHomePageName2
GetIEHomePageURL
GetSingleFileSize
GetSougouHomePageURL
GetSpecialBuild
GetSubChannel
HomePageChecksOut
InitPopUpInfo
IsAdvertExist
IsAdvertInstalled
IsAutoRun
IsCurrHomePageURL
LoadEncrypedXML
LoadEncrypedXMLFromUrl
LoadEncrypedXMLFromUrlEx
LoadXMLFromUrl
LoadXml
OpenUrl
PinToTaskbar
PopUp
PopupAD
SendExitInstallStat
SendResearchResult
SetAllHomePage
SetHomePage
SetHomePageUrl
SetUnGameList
TaskKillByHwnd
TaskKillByWindow
UnPinFromTaskBar

Sections

.text
Size: 828KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_83_/GMSkin_Image_2012_v1.zip
.zip
skin.xml
skin/Thumbs.db
skin/icon1.png
.png
skin/保存目录.png
.png
skin/关闭.png
.png
skin/协议背景.png
.png
skin/卸载完成.png
.png
skin/卸载完成按钮.png
.png
skin/卸载背景.png
.png
skin/取消.png
.png
skin/图片背景框.png
.png
skin/多选.png
.png
skin/多选2.png
.png
skin/安装.png
.png
skin/安装01.png
.png
skin/安装02.png
.png
skin/安装03.png
.png
skin/安装04.png
.png
skin/安装05.png
.png
skin/安装协议.png
.png
skin/安装完成.png
.png
skin/安装完成按钮.png
.png
skin/完成.png
.png
skin/广告关闭.png
.png
skin/底部背景.png
.png
skin/开始安装.png
.png
skin/按钮.png
.png
skin/最小化.png
.png
skin/最小化2.png
.png
skin/格子.png
.png
skin/欢迎.png
.png
skin/浏览.png
.png
skin/游戏弹出.png
.png
skin/立即卸载.png
.png
skin/软件弹出.png
.png
skin/进度条.png
.png
skin/进度条背景.png
.png
skin/退出.png
.png
skin/选项.png
.png
skin/默认背景.png
.png
$TEMP/$_83_/MyNsisSkin.dll
.dll windows:4 windows x86 arch:x86

8b2c18b411d31cbef33f61e5be07509a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.2\install\build\MSVC.2005\Tool\GMSkin\release_static2\MyNsisSkin.pdb

Imports

msimg32

TransparentBlt
AlphaBlend

kernel32

DosDateTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
SetEndOfFile
GetLastError
GetFileTime
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
SystemTimeToFileTime
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
WideCharToMultiByte
lstrcpyW
GetCurrentThreadId
MulDiv
lstrcatW
CreateFileW
GetFileSize
CreateFileA
ReadFile
CloseHandle
MultiByteToWideChar
lstrcmpiW
DisableThreadLibraryCalls
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess

user32

ScreenToClient
ClientToScreen
UpdateWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
CharNextW
InvalidateRect
EnumChildWindows
SetCapture
ReleaseCapture
ShowWindow
SetWindowRgn
OffsetRect
wsprintfW
GetSystemMetrics
SetWindowPos
GetSystemMenu
GetMenuItemInfoW
PostMessageW
PtInRect
SetTimer
GetClassNameW
GetParent
MapWindowPoints
SetPropW
CallWindowProcW
GetPropW
DefWindowProcW
GetClientRect
GetWindowRect
IsWindow
GetWindowLongW
LoadCursorW
SetCursor
TrackMouseEvent
BeginPaint
EndPaint
IsWindowEnabled
GetWindowTextW
SendMessageW
DrawTextW
SetWindowLongW
GetCursorPos
KillTimer

gdi32

CreatePen
SetStretchBltMode
StretchBlt
CreateFontIndirectW
CreateDIBSection
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
RoundRect
GetStockObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetBkMode
SetTextColor
BitBlt
DeleteObject

oleaut32

SysFreeString

Exports

Exports

AddShowImage
AddShowImageFromFile
AddShowText
ClearAllShow
DelShowImage
DelShowText
InitSkin
SetBkImage
SetBtnImage
SetCloseBtnImage
SetEditBkColor
SetProgressBKImage
SetProgressImage
SetProgressTextWindow
SetTextClr
SetWindowID
SlideOff
SlideOn

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_83_/config.dat
$TEMP/$_83_/game.jpg
.jpg
ExeConfig.ini
MAME.ini
artwork/Aperture1x2rb.png
.png
artwork/Aperture1x3rb.png
.png
artwork/Aperture2x4bg.png
.png
artwork/Aperture2x4rb.png
.png
artwork/Aperture4x6.png
.png
artwork/ApertureHRES.png
.png
artwork/ApertureMRES.png
.png
artwork/Art_Twisty.png
.png
artwork/Auto_Twisty.png
.png
artwork/Scanlines.png
.png
artwork/Scanlines0x4.png
.png
artwork/Scanlines25x4.png
.png
artwork/Scanlines50x4.png
.png
artwork/Scanlines75.png
.png
artwork/Scanlines75Dx4.png
.png
artwork/Scanlines75x2.png
.png
artwork/Scanlines75x3.png
.png
artwork/Scanlines75x4.png
.png
artwork/Scanrez1_Althor.png
.png
artwork/Scanrez2_Althor.png
.png
artwork/dir.txt
bkground/bkground.png
cfg/64street.cfg
cfg/armwar.cfg
cfg/contra.cfg
cfg/contraj.cfg
cfg/ddragon3.cfg
cfg/default.cfg
cfg/empty.cfg
cfg/ga2.cfg
cfg/goldnax2.cfg
cfg/hardhea2.cfg
cfg/hardhead.cfg
cfg/hharry.cfg
cfg/kengo.cfg
cfg/kurikint.cfg
cfg/metamrpu.cfg
cfg/mwalk.cfg
cfg/nslasher.cfg
cfg/ridingf.cfg
cfg/sailormn.cfg
cfg/silentd.cfg
cfg/thndfoxu.cfg
cfg/tmnt2.cfg
cfg/vamphalf.cfg
cfg/vendetta.cfg
cfg/viostorm.cfg
cfg/wizdfire.cfg
cfg/xmen.cfg
ctrlr/HotRod.cfg
ctrlr/HotRodSE.cfg
ctrlr/SlikStik.cfg
ctrlr/Standard.cfg
ctrlr/XAarcade.cfg
docs/config.txt
docs/hazemd.txt
docs/license.txt
docs/mame.txt
docs/newvideo.txt
docs/whatsnew.txt
docs/windows.txt
folders/Artwork.ini
folders/Category.ini
folders/Catver.txt
folders/Favorites.ini
folders/Version.ini
game.ico
ini/aleck64.ini
ini/cvs.ini
ini/decocass.ini
ini/hng64.ini
ini/konamigv.ini
ini/konamigx.ini
ini/mame32ui.ini
ini/maxaflex.ini
ini/megaplay.ini
ini/megatech.ini
ini/naomi.ini
ini/nss.ini
ini/pgm.ini
ini/playch10.ini
lang/zh_CN/Artwork.mmo
lang/zh_CN/Category.mmo
lang/zh_CN/Favorites.mmo
lang/zh_CN/Hardware.mmo
lang/zh_CN/IPS.mmo
lang/zh_CN/Region.mmo
lang/zh_CN/Series.mmo
lang/zh_CN/Version.mmo
lang/zh_CN/command.dat
.ps1
lang/zh_CN/history.dat
lang/zh_CN/lst.mmo
lang/zh_CN/mame.mmo
lang/zh_CN/manufact.mmo
lang/zh_CN/ui.mmo
lang/zh_CN/windows.mmo
mame32.chm
.chm
mamep.exe
.exe windows:4 windows x86 arch:x86

68dfe84f7212232e9ae228090eb82434

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
signal

mameplib

main_

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mamepgui.ocx
.exe windows:4 windows x86 arch:x86

2daa858dd69b6ca10879ca4d1d3be344

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
InitCommonControls
PropertySheetW

comdlg32

ChooseColorW
ChooseFontW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

gdi32

BitBlt
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateHalftonePalette
CreatePalette
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
FillRgn
GetClipBox
GetDCOrgEx
GetDeviceCaps
GetStockObject
GetTextExtentPoint32A
LineTo
MoveToEx
PatBlt
RealizePalette
Rectangle
RoundRect
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetStretchBltMode
SetTextColor
StretchBlt
UnrealizeObject

kernel32

AddAtomA
CloseHandle
CopyFileW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteFileW
ExitProcess
ExitThread
FindAtomA
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetAtomNameA
GetCommandLineA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetTickCount
GetVersion
GetVersionExW
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFree
InterlockedDecrement
InterlockedIncrement
IsValidCodePage
LoadLibraryA
MoveFileW
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
ReleaseSemaphore
SetErrorMode
SetFileAttributesW
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_stat
_strdup
_stricmp
_strlwr
_wcsdup
_wcsicmp
__getmainargs
__mb_cur_max
__p___argc
__p___argv
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
_vsnprintf
_vsnwprintf
_wcsdup
_wcsicmp
_wcslwr
_wcsnicmp
_wfopen
_wsplitpath
abort
atexit
atoi
atol
bsearch
cos
exit
fclose
fflush
fgets
fopen
fprintf
fputs
free
fseek
fwrite
getenv
iswctype
malloc
memchr
memcpy
memmove
memset
qsort
rand
realloc
signal
sin
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strstr
strtok
swprintf
time
vsprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
wcstok

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
ExtractIconW
SHBrowseForFolderA
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA
ShellExecuteW

shlwapi

StrTrimW

user32

AdjustWindowRectEx
BeginPaint
CheckMenuItem
CheckMenuRadioItem
ClientToScreen
CopyIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateMenu
DestroyAcceleratorTable
DestroyIcon
DestroyMenu
DestroyWindow
DrawEdge
DrawFocusRect
DrawIconEx
DrawMenuBar
EnableMenuItem
EndDialog
EndPaint
EnumChildWindows
EnumDisplaySettingsA
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetMenu
GetMenuItemCount
GetMessagePos
GetParent
GetScrollInfo
GetScrollPos
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
InflateRect
InvalidateRect
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
MapWindowPoints
MessageBoxA
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
PostQuitMessage
PtInRect
RedrawWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetRect
SetScrollRange
SetTimer
SetWindowPos
SetWindowTextA
ShowCursor
ShowScrollBar
ShowWindow
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UpdateWindow
WaitForInputIdle

mameplib

assign_drivers
assign_msg_catategory
astring_alloc
astring_c
astring_cpyc
astring_free
astring_insc
audit_images
audit_samples
audit_summary
begin_resource_tracking
build_version
core_strdup
core_stricmp
core_strtrim
cpuintrf_init
cputype_get_info_string
cputype_shortname
create_path_recursive
datafile_exit
datafile_init
determine_bios_rom
driver_get_clone
drivers
end_resource_tracking
exit_resource_tracking
expand_machine_driver
hash_data_has_info
init_resource_tracking
input_port_allocate
input_seq_from_tokens
input_seq_to_tokens
lang_find_codepage
lang_find_langname
lang_message_enable
lang_messagew
lang_set_langcode
load_driver_drivinfo
load_driver_history
load_driver_mameinfo
load_driver_story
logerror
main_
mame_core_file
mame_fclose
mame_fopen
mame_fputs
mame_fread
mame_fseek
mame_fsize
mame_null_output_callback
mame_options
mame_options_exit
mame_options_init
mame_set_output_channel
mame_win_options
options_add_entries
options_clear_output_mark
options_create
options_free
options_get_bool
options_get_float
options_get_int
options_get_string
options_output_command_line_marked
options_output_ini_file
options_output_ini_file_marked
options_parse_ini_file
options_set_bool
options_set_float
options_set_int
options_set_output_callback
options_set_string
png_expand_buffer_8bit
png_read_file
rom_first_file
rom_first_region
rom_next_file
rom_next_region
scale_desc
scale_name
set_osdcore_acp
sndintrf_init
sndtype_get_info_string
sndtype_shortname
state_save_check_file
ui_lang_info
utf8_from_wstring
win_key_trans_table
wininput_count_key_trans_table
wstring_from_utf8
zip_file_cache_clear
zip_file_close
zip_file_decompress
zip_file_first_file
zip_file_next_file
zip_file_open

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mameplib.dll
.dll windows:4 windows x86 arch:x86

306872963bb66c011b9702884e64a439

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControls

dinput

DirectInputCreateA

dsound

DirectSoundCreate

gdi32

GetStockObject
StretchDIBits

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateEventA
DebugBreak
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExitProcess
FindAtomA
FindClose
FreeConsole
FreeLibrary
GetAtomNameA
GetCurrentThread
GetCurrentThreadId
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetThreadPriority
GetTickCount
GetVersion
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
MoveFileA
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ResetEvent
SetEvent
SetFileAttributesA
SetFilePointer
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

__dllonexit
__mb_cur_max
_assert
_beginthread
_beginthreadex
_errno
_iob
_isctype
_pctype
_setjmp
_snprintf
_snwprintf
_strnicmp
_vsnprintf
abort
asin
atan
atan2
atoi
bsearch
calloc
ceil
cos
ctime
exit
exp
fclose
fflush
fgets
floor
fmod
fopen
fprintf
fputc
fputs
free
fseek
ftell
fwrite
gmtime
localtime
log
log10
longjmp
malloc
memcpy
memmove
memset
mktime
pow
printf
puts
qsort
rand
realloc
sin
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
tan
time
tolower
toupper
vfprintf
vsprintf
wcslen
wcsrchr

shlwapi

PathIsRelativeW

user32

AdjustWindowRect
AdjustWindowRectEx
AttachThreadInput
BeginPaint
ClientToScreen
ClipCursor
CreateWindowExA
DefWindowProcA
DestroyWindow
DrawMenuBar
EndPaint
EnumDisplayMonitors
FillRect
GetAsyncKeyState
GetClientRect
GetCursorPos
GetDC
GetFocus
GetKeyNameTextA
GetMenu
GetMonitorInfoA
GetWindowRect
GetWindowTextA
InvalidateRect
IsIconic
MessageBoxA
MonitorFromRect
MonitorFromWindow
PostMessageA
PostQuitMessage
RegisterClassA
RegisterWindowMessageA
ReleaseDC
ScreenToClient
SendMessageA
SetCursorPos
SetForegroundWindow
SetWindowPos
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage
WaitMessage

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

Exports

Exports

Machine
assign_drivers
assign_msg_catategory
astring_alloc
astring_c
astring_chr
astring_cmp
astring_cmpc
astring_cmpch
astring_cmpsubstr
astring_cpy
astring_cpyc
astring_cpych
astring_cpysubstr
astring_delchr
astring_find
astring_findc
astring_free
astring_from_utf8
astring_icmp
astring_icmpc
astring_icmpch
astring_icmpsubstr
astring_ins
astring_insc
astring_insch
astring_inssubstr
astring_len
astring_rchr
astring_replacechr
astring_substr
astring_tolower
astring_toupper
astring_trimspace
audit_images
audit_samples
audit_summary
begin_resource_tracking
build_version
core_strdup
core_stricmp
core_strnicmp
core_strtrim
cpuintrf_init
cputype_get_info_string
cputype_shortname
create_path_recursive
datafile_exit
datafile_init
determine_bios_rom
driver_get_clone
drivers
end_resource_tracking
exit_resource_tracking
expand_machine_driver
get_osdcore_acp
hash_data_has_info
hash_data_is_equal
hazemddrivers
homebrewdrivers
init_resource_tracking
input_port_allocate
input_seq_from_tokens
input_seq_to_tokens
lang_find_codepage
lang_find_langname
lang_message_enable
lang_message_is_enabled
lang_messagew
lang_set_langcode
load_driver_drivinfo
load_driver_history
load_driver_mameinfo
load_driver_statistics
load_driver_story
logerror
main_
mame_core_file
mame_fclose
mame_feof
mame_fgetc
mame_fgets
mame_fhash
mame_fopen
mame_fprintf
mame_fputs
mame_fread
mame_fseek
mame_fsize
mame_ftell
mame_fwrite
mame_null_output_callback
mame_options
mame_options_exit
mame_options_init
mame_set_output_channel
mame_ungetc
mame_validitychecks
mame_vfprintf
mame_win_options
mamedrivers
neoddrivers
noncpudrivers
options_add_entries
options_clear_output_mark
options_copy
options_create
options_equal
options_free
options_get_bool
options_get_float
options_get_int
options_get_seqid
options_get_string
options_output_command_line_marked
options_output_help
options_output_ini_file
options_output_ini_file_marked
options_output_ini_stdfile
options_parse_command_line
options_parse_ini_file
options_set_bool
options_set_float
options_set_int
options_set_option_callback
options_set_option_default_value
options_set_output_callback
options_set_string
plusdrivers
png_add_text
png_expand_buffer_8bit
png_free
png_read_file
png_write_bitmap
rom_first_chunk
rom_first_file
rom_first_region
rom_next_chunk
rom_next_file
rom_next_region
scale_desc
scale_name
set_osdcore_acp
sndintrf_init
sndtype_get_info_string
sndtype_shortname
state_save_check_file
ui_lang_info
ui_lang_shutdown
utf8_from_astring
utf8_from_wstring
win_key_trans_table
wininput_count_key_trans_table
winwindow_exit
wstring_from_utf8
zip_file_cache_clear
zip_file_close
zip_file_decompress
zip_file_first_file
zip_file_next_file
zip_file_open

Sections

.text
Size: 18.6MB - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvram/armwar.nv
nvram/ga2.nv
nvram/goldnax2.nv
nvram/metamrpu.nv
nvram/mwalk.nv
nvram/nslasher.nv
nvram/ridingf.nv
nvram/sailormn.nv
nvram/tmnt2.nv
nvram/vamphalf.nv
nvram/vendetta.nv
nvram/viostorm.nv
nvram/xmen.nv
roms/mwalk.zip
.zip
315-5437.ic4
317-0159.key
epr13221.b8
epr13225.a4
epr13228.a8
epr13234.a5
epr13235.a6
mpr13216.b1
mpr13217.b2
mpr13218.b3
mpr13219.b4
mpr13220.b5
mpr13222.b9
mpr13223.b10
mpr13224.b11
mpr13229.a9
mpr13230.a10
mpr13231.a11
mpr13249.b6
readme.txt
ģؿ.txt
ֻ.url
.url
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MyNsisExtend.dll
.dll windows:4 windows x86 arch:x86

d5fdbf71a74f3a5f78815dc26c4d999f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.3.3\TextAD\build_temp\Win32\compile\release_staticA2\tool\GMNsisExtend\MyNsisExtend.pdb

Imports

shlwapi

PathSkipRootA
PathCombineA
StrStrIA

wininet

InternetOpenUrlA
InternetSetOptionA
InternetSetFilePointer
HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetOpenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleFileNameExA

kernel32

InterlockedExchange
GetLocaleInfoW
TlsFree
TlsSetValue
SetEvent
Sleep
ResetEvent
CreateEventA
ReadFile
GetFileSize
CreateFileA
SetEndOfFile
WriteFile
SetFilePointer
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CloseHandle
GetPrivateProfileIntA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrcmpiA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
DisableThreadLibraryCalls
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExA
lstrcmpA
CreateFileW
GetVersionExA
GetCurrentThreadId
ResumeThread
GetTickCount
CreateToolhelp32Snapshot
Module32First
Process32First
Process32Next
Module32Next
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
CopyFileA
SetFileAttributesA
CreateDirectoryA
FindNextFileA
FindClose
WriteConsoleA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetVersion
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
LoadLibraryA
GetSystemInfo
GetSystemDirectoryA
lstrcatA
SearchPathA
GetFullPathNameA
GetFileInformationByHandle
GetTempFileNameA
GetTempPathA
GetFileSizeEx
SetCurrentDirectoryA
SetFileTime
MoveFileA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetLongPathNameA
DeviceIoControl
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetFileTime
GetLocaleInfoA
SetConsoleCtrlHandler
InitializeCriticalSection
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
TlsAlloc
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetTimeZoneInformation
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
InterlockedIncrement
SetLastError
InterlockedDecrement
FindFirstFileA
InterlockedCompareExchange
TlsGetValue
CreateThread
ExitThread
GetProcessHeap
GetCommandLineA
HeapAlloc
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCurrentThread

user32

ShowWindow
wsprintfA
SetTimer
KillTimer
GetWindowLongA
SystemParametersInfoA
AttachThreadInput
IsWindowVisible
SetWindowTextA
MapWindowPoints
GetForegroundWindow
IsIconic
SetWindowPos
GetWindow
GetWindowTextA
IsZoomed
GetClientRect
GetWindowTextLengthA
SetForegroundWindow
GetWindowRect
GetParent
LoadStringW
GetActiveWindow
GetDlgItem
GetSystemMetrics
EnumThreadWindows
GetClassNameA
SendMessageA
SendMessageTimeoutA
GetWindowThreadProcessId

advapi32

AllocateAndInitializeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegLoadKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
FreeSid

shell32

ShellExecuteExA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

Exports

Exports

AddExistAdvertID
AddInsAdvertID
AddToFirewall
AllHomePageChecksOut
ChangeInstDirtoMax
Check360Install
CheckHomeState
CheckInstallLimit
CheckInstalled
CheckKuaibaInstalled
ConvertSoftInstallTime
CreateShortcut
CreateTimer
DestroyTimer
Exec
ExecWait
ForceDeleteFile
Get7zOriginalSize
GetAdvertFileName
GetAdvertID
GetAdvertIDEx
GetAdvertIcon
GetAdvertLocalFile
GetAdvertName
GetAdvertUrl
GetBaiduHomePageURL
GetChromeHomePageURL
GetExeFileNameFromUrl
GetForceAdvertFileName
GetForceAdvertID
GetForceAdvertIDEx
GetForceAdvertLocalFile
GetForceAdvertName
GetForceAdvertUrl
GetHomePageName
GetHomePageName2
GetIEHomePageURL
GetSingleFileSize
GetSougouHomePageURL
GetSpecialBuild
GetSubChannel
HomePageChecksOut
InitPopUpInfo
IsAdvertExist
IsAdvertInstalled
IsAutoRun
IsCurrHomePageURL
LoadEncrypedXML
LoadEncrypedXMLFromUrl
LoadEncrypedXMLFromUrlEx
LoadXMLFromUrl
LoadXml
OpenUrl
PinToTaskbar
PopUp
PopupAD
SendExitInstallStat
SendResearchResult
SetAllHomePage
SetHomePage
SetHomePageUrl
SetUnGameList
TaskKillByHwnd
TaskKillByWindow
UnPinFromTaskBar

Sections

.text
Size: 828KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_84_/GMSkin_Image_2012_v1.zip
.zip
skin.xml
skin/Thumbs.db
skin/icon1.png
.png
skin/保存目录.png
.png
skin/关闭.png
.png
skin/协议背景.png
.png
skin/卸载完成.png
.png
skin/卸载完成按钮.png
.png
skin/卸载背景.png
.png
skin/取消.png
.png
skin/图片背景框.png
.png
skin/多选.png
.png
skin/多选2.png
.png
skin/安装.png
.png
skin/安装01.png
.png
skin/安装02.png
.png
skin/安装03.png
.png
skin/安装04.png
.png
skin/安装05.png
.png
skin/安装协议.png
.png
skin/安装完成.png
.png
skin/安装完成按钮.png
.png
skin/完成.png
.png
skin/广告关闭.png
.png
skin/底部背景.png
.png
skin/开始安装.png
.png
skin/按钮.png
.png
skin/最小化.png
.png
skin/最小化2.png
.png
skin/格子.png
.png
skin/欢迎.png
.png
skin/浏览.png
.png
skin/游戏弹出.png
.png
skin/立即卸载.png
.png
skin/软件弹出.png
.png
skin/进度条.png
.png
skin/进度条背景.png
.png
skin/退出.png
.png
skin/选项.png
.png
skin/默认背景.png
.png
$TEMP/$_84_/MyNsisExtend.dll
.dll windows:4 windows x86 arch:x86

d5fdbf71a74f3a5f78815dc26c4d999f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.3.3\TextAD\build_temp\Win32\compile\release_staticA2\tool\GMNsisExtend\MyNsisExtend.pdb

Imports

shlwapi

PathSkipRootA
PathCombineA
StrStrIA

wininet

InternetOpenUrlA
InternetSetOptionA
InternetSetFilePointer
HttpQueryInfoA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetOpenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleFileNameExA

kernel32

InterlockedExchange
GetLocaleInfoW
TlsFree
TlsSetValue
SetEvent
Sleep
ResetEvent
CreateEventA
ReadFile
GetFileSize
CreateFileA
SetEndOfFile
WriteFile
SetFilePointer
lstrlenA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CloseHandle
GetPrivateProfileIntA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrcmpiA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
DisableThreadLibraryCalls
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExA
lstrcmpA
CreateFileW
GetVersionExA
GetCurrentThreadId
ResumeThread
GetTickCount
CreateToolhelp32Snapshot
Module32First
Process32First
Process32Next
Module32Next
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
CopyFileA
SetFileAttributesA
CreateDirectoryA
FindNextFileA
FindClose
WriteConsoleA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetVersion
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
LoadLibraryA
GetSystemInfo
GetSystemDirectoryA
lstrcatA
SearchPathA
GetFullPathNameA
GetFileInformationByHandle
GetTempFileNameA
GetTempPathA
GetFileSizeEx
SetCurrentDirectoryA
SetFileTime
MoveFileA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetLongPathNameA
DeviceIoControl
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetFileTime
GetLocaleInfoA
SetConsoleCtrlHandler
InitializeCriticalSection
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
TlsAlloc
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetTimeZoneInformation
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
InterlockedIncrement
SetLastError
InterlockedDecrement
FindFirstFileA
InterlockedCompareExchange
TlsGetValue
CreateThread
ExitThread
GetProcessHeap
GetCommandLineA
HeapAlloc
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCurrentThread

user32

ShowWindow
wsprintfA
SetTimer
KillTimer
GetWindowLongA
SystemParametersInfoA
AttachThreadInput
IsWindowVisible
SetWindowTextA
MapWindowPoints
GetForegroundWindow
IsIconic
SetWindowPos
GetWindow
GetWindowTextA
IsZoomed
GetClientRect
GetWindowTextLengthA
SetForegroundWindow
GetWindowRect
GetParent
LoadStringW
GetActiveWindow
GetDlgItem
GetSystemMetrics
EnumThreadWindows
GetClassNameA
SendMessageA
SendMessageTimeoutA
GetWindowThreadProcessId

advapi32

AllocateAndInitializeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegLoadKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
FreeSid

shell32

ShellExecuteExA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

Exports

Exports

AddExistAdvertID
AddInsAdvertID
AddToFirewall
AllHomePageChecksOut
ChangeInstDirtoMax
Check360Install
CheckHomeState
CheckInstallLimit
CheckInstalled
CheckKuaibaInstalled
ConvertSoftInstallTime
CreateShortcut
CreateTimer
DestroyTimer
Exec
ExecWait
ForceDeleteFile
Get7zOriginalSize
GetAdvertFileName
GetAdvertID
GetAdvertIDEx
GetAdvertIcon
GetAdvertLocalFile
GetAdvertName
GetAdvertUrl
GetBaiduHomePageURL
GetChromeHomePageURL
GetExeFileNameFromUrl
GetForceAdvertFileName
GetForceAdvertID
GetForceAdvertIDEx
GetForceAdvertLocalFile
GetForceAdvertName
GetForceAdvertUrl
GetHomePageName
GetHomePageName2
GetIEHomePageURL
GetSingleFileSize
GetSougouHomePageURL
GetSpecialBuild
GetSubChannel
HomePageChecksOut
InitPopUpInfo
IsAdvertExist
IsAdvertInstalled
IsAutoRun
IsCurrHomePageURL
LoadEncrypedXML
LoadEncrypedXMLFromUrl
LoadEncrypedXMLFromUrlEx
LoadXMLFromUrl
LoadXml
OpenUrl
PinToTaskbar
PopUp
PopupAD
SendExitInstallStat
SendResearchResult
SetAllHomePage
SetHomePage
SetHomePageUrl
SetUnGameList
TaskKillByHwnd
TaskKillByWindow
UnPinFromTaskBar

Sections

.text
Size: 828KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_84_/MyNsisSkin.dll
.dll windows:4 windows x86 arch:x86

8b2c18b411d31cbef33f61e5be07509a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\v2.2\install\build\MSVC.2005\Tool\GMSkin\release_static2\MyNsisSkin.pdb

Imports

msimg32

TransparentBlt
AlphaBlend

kernel32

DosDateTimeToFileTime
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
WriteFile
SetEndOfFile
GetLastError
GetFileTime
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
SystemTimeToFileTime
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
WideCharToMultiByte
lstrcpyW
GetCurrentThreadId
MulDiv
lstrcatW
CreateFileW
GetFileSize
CreateFileA
ReadFile
CloseHandle
MultiByteToWideChar
lstrcmpiW
DisableThreadLibraryCalls
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess

user32

ScreenToClient
ClientToScreen
UpdateWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
CharNextW
InvalidateRect
EnumChildWindows
SetCapture
ReleaseCapture
ShowWindow
SetWindowRgn
OffsetRect
wsprintfW
GetSystemMetrics
SetWindowPos
GetSystemMenu
GetMenuItemInfoW
PostMessageW
PtInRect
SetTimer
GetClassNameW
GetParent
MapWindowPoints
SetPropW
CallWindowProcW
GetPropW
DefWindowProcW
GetClientRect
GetWindowRect
IsWindow
GetWindowLongW
LoadCursorW
SetCursor
TrackMouseEvent
BeginPaint
EndPaint
IsWindowEnabled
GetWindowTextW
SendMessageW
DrawTextW
SetWindowLongW
GetCursorPos
KillTimer

gdi32

CreatePen
SetStretchBltMode
StretchBlt
CreateFontIndirectW
CreateDIBSection
SetBkColor
CreateSolidBrush
CreateRoundRectRgn
RoundRect
GetStockObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
SetBkMode
SetTextColor
BitBlt
DeleteObject

oleaut32

SysFreeString

Exports

Exports

AddShowImage
AddShowImageFromFile
AddShowText
ClearAllShow
DelShowImage
DelShowText
InitSkin
SetBkImage
SetBtnImage
SetCloseBtnImage
SetEditBkColor
SetProgressBKImage
SetProgressImage
SetProgressTextWindow
SetTextClr
SetWindowID
SlideOff
SlideOn

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_84_/unconfig.dat
ʼϷ.exe
.exe windows:4 windows x86 arch:x86

7a1d7915c5672e105e5b515bd1f9b7f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\GMApps\GMStartGame\bin\win32\release\startgame.pdb

Imports

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionW
InternetReadFile

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetCurrentThreadId
ResumeThread
ResetEvent
SetEvent
CreateEventW
MultiByteToWideChar
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
FreeLibrary
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
GetFullPathNameW
MoveFileExW
GetSystemInfo
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetEnvironmentVariableW
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
VirtualQueryEx
ReadProcessMemory
TerminateProcess
SetLastError
GetTempFileNameW
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentProcess
MulDiv
InterlockedDecrement
InterlockedIncrement
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
HeapReAlloc
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeZoneInformation
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
SetEnvironmentVariableW
lstrcmpW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
FreeEnvironmentStringsW
GetTempPathW
FlushFileBuffers
Sleep
GetLocalTime
GetEnvironmentStringsW
GetLastError
OpenMutexW
OpenProcess
ReleaseMutex
CreateMutexW
GetExitCodeProcess
lstrlenW
GetFileSize
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenA
WritePrivateProfileStringW
CreateFileW
SetFilePointer
ReadFile
DeleteFileW
SetEndOfFile
WriteFile
CreateProcessW
WaitForSingleObject
CloseHandle
GetTickCount
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree

user32

SetCapture
MonitorFromWindow
GetUpdateRect
TranslateAcceleratorW
GetCursorPos
UpdateLayeredWindow
SetWindowRgn
IsWindowEnabled
GetKeyState
HideCaret
ScreenToClient
IsWindow
CreateWindowExW
RegisterClassExW
RegisterClassW
SendMessageW
GetMessageW
EnableWindow
SetFocus
LoadImageW
DestroyIcon
GetClassInfoExW
CharNextA
MoveWindow
ReleaseDC
RedrawWindow
GetDC
SetCursor
DrawFocusRect
LoadCursorW
IsRectEmpty
IntersectRect
DestroyWindow
EndPaint
SetCaretPos
BeginPaint
ReleaseCapture
GetMonitorInfoW
ShowCaret
GetFocus
InvalidateRect
LoadStringW
GetActiveWindow
IsChild
MapWindowPoints
GetWindowTextW
IsZoomed
GetWindowTextLengthW
SetForegroundWindow
GetWindowRect
GetParent
AttachThreadInput
IsIconic
SetWindowTextW
GetWindowThreadProcessId
CreateCaret
LoadBitmapW
OffsetRect
CopyImage
DrawIconEx
DrawTextW
GetAsyncKeyState
ChildWindowFromPointEx
CharNextW
SetWindowsHookExW
EnumThreadWindows
FindWindowW
MessageBoxW
GetForegroundWindow
GetSystemMetrics
ShowWindow
IsWindowVisible
PostQuitMessage
CallNextHookEx
GetDesktopWindow
GetClientRect
SystemParametersInfoW
wsprintfA
wsprintfW
SetWindowPos
PostMessageW
KillTimer
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
CallWindowProcW
DefWindowProcW
SetPropW
GetClassNameW
SetWindowLongW
GetPropW
GetWindow
GetWindowLongW
ClientToScreen
GetSysColor
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
FillRect
CharPrevW
PtInRect

gdi32

CreateRoundRectRgn
EnumFontsW
GetTextExtentPoint32W
SetBkMode
CombineRgn
CreateRectRgn
Rectangle
DeleteDC
SetBitmapBits
RoundRect
GetBitmapBits
ExtTextOutW
CreateSolidBrush
GetClipBox
SetBkColor
SetStretchBltMode
SelectClipRgn
GetCharABCWidthsW
StretchBlt
CreateCompatibleBitmap
CreateDIBSection
ExtSelectClipRgn
CreateFontIndirectW
GetTextMetricsW
CreatePen
CreateEllipticRgn
MoveToEx
LineTo
GetStockObject
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
GetDeviceCaps
DeleteObject
GetObjectW
TextOutW
SelectObject
SetTextColor

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
OleDuplicateData
ReleaseStgMedium

oleaut32

SysAllocString
SysFreeString
OleLoadPicture

shlwapi

StrStrIA
StrStrIW

Sections

.text
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 168KB

.rsrc Size: 6KB - Virtual size: 6KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

d5fdbf71a74f3a5f78815dc26c4d999f

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

version

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 828KB - Virtual size: 826KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 168KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 828KB - Virtual size: 826KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 12KB - Virtual size: 9KB