df3ea94c4c4fa79b6ace86568aac540d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df3ea94c4c4fa79b6ace86568aac540d_JaffaCakes118
Size

5.5MB
MD5

df3ea94c4c4fa79b6ace86568aac540d
SHA1

7d666979743f0cf7805da83fad5bc20e774ddde0
SHA256

75743eca1cceb9e07e4f966e537665fbdd4afabe39cfef7fa117f16bb50c5732
SHA512

6dbf3feca6015fe4dcc5d561ad789c2258883d2845a7f330d3760c3f1c19b93be1d543e9fff7a57d66864dcd02c0eb0eb38a26b59372ac714b3ca296dba8921d
SSDEEP

98304:uKF21TVEsV7nb09Xh1Ar1glWhxUYs+eVq3mYnuoGvpIsN2sdl6qHg3C5Jm:JQOsJbwx1G0os+d3muuoG3NQC5Jm

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
df3ea94c4c4fa79b6ace86568aac540d_JaffaCakes118
unpack001/"Ancient_Spider.exe"
unpack001/"aminstall.dll"
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/Xtras/DirectSound.x32
unpack001/Xtras/FILEIO.X32
unpack001/Xtras/Flash Asset.x32
unpack001/Xtras/JavaUiHelper.x32
unpack001/Xtras/SWADCmpr.x32
unpack001/Xtras/Sound Control.x32
unpack001/Xtras/budapi.x32
unpack001/dirapi.dll
unpack001/iml32.dll
unpack001/msvcrt.dll
unpack001/proj.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1

Files

df3ea94c4c4fa79b6ace86568aac540d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
"Ancient_Spider.exe"
.exe windows:4 windows x86 arch:x86

51c4e98e76bd946f81a1a9c26b55ce8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ord1

Sections

.data
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.4MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
"aminstall.dll"
.dll windows:4 windows x86 arch:x86

39bf2f9400b25dffe6038f4810921a11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

kernel32

GetModuleHandleA
GetSystemTime
SetFilePointer
FreeEnvironmentStringsW
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsA
IsBadReadPtr
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CreateFileA
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringW
SetEndOfFile
LCMapStringA

user32

MessageBoxA

Exports

Exports

ActiveMARKReadInstaller

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetDlgItem
PostMessageA
CallWindowProcA
CreateDialogParamA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
SetWindowLongA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Select

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

445ca064c668ebcb89957d525a8bef23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Cpp\!nsis!\System\Release\System.pdb

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpyA
lstrcpynA
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcatA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Uninstall.exe
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Xtras/DirectSound.x32
.dll windows:4 windows x86 arch:x86

0bbfbf636680b8224b87e3871096b677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
WaitForSingleObject
CreateThread
SetEvent
WaitForMultipleObjects
CloseHandle
ReleaseMutex
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
CreateEventA
OutputDebugStringA

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
log10
_ftol
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

dsound

ord1

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/FILEIO.X32
.dll windows:1 windows x86 arch:x86

77e98ac48c8e9485b6b4ed5afd295919

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
GetWindowsDirectoryA
GetFileAttributesA
GetLastError
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
MoveFileA
MultiByteToWideChar
GetCurrentDirectoryA
GetTempPathA
CloseHandle
CreateFileA
CreateDirectoryA
SetEndOfFile
SetFilePointer
_hread
_hwrite
_llseek
OpenFile
_lclose
GetACP
WideCharToMultiByte
GetProcAddress
WriteFile
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
IsDBCSLeadByte
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetFileType
GetStartupInfoA
GetModuleHandleA
TlsAlloc
GetOEMCP
GetCPInfo
GetFullPathNameA
GetLogicalDrives
SetCurrentDirectoryA
GetCurrentThreadId
TlsSetValue
TlsFree
TlsGetValue
GetCurrentThread
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetStdHandle

user32

GetActiveWindow
wvsprintfA
MessageBoxA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ole32

CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 219B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/Flash Asset.x32
.dll windows:4 windows x86 arch:x86

6317f45dc7fd15af672b01ccef700ff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
IsDBCSLeadByte
GetACP
GetCPInfo
DeleteCriticalSection
SetErrorMode
InitializeCriticalSection
GlobalAlloc
GlobalUnlock
GetProcAddress
Sleep
GlobalLock
QueryPerformanceCounter
LoadResource
FindResourceA
FreeResource
LockResource
SizeofResource
LoadLibraryA
GlobalFree
LeaveCriticalSection
EnterCriticalSection

user32

SetCapture
GetWindowLongA
FillRect
IntersectRect
GetCapture
OffsetRect
ReleaseDC
GetDC
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetKeyState
ReleaseCapture
CreateWindowExA
SetWindowLongA
DefWindowProcA
IsWindow
DestroyWindow

gdi32

GetBkMode
IntersectClipRect
GetClipRgn
StartPage
SaveDC
EndPage
Escape
GetSystemPaletteEntries
RestoreDC
GetObjectA
DPtoLP
CreateSolidBrush
LPtoDP
GetTextColor
CreateRectRgn
GetTextAlign
GetTextMetricsA
GetTextExtentPoint32A
SelectClipRgn
SetTextColor
SetBkMode
SetTextAlign
GetBkColor
SetBkColor
ExtTextOutA
EnumFontFamiliesA
BitBlt
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
GdiFlush
SetDIBitsToDevice
StretchDIBits
CreatePalette
CreatePen
SelectObject
SetROP2
MoveToEx
LineTo
GetClipBox
GetStockObject
SelectPalette
GetPaletteEntries
RealizePalette
StartDocA
EndDoc
CreateFontIndirectA
DeleteObject

comdlg32

PrintDlgA

winmm

timeKillEvent
timeEndPeriod
timeGetTime
timeBeginPeriod
timeGetDevCaps
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
timeSetEvent
waveOutOpen
waveOutGetDevCapsA
waveOutClose
waveOutReset

msvcrt

strcmp
strchr
frexp
strncpy
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
sprintf
memmove
memcmp
memset
malloc
free
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__CxxFrameHandler
_EH_prolog
memcpy
_ftol
strcat
strcpy
strlen
sqrt
fabs

iml32

ord1657
ord1601
ord1632
ord1630
ord2041
ord2040
ord1604
ord1600
ord1684
ord1665
ord1650
ord2320
ord2321
ord2327
ord2323
ord2324
ord2325
ord2326

dirapi

ord981
ord982
ord983

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface
_strcmpi
_stricmp
stricmp

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/JavaUiHelper.x32
.dll windows:4 windows x86 arch:x86

376c8ace8863d38be9ddafc6b26a19e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
Sleep
WinExec
GetVersionExA

msvcrt

strpbrk
??3@YAXPAX@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memmove
strchr
strstr
_initterm
localtime
time
malloc
??1type_info@@UAE@XZ
free
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/SWADCmpr.x32
.dll windows:4 windows x86 arch:x86

e754f4d9c06df1d7465c2056cd68787f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_ftol
memcpy
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
free
_initterm
??2@YAPAXI@Z
_adjust_fdiv
__CxxFrameHandler
pow
memcmp
_EH_prolog
abs

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/Sound Control.x32
.dll windows:4 windows x86 arch:x86

6edd253b068bbe35d0eadf8c21d25599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strcpy
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strcmp
_purecall
memcpy
_EH_prolog
__CxxFrameHandler
memset
_ftol

iml32

ord1445
ord1470
ord1920
ord1919
ord1918
ord1940
ord1917
ord1916
ord1915
ord1914
ord1913
ord1912
ord1939
ord1910
ord1900
ord1115
ord1481
ord1483
ord1472
ord1114
ord1128
ord1933
ord1932
ord1130
ord1407
ord1907
ord1405
ord1113
ord1485
ord1112

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xtras/budapi.x32
.dll windows:4 windows x86 arch:x86

92adfb006945575093812c05f8b255e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mixerGetNumDevs
timeGetTime
waveOutSetVolume
auxSetVolume
midiOutSetVolume
mixerSetControlDetails
mixerGetLineInfoA
waveOutGetDevCapsA
auxGetDevCapsA
midiOutGetDevCapsA
auxGetNumDevs
midiOutGetNumDevs
waveOutGetVolume
mixerGetLineControlsA
mixerGetControlDetailsA
mciSendStringA
waveOutGetNumDevs
midiOutGetVolume
auxGetVolume

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

_lread
_lclose
_lopen
SetFileAttributesA
GetLastError
Sleep
SetLocalTime
GetLocalTime
GetModuleHandleA
GetCommandLineA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceA
FreeLibrary
GetProcAddress
LoadLibraryA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetWindowsDirectoryA
GetSystemDirectoryA
WritePrivateProfileStringA
GetCurrentDirectoryA
MultiByteToWideChar
MulDiv
WriteProfileStringA
GlobalMemoryStatus
WinExec
CreateMutexA
OpenMutexA
GetProfileStringA
SetLastError
GlobalFree
WaitForSingleObject
WriteFile
SetCurrentDirectoryA
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetPrivateProfileStringA
GetShortPathNameA
GetTempFileNameA
GetTempPathA
GetVersionExA
lstrcmpiA
LocalFree
LocalAlloc
GetCurrentThread
GetComputerNameA
OpenProcess
CopyFileA
GetFileInformationByHandle
WritePrivateProfileSectionA
GetPrivateProfileSectionA
MoveFileExA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetThreadPriority
GetFileAttributesA
DeleteFileA
CreateFileA
GetFileTime
SetFileTime
CloseHandle
FindNextFileA
GlobalAlloc
GlobalLock
RemoveDirectoryA
GlobalUnlock
SetEndOfFile
SetFilePointer
SetStdHandle
GetStartupInfoA
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
EnterCriticalSection
SetErrorMode
FindFirstFileA
FindClose
GetModuleFileNameA
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
InitializeCriticalSection
GetCurrentProcessId
HeapSize
CompareStringA
CompareStringW
RaiseException
CreateProcessA
LeaveCriticalSection
DeleteCriticalSection
VirtualQuery
ord36
ord37
ord35
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
FlushFileBuffers
ReadFile
GetFileType
ExitProcess
TerminateProcess
MoveFileA
CreateDirectoryA
GetCurrentThreadId
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
LCMapStringW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetTimeZoneInformation
RtlUnwind
InterlockedExchange

gdi32

CreateFontIndirectA
SelectObject
SetBkMode
SetTextColor
DeleteObject
GetTextMetricsA
GetDeviceCaps
AddFontResourceA
EnumFontFamiliesA
CreateRectRgn

winspool.drv

DocumentPropertiesA
SetPrinterA
GetPrinterA
OpenPrinterA
DeviceCapabilitiesA
EnumJobsA
ClosePrinter

comdlg32

GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
PageSetupDlgA

advapi32

RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassForm
DllGetClassInfo
DllGetClassObject
DllGetInterface
PickDiskProc
cbFontList

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dirapi.dll
.dll windows:4 windows x86 arch:x86

adc944be32c98fb01c194191a67af888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__mb_cur_max
free
floor
sscanf
sprintf
memcpy
sqrt
acos
cos
sin
strtoul
time
_ftime
_isctype
_pctype
memset
strncpy
memcmp
_ftol
_fpreset
strcmp
strlen
strcpy
_initterm
malloc
_adjust_fdiv

kernel32

FreeLibrary
GetProcAddress
GetTickCount
GetCurrentProcessId
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GlobalReAlloc
LoadLibraryA

user32

GetClientRect
DialogBoxParamA

gdi32

StretchDIBits
DeleteObject
GetObjectA

winmm

mciSendStringA
mciGetErrorStringA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iml32

ord1824
ord1860
ord1825
ord1525
ord1610
ord1017
ord1672
ord1771
ord1618
ord1635
ord1678
ord1975
ord1976
ord1715
ord1982
ord1538
ord1537
ord1526
ord1530
ord1529
ord1523
ord1535
ord1447
ord1448
ord1350
ord1361
ord2074
ord1524
ord1520
ord1248
ord1245
ord1235
ord1236
ord1968
ord1969
ord1985
ord1986
ord2317
ord2301
ord2300
ord1683
ord1153
ord1702
ord1704
ord1114
ord1115
ord1116
ord1130
ord1125
ord1111
ord1124
ord1129
ord2045
ord1313
ord1113
ord2063
ord1309
ord1238
ord1201
ord1310
ord1013
ord1446
ord2066
ord2068
ord1780
ord1517
ord1202
ord1117
ord1120
ord1317
ord1316
ord1320
ord2072
ord1039
ord1019
ord1904
ord1038
ord2070
ord1012
ord2071
ord2076
ord1323
ord1541
ord1764
ord1763
ord1821
ord1815
ord2215
ord1808
ord1540
ord1845
ord2042
ord2040
ord2043
ord2041
ord1606
ord2031
ord1742
ord1733
ord1603
ord1740
ord1730
ord1608
ord1602
ord1060
ord1208
ord1407
ord1431
ord1433
ord1412
ord1420
ord1042
ord1414
ord1404
ord1128
ord1423
ord1425
ord1409
ord1131
ord1256
ord1543
ord1542
ord1257
ord1534
ord1539
ord1533
ord1215
ord1216
ord1546
ord1770
ord1781
ord1106
ord1108
ord1107
ord1051
ord1050
ord1260
ord1254
ord1103
ord1121
ord1915
ord1933
ord1932
ord1470
ord1163
ord1166
ord2200
ord1233
ord1155
ord2202
ord2201
ord1232
ord1471
ord1072
ord1473
ord1152
ord1150
ord1160
ord1158
ord1156
ord1154
ord1157
ord1903
ord1219
ord1305
ord1306
ord1064
ord1062
ord1314
ord1321
ord1231
ord1205
ord1355
ord1302
ord1307
ord1234
ord1545
ord1762
ord1303
ord1435
ord1402
ord1958
ord1987
ord1988
ord1962
ord1952
ord1955
ord1959
ord1963
ord1965
ord1966
ord1521
ord1984
ord1983
ord1090
ord1084
ord1089
ord1070
ord1071
ord1937
ord1936
ord1979
ord1901
ord1902
ord1905
ord2032
ord2035
ord2034
ord1653
ord1761
ord1213
ord1811
ord2217
ord1819
ord1820
ord1818
ord1206
ord1203
ord1159
ord1319
ord1671
ord2218
ord1836
ord1809
ord1810
ord1601
ord1611
ord1609
ord1670
ord1604
ord1613
ord1600
ord1833
ord1828
ord1061
ord1816
ord1474
ord1844
ord1127
ord1126
ord1403
ord1432
ord1255
ord1246
ord1252
ord1253
ord1857
ord1853
ord1851
ord1852
ord1854
ord1850
ord1247
ord1864
ord1861
ord1859
ord1855
ord1866
ord1862
ord1856
ord1259
ord1261
ord1258
ord2001
ord2007
ord2000
ord1066
ord1839
ord1251
ord1250
ord2013
ord1812
ord1803
ord1550
ord1015
ord1981
ord1953
ord2030
ord1512
ord1510
ord1514
ord1513
ord1112
ord1614
ord1650
ord1656
ord1686
ord1685
ord1659
ord1663
ord1705
ord1621
ord1863
ord1607
ord1858
ord1204
ord1357
ord1351
ord1110
ord1109
ord1908
ord1910
ord1923
ord1330
ord1040
ord1405
ord2075
ord1909
ord1922
ord1912
ord1916
ord1917
ord1913
ord1914
ord1900
ord1475
ord1068
ord1308
ord1300
ord1326
ord1165
ord1379
ord1378
ord1262
ord1151
ord1429
ord1419
ord1418
ord1122
ord1918
ord1919
ord1920
ord1331
ord1972
ord1973
ord1840
ord1352
ord1354
ord1401
ord1356
ord1162
ord1731
ord1660
ord1684
ord1616
ord1759
ord1651
ord1123
ord2062
ord2060
ord2064
ord1738
ord1736
ord1837
ord1766
ord1329
ord1358
ord1353
ord1318
ord1304
ord1137
ord1138
ord1706
ord1707
ord1632
ord1631
ord1630
ord1263
ord1332
ord1938
ord1907
ord1445
ord1931
ord1927
ord1472
ord1701
ord1744
ord1735
ord1737
ord2044
ord1634
ord1605
ord1384
ord1383
ord1230
ord1041
ord1410
ord1411
ord1413
ord1415
ord1207
ord1421
ord1422
ord1424
ord1426
ord1439
ord1032
ord1495
ord1377
ord1657
ord1734
ord1665
ord1612
ord1664
ord1063
ord2009
ord1747
ord1662
ord1677
ord1687
ord1658
ord1950
ord1980
ord1688
ord2003
ord1732
ord1652
ord1668
ord1667
ord1140
ord1430
ord1434
ord1271
ord1272
ord1273
ord1753
ord1752
ord1754
ord1756
ord1755
ord1360
ord1311
ord1105
ord1169
ord1826
ord1806
ord1805
ord2204
ord2212
ord2203
ord1807
ord1067
ord1970
ord1971
ord1834
ord1091
ord1661
ord1324
ord1217
ord1161
ord1016
ord1515
ord1700
ord2008
ord2002
ord1624
ord1623
ord1086
ord1681
ord1682
ord1069
ord1676
ord1674
ord1679
ord1680
ord1088
ord1675
ord1673
ord1082
ord1080
ord1716
ord1083
ord1527
ord1528
ord1522
ord1531
ord1872
ord1622
ord1079
ord1873
ord1875
ord1874
ord1871
ord1876
ord1870
ord1620
ord1619
ord1065
ord1443
ord1444
ord2006
ord1441
ord1442
ord1388
ord1739
ord1926
ord1322
ord2021
ord2022
ord2024

Sections

.text
Size: 892KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iml32.dll
.dll windows:4 windows x86 arch:x86

3b536cdeeee9dccfb205ba0b9e391b29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_unlink
_open
_filelength
_commit
_write
_lseek
_read
_close
_sopen
_mktemp
strncpy
__CxxFrameHandler
sprintf
_fpreset
longjmp
_setjmp3
localtime
time
qsort
fclose
rename
_rmdir
remove
fopen
setbuf
_access
_mkdir
_findnext
_findclose
_except_handler3
_findfirst
_utime
_fcvt
_ecvt
tolower
atof
_CIatan2
strtod
_CItan
_CIsin
_CIatan
_CIexp
_CIlog
_CIcos
_CIsqrt
modf
_CIpow
atol
atoi
_ltoa
strtok
_strnicmp
strpbrk
_getdiskfree
strncmp
__mb_cur_max
_isctype
_pctype
strrchr
toupper
memmove
sscanf
free
_errno
malloc
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_getcwd
_fullpath
_chdir
getenv
_chsize
_ftol
_stricmp
_chmod
_stat

kernel32

WinExec
_hread
_hwrite
_lclose
OpenFile
FindFirstFileA
FindClose
FindNextFileA
GlobalHandle
GetDiskFreeSpaceA
GetLastError
GetTempPathA
lstrcpyA
GetModuleHandleA
lstrlenA
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
LoadLibraryA
GetProcAddress
GetVersion
GetCurrentProcessId
GetPrivateProfileIntA
GlobalLock
GlobalSize
GlobalUnlock
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ExitThread
CreateSemaphoreA
CreateThread
WaitForSingleObject
ReleaseSemaphore
SizeofResource
CloseHandle
GlobalAlloc
LockResource
LoadResource
FreeResource
FindResourceA
SetLocaleInfoA
GetSystemDefaultLangID
GetProfileStringA
lstrcmpiA
GetUserDefaultLCID
GetLocaleInfoA
GetProfileIntA
lstrcmpA
IsDBCSLeadByte
WritePrivateProfileStringA
MultiByteToWideChar
GetModuleFileNameA
GetSystemInfo
GetPrivateProfileStringA
VirtualQuery
GlobalFree
GetVersionExA
GlobalMemoryStatus

user32

PostMessageA
SetWindowPos
PostThreadMessageA
PostQuitMessage
SetFocus
KillTimer
SetTimer
GetFocus
ExitWindowsEx
LoadStringA
GetSystemMetrics
GetCursorPos
CreateCursor
ShowCursor
MapVirtualKeyA
GetUpdateRect
GetKeyState
GetMessageTime
ScreenToClient
GetMessagePos
EndPaint
wsprintfA
DefWindowProcA
InvalidateRect
GetDC
FillRect
ReleaseDC
GetWindowLongA
BeginPaint
GetTopWindow
DestroyWindow
IsWindow
RegisterClassA
ModifyMenuA
UnregisterClassA
SetWindowLongA
GetParent
GetSystemMenu
CreateWindowExA
GetClassNameA
SetActiveWindow
GetWindowThreadProcessId
GetClassInfoA
GetWindow
GetWindowRect
ShowWindow
IsWindowVisible
UpdateWindow
ValidateRect
GetWindowTextA
SetWindowTextA
MoveWindow
GetMenu
ClientToScreen
GetClientRect
SetRect
SetParent
SetCapture
ReleaseCapture
SetWindowRgn
InvertRect
GetSysColor
GetForegroundWindow
SendMessageA
SetSysColors
CharUpperA
IntersectRect
WindowFromDC
MapWindowPoints
SystemParametersInfoA
GetCapture
GetAsyncKeyState
PtInRect
GetWindowDC
OffsetRect
PeekMessageA
ChangeDisplaySettingsA
EmptyClipboard
GetKeyboardState
wvsprintfA
CharLowerBuffA
GetActiveWindow
RegisterClipboardFormatA
SetScrollRange
ShowScrollBar
GetMenuItemID
SetScrollPos
CharUpperBuffA
DestroyCursor
SetCursor
LoadCursorA
MessageBoxA
MessageBeep
OpenClipboard
CloseClipboard
GetClipboardData
GetClipboardFormatNameA
EnumClipboardFormats
SetClipboardData
AppendMenuA
CreatePopupMenu
CheckMenuItem
CreateMenu
SetMenu
DestroyMenu
DeleteMenu
EnableMenuItem
GetMenuStringA
GetSubMenu
GetMenuItemCount
GetMenuState

gdi32

CreateRectRgn
SetStretchBltMode
StartPage
DeleteObject
StretchBlt
SelectPalette
GetCurrentObject
CreateSolidBrush
GetSystemPaletteEntries
GetStockObject
CreatePalette
GetPaletteEntries
DeleteDC
SetPaletteEntries
GetViewportExtEx
SaveDC
SetDIBColorTable
GetClipBox
IntersectClipRect
RestoreDC
SelectObject
StretchDIBits
BitBlt
SetBkMode
SetMapMode
SelectClipRgn
StartDocA
CreateDIBSection
CreateCompatibleDC
GetObjectA
GetDeviceCaps
RealizePalette
UnrealizeObject
SetSystemPaletteUse
GetSystemPaletteUse
AnimatePalette
CreateDIBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreateBitmap
ExtTextOutA
GetTextExtentPoint32A
Rectangle
LineTo
MoveToEx
CreateFontA
CreatePen
SetDIBitsToDevice
CombineRgn
GdiFlush
GetTextMetricsA
CreateICA
EnumFontFamiliesA
CreateFontIndirectA
GetTextFaceA
CreateDCA
RoundRect
Ellipse
CreateDIBPatternBrushPt
GetClipRgn
SetTextAlign
EndDoc
EndPage

comdlg32

CommDlgExtendedError
GetOpenFileNameA

winmm

timeGetDevCaps
DefDriverProc
timeBeginPeriod
mciSendCommandA
timeEndPeriod
timeGetTime

ole32

CoCreateInstance
CoInitialize
CoUninitialize

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmNotifyIME

Exports

Exports

imIMEGetActiveCompositionWindow
imIMEGetCandidateWindowActive
imIMEGetCompositionActive
imIMEGetCompositionJustFixed
imIMEGetLastSelectionLeft
imIMEServiceAvailable
imIMEServiceFixActiveInput
imIMEServicePushActivatedContext
imIMESetActiveCompositionWindow
imIMESetCandidateWindowActive
imIMESetCandidateWindowPos
imIMESetCompositionActive
imIMESetCompositionJustFixed
imIMESetEnabled
imIMESetLastSelectionLeft
imIMEUnpackSelection
imIMEUnpackText
imIMEUseInputWindow

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcrt.dll
.dll windows:4 windows x86 arch:x86

8d26773106ed39fbb89a157d19d8aa89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcsupr

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proj.dll
.dll windows:4 windows x86 arch:x86

f506e9039519ce6709545e3ddfdcbbfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FindClose
GetModuleHandleA
FindFirstFileA
GetPrivateProfileStringA
Sleep
GetShortPathNameA
_lopen
GetTempPathA
lstrlenA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
_lclose
_lread
_llseek
OpenFile
FreeLibrary
LoadLibraryA
_lcreat
GetTempFileNameA
_lwrite
DeleteFileA
FindNextFileA
SetErrorMode
GetSystemDirectoryA
CloseHandle

user32

RegisterClassA
CreateWindowExA
WaitMessage
FindWindowA
CallWindowProcA
MoveWindow
SetWindowTextA
GetClassInfoA
GetWindowRect
SetWindowPos
LoadIconA
MessageBoxA
DestroyWindow
SetForegroundWindow
SetFocus
GetDC
ReleaseDC
PostMessageA
DefWindowProcA
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
GetParent
ShowWindow
DrawTextA
IsDlgButtonChecked
DialogBoxParamA
EndDialog
GetDlgItem
SendMessageA
GetWindowTextLengthA

gdi32

RealizePalette
CreatePalette
GetDeviceCaps
SelectPalette
GetStockObject
SelectObject
DeleteObject

msvcrt

strncpy
memset
strcpy
_makepath
_splitpath
_initterm
atol
strlen
malloc
_adjust_fdiv
free
__dllonexit
_onexit
_chdir
_EH_prolog
__CxxFrameHandler
strcmp
strcat
??3@YAXPAX@Z
??2@YAPAXI@Z
strtol
sprintf

iml32

ord1832
ord1501
ord1811
ord1502
ord1200
ord1068
ord1540
ord1800
ord1163
ord1407
ord1020
ord1415
ord1419
ord1432
ord1402
ord1113
ord1152
ord1150
ord1309
ord1129
ord1115
ord1429
ord1114
ord1431
ord1420
ord1130
ord1111
ord1404
ord1416
ord1412
ord1418
ord1414
ord1116
ord1317
ord1517
ord1204
ord1201
ord1314
ord1318
ord1310
ord1316
ord1780
ord1764
ord1763
ord1202
ord1232
ord1865
ord1029
ord1028
ord1112
ord1733
ord1653
ord1802
ord1601
ord1541
ord1826
ord1836
ord1609
ord1604
ord1600
ord2215
ord1810
ord1064
ord2031
ord1060
ord1656
ord1351
ord1320
ord1127
ord1815
ord1848
ord1841
ord1751
ord1132
ord1154
ord1155
ord1010
ord1011
ord1801
ord1300
ord1160
ord1013
ord1018
ord1812
ord1308
ord1128
ord1500
ord1219
ord1319
ord1215
ord1655
ord1654
ord1350
ord1126
ord2075
ord1357
ord1352
ord1356
ord1813
ord1216
ord2043
ord2042
ord1661

dirapi

ord45
ord59
ord1110
ord500
ord557
ord558
ord38
ord35
ord39
ord37
ord36
ord85
ord83
ord81
ord96
ord88
ord89
ord90
ord47
ord95
ord54
ord98
ord78
ord11
ord118
ord68
ord67
ord93
ord63
ord91
ord46
ord94
ord52
ord161
ord53
ord86
ord87
ord92
ord84
ord80
ord82
ord48
ord109
ord14
ord12
ord17
ord16
ord10
ord18

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

Exports

Exports

ProjectorMain

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 20KB

51c4e98e76bd946f81a1a9c26b55ce8b

Headers

File Characteristics

Imports

kernel32

Sections

.data Size: - Virtual size: 21KB

.bss Size: - Virtual size: 3KB

.text Size: - Virtual size: 8KB

.rsrc Size: - Virtual size: 27KB

.rdata Size: - Virtual size: 1.4MB

.idata Size: - Virtual size: 10KB

.rsrc Size: - Virtual size: 9KB

.data Size: 823KB - Virtual size: 822KB

.idata Size: 1024B - Virtual size: 954B

.rsrc Size: 8KB - Virtual size: 5KB

.bss Size: 94KB - Virtual size: 96KB

.text Size: - Virtual size: 4KB

.rdata Size: 11KB - Virtual size: 12KB

.idata Size: 512B - Virtual size: 69B

39bf2f9400b25dffe6038f4810921a11

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 13KB - Virtual size: 19KB

.reloc Size: 6KB - Virtual size: 5KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 20KB

.data
Size: - Virtual size: 21KB

.bss
Size: - Virtual size: 3KB

.text
Size: - Virtual size: 8KB

.rsrc
Size: - Virtual size: 27KB

.rdata
Size: - Virtual size: 1.4MB

.idata
Size: - Virtual size: 10KB

.rsrc
Size: - Virtual size: 9KB

.data
Size: 823KB - Virtual size: 822KB

.idata
Size: 1024B - Virtual size: 954B

.rsrc
Size: 8KB - Virtual size: 5KB

.bss
Size: 94KB - Virtual size: 96KB

.text
Size: - Virtual size: 4KB

.rdata
Size: 11KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 69B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 13KB - Virtual size: 19KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 864B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 478B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B