f6289f444b37a08d791733c52c7cda6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6289f444b37a08d791733c52c7cda6f_JaffaCakes118
Size

797KB
MD5

f6289f444b37a08d791733c52c7cda6f
SHA1

4ea9319f4d37c53b9a96e406a4057bcb85de41a7
SHA256

11d3c76201a4014c9baffc0e8724a3ee3fc71f36781ea0f113ae3589232b4472
SHA512

d1757717188e309b5c35861e0a5812c4ba88329201f25ad179e51735b60731956e93517e8722901c65536b9337f91558280616d4e63c087f89076636932b0222
SSDEEP

12288:vgeqHg3wnOX7TH/qB2vgUtBenGVGt4P0Tw08bO5n37ZYWDWDSTTCUGI5E:vgeyJnsjSBQgK04PI2Y37ZYzSvCUZu

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$SYSDIR/PSAPI.DLL	acprotect
static1/unpack002/$TEMP/PDInst.DLL	acprotect
static1/unpack007/$TEMP/PDInst.DLL	acprotect

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$SYSDIR/PSAPI.DLL	upx
static1/unpack002/$TEMP/PDInst.DLL	upx
static1/unpack002/PassDoor.exe	upx
static1/unpack002/tlpd.exe	upx
static1/unpack007/$TEMP/PDInst.DLL	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack001/pdsetup.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$SYSDIR/$SYSDIR/Drivers/PDoor.sys
unpack002/$SYSDIR/Drivers/PDoor.sys
unpack002/$SYSDIR/PSAPI.DLL
unpack003/out.upx
unpack002/$SYSDIR/tlpd.dll
unpack002/$SYSDIR/tlpd64.dll
unpack002/$TEMP/PDInst.DLL
unpack004/out.upx
unpack002/Lang/tlpd.dll.Francais.dll
unpack002/Lang/tlpd.dll.Italiano.dll
unpack002/PassDoor.exe
unpack005/out.upx
unpack002/tlpd.exe
unpack006/out.upx
unpack002/tlpd64.exe
unpack002/uninst.exe
unpack007/$PLUGINSDIR/InstallOptions.dll
unpack007/$PLUGINSDIR/System.dll
unpack007/$TEMP/PDInst.DLL
unpack008/out.upx
unpack002/x64GetExePath.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/pdsetup.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

f6289f444b37a08d791733c52c7cda6f_JaffaCakes118
.rar
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 35KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

yC
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pdsetup.exe
.exe windows:4 windows x86 arch:x86

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
CheckDlgButton
SetCursor
LoadCursorA
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OldPassInst.ini
$PLUGINSDIR/OldPassUninst.ini
$PLUGINSDIR/SpecifyPass.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/$SYSDIR/Drivers/PDoor.sys
.sys windows:5 windows x64 arch:x64

6f0348b9471f82776a05d65cb2b52aa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\projects\passworddoor\driver\amd64\PDoor.pdb

Imports

ntoskrnl.exe

ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
ExInitializeResourceLite
RtlCopyUnicodeString
RtlInitUnicodeString
KeLeaveCriticalRegion
ExReleaseResourceLite
ExFreePoolWithTag
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExDeleteResourceLite
ExAllocatePoolWithTag
ZwClose
ZwSetInformationFile
ZwCreateFile
RtlDeleteRegistryValue
ExAcquireResourceSharedLite
ZwReadFile
ZwQueryInformationFile
ZwQueryValueKey
ZwOpenKey
ZwWriteFile
ZwSetValueKey
ZwCreateKey
ExInitializeNPagedLookasideList
IofCompleteRequest
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
ExDeleteNPagedLookasideList
IoReleaseCancelSpinLock
IoUnregisterShutdownNotification
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Drivers/PDoor.sys
.sys windows:5 windows x86 arch:x86

ce84b1242c03983a66a4321dfd4f1948

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePool
IofCompleteRequest
IoReleaseCancelSpinLock
ExInterlockedPushEntrySList
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExDeleteResourceLite
ExDeleteNPagedLookasideList
IoUnregisterShutdownNotification
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ZwWriteFile
ZwCreateFile
ZwCreateKey
ZwOpenKey
InterlockedExchange
ExInterlockedPopEntrySList
RtlDeleteRegistryValue
ExAcquireResourceSharedLite
ZwSetInformationFile
ExInitializeResourceLite
RtlCopyUnicodeString
ZwQueryValueKey
ExInitializeNPagedLookasideList
KeInitializeSpinLock
IoRegisterDriverReinitialization
IoRegisterShutdownNotification
IoCreateSymbolicLink
IoCreateDevice
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ZwClose

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 480B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/PSAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/tlpd.dll
.dll windows:4 windows x86 arch:x86

b1d5cd01b74de790cae9f42f2bc06014

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetShortPathNameA
FreeLibrary
GetCurrentProcessId
SetLastError
GetLastError
GetFileAttributesW
GetVersion
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetLocalTime
_llseek
_lclose
_lread
_lopen
DeviceIoControl
CreateFileA
GetSystemDirectoryA
_lwrite
_lcreat
MultiByteToWideChar
SystemTimeToFileTime
GetVolumeInformationA
GetSystemTime
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetModuleFileNameA
OpenProcess
GetVersionExA
CloseHandle
GetModuleHandleA
LocalFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
RtlUnwind
GetCommandLineA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetUnhandledExceptionFilter

user32

RegisterWindowMessageA
UnhookWindowsHookEx
SetWindowsHookExA
DialogBoxParamA
CallNextHookEx
GetClassNameA
FindWindowA
GetWindowThreadProcessId
GetWindowLongA
SetWindowLongA
MessageBeep
RedrawWindow
SendMessageA
DestroyWindow
PostMessageA
GetDlgItemTextA
LoadStringA
MessageBoxA
EndDialog
SendDlgItemMessageA
GetParent
EnableWindow
ShowWindow
LoadIconA
SetClassLongA
GetDlgItem
SetDlgItemTextA
GetWindowRect
GetSystemMetrics
SetWindowPos
GetWindowTextA
SetWindowTextA
GetClassLongA

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

DllLoadConfig
DllSaveConfig
Hook
Init
IsHooked
Unhook

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PDMON
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/tlpd64.dll
.dll windows:4 windows x64 arch:x64

c9c476e9b258a4bc453897c40ee7df28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

_llseek
GetModuleHandleW
LocalFree
GetModuleHandleA
GetVersionExA
GetLocalTime
GetSystemTime
TerminateProcess
GetCurrentProcessId
GetLastError
LoadLibraryW
SetLastError
GetModuleFileNameW
GetVersion
GetFileAttributesW
OutputDebugStringA
CreateFileA
_lwrite
_lcreat
GetSystemDirectoryA
MultiByteToWideChar
DeviceIoControl
SystemTimeToFileTime
GetVolumeInformationA
_lclose
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
InitializeCriticalSection
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
_lread
_lopen
GetShortPathNameA
CloseHandle
FreeLibrary
GetProcAddress
OpenProcess
GetModuleFileNameA
LoadLibraryA
GetPrivateProfileStringA
FlushFileBuffers
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitProcess
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime

user32

RegisterWindowMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA
DestroyWindow
SendMessageA
RedrawWindow
DialogBoxParamA
MessageBeep
SetWindowLongA
GetWindowLongA
FindWindowA
GetWindowThreadProcessId
GetClassNameA
MessageBoxA
EndDialog
GetDlgItemTextA
GetClassLongPtrA
SetWindowTextA
GetWindowTextA
GetSystemMetrics
SetWindowPos
GetWindowRect
SetDlgItemTextA
LoadStringA
GetDlgItem
LoadIconA
SetClassLongPtrA
ShowWindow
EnableWindow
GetParent
SendDlgItemMessageA

advapi32

SetSecurityInfo
RegCreateKeyA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

DllLoadConfig
DllSaveConfig
Hook
Init
IsHooked
Unhook

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PDMON
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PDInst.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CheckInst
CheckPass
CheckPassInput
GetOSVersion
InstDrv
SetPass
Uninst
UninstDrv

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/English.ini
Lang/Francais.ini
Lang/Italiano.ini
Lang/Lang.ini
Lang/tlpd.dll.Francais.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/tlpd.dll.Italiano.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
LicenseFr.txt
PDHelp.chm
.chm
PassDoor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$11TMyGroupBox
@$xp$11TMyTrayIcon
@$xp$11TXPGroupBox
@$xp$12TMyWindowBar
@$xp$13TGlobalHotKey
@$xp$13TMyWindowIcon
@$xp$14TMyButtonPanel
@$xp$14TMyImageButton
@$xp$14TMyProgressBar
@$xp$16Drlabel@TDRBlink
@$xp$16Drlabel@TDRLabel
@$xp$17Drlabel@TDRBorder
@$xp$19TMyButtonCollection
@$xp$22Hyperlabel@THyperLabel
@$xp$23TMyButtonCollectionItem
@$xp$31Realaudioobjects_tlb@TRealAudio
@$xp$7TTLForm
@$xp$8TMyImage
@@Globalhotkey@Finalize
@@Globalhotkey@Initialize
@@Mlanguage@Finalize
@@Mlanguage@Initialize
@@Myimage@Finalize
@@Myimage@Initialize
@@Myimagebutton@Finalize
@@Myimagebutton@Initialize
@@Myprogressbar@Finalize
@@Myprogressbar@Initialize
@@Mytrayicon@Finalize
@@Mytrayicon@Initialize
@@Realaudioobjects_ocx@Finalize
@@Realaudioobjects_ocx@Initialize
@@Tlform@Finalize
@@Tlform@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
@@Unit7@Finalize
@@Unit7@Initialize
@@Unit8@Finalize
@@Unit8@Initialize
@@Unit9@Finalize
@@Unit9@Initialize
@@Unitfindprogram@Finalize
@@Unitfindprogram@Initialize
@@Unitlang@Finalize
@@Unitlang@Initialize
@@Unitsetpass@Finalize
@@Unitsetpass@Initialize
@@Xpgroupbox@Finalize
@@Xpgroupbox@Initialize
@Drlabel@Finalization$qqrv
@Drlabel@Register$qqrv
@Drlabel@TDRLabel@
@Drlabel@TDRLabel@$bctr$qqrp18Classes@TComponent
@Drlabel@TDRLabel@FTimerOnTimer$qqrp14System@TObject
@Drlabel@TDRLabel@Paint$qqrv
@Drlabel@TDRLabel@SetBlink$qqr16Drlabel@TDRBlink
@Drlabel@TDRLabel@SetBorder$qqr17Drlabel@TDRBorder
@Drlabel@TDRLabel@SetCtl3D$qqro
@Drlabel@TDRLabel@SetDeep$qqruc
@Drlabel@TDRLabel@SetHiColor$qqr15Graphics@TColor
@Drlabel@TDRLabel@SetInterval$qqri
@Drlabel@TDRLabel@SetLoColor$qqr15Graphics@TColor
@Drlabel@TDRLabel@SetShadowColor$qqr15Graphics@TColor
@Drlabel@initialization$qqrv
@Globalhotkey@Register$qqrv
@Hyperlabel@Finalization$qqrv
@Hyperlabel@Register$qqrv
@Hyperlabel@THyperLabel@
@Hyperlabel@THyperLabel@$bctr$qqrp18Classes@TComponent
@Hyperlabel@THyperLabel@CMMouseEnter$qqrr17Messages@TMessage
@Hyperlabel@THyperLabel@CMMouseLeave$qqrr17Messages@TMessage
@Hyperlabel@THyperLabel@SetColorLeaveLabel$qqr15Graphics@TColor
@Hyperlabel@initialization$qqrv
@Myimage@Register$qqrv
@Myimagebutton@Register$qqrv
@Myprogressbar@Register$qqrv
@Mytrayicon@Register$qqrv
@Realaudioobjects_ocx@Register$qqrv
@Realaudioobjects_tlb@TRealAudio@
@Realaudioobjects_tlb@TRealAudio@$bctr$qqrp18Classes@TComponent
@Realaudioobjects_tlb@TRealAudio@$bctr$qqrpv
@Realaudioobjects_tlb@TRealAudio@AboutBox$qqrv
@Realaudioobjects_tlb@TRealAudio@CControlData
@Realaudioobjects_tlb@TRealAudio@CanPause$qqrv
@Realaudioobjects_tlb@TRealAudio@CanPlay$qqrv
@Realaudioobjects_tlb@TRealAudio@CanPlayPause$qqrv
@Realaudioobjects_tlb@TRealAudio@CanStop$qqrv
@Realaudioobjects_tlb@TRealAudio@CreateControl$qqrv
@Realaudioobjects_tlb@TRealAudio@DEF_CTL_INTF
@Realaudioobjects_tlb@TRealAudio@DoGotoURL$qqrpbt1
@Realaudioobjects_tlb@TRealAudio@DoNextEntry$qqrv
@Realaudioobjects_tlb@TRealAudio@DoNextItem$qqrv
@Realaudioobjects_tlb@TRealAudio@DoPause$qqrv
@Realaudioobjects_tlb@TRealAudio@DoPlay$qqrv
@Realaudioobjects_tlb@TRealAudio@DoPlayPause$qqrv
@Realaudioobjects_tlb@TRealAudio@DoPrevEntry$qqrv
@Realaudioobjects_tlb@TRealAudio@DoPrevItem$qqrv
@Realaudioobjects_tlb@TRealAudio@DoStop$qqrv
@Realaudioobjects_tlb@TRealAudio@EditPreferences$qqrv
@Realaudioobjects_tlb@TRealAudio@EventDispIDs
@Realaudioobjects_tlb@TRealAudio@GetAuthor$qqrv
@Realaudioobjects_tlb@TRealAudio@GetAutoGotoURL$qqrv
@Realaudioobjects_tlb@TRealAudio@GetAutoStart$qqrv
@Realaudioobjects_tlb@TRealAudio@GetBackgroundColor$qqrv
@Realaudioobjects_tlb@TRealAudio@GetBandwidthAverage$qqrv
@Realaudioobjects_tlb@TRealAudio@GetBandwidthCurrent$qqrv
@Realaudioobjects_tlb@TRealAudio@GetBufferingTimeElapsed$qqrv
@Realaudioobjects_tlb@TRealAudio@GetBufferingTimeRemaining$qqrv
@Realaudioobjects_tlb@TRealAudio@GetCanSeek$qqrv
@Realaudioobjects_tlb@TRealAudio@GetCenter$qqrv
@Realaudioobjects_tlb@TRealAudio@GetClipHeight$qqrv
@Realaudioobjects_tlb@TRealAudio@GetClipWidth$qqrv
@Realaudioobjects_tlb@TRealAudio@GetConnectionBandwidth$qqrv
@Realaudioobjects_tlb@TRealAudio@GetConsole$qqrv
@Realaudioobjects_tlb@TRealAudio@GetConsoleEvents$qqrv
@Realaudioobjects_tlb@TRealAudio@GetControls$qqrv
@Realaudioobjects_tlb@TRealAudio@GetCopyright$qqrv
@Realaudioobjects_tlb@TRealAudio@GetCurrentEntry$qqrv
@Realaudioobjects_tlb@TRealAudio@GetDRMInfo$qqrpb
@Realaudioobjects_tlb@TRealAudio@GetDefaultInterface$qqrv
@Realaudioobjects_tlb@TRealAudio@GetDoubleSize$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEnableContextMenu$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEnableDoubleSize$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEnableFullScreen$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEnableMessageBox$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEnableOriginalSize$qqrv
@Realaudioobjects_tlb@TRealAudio@GetEntryAbstract$qqrs
@Realaudioobjects_tlb@TRealAudio@GetEntryAuthor$qqrs
@Realaudioobjects_tlb@TRealAudio@GetEntryCopyright$qqrs
@Realaudioobjects_tlb@TRealAudio@GetEntryTitle$qqrs
@Realaudioobjects_tlb@TRealAudio@GetFullScreen$qqrv
@Realaudioobjects_tlb@TRealAudio@GetImageStatus$qqrv
@Realaudioobjects_tlb@TRealAudio@GetIsPlus$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastErrorMoreInfoURL$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastErrorRMACode$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastErrorSeverity$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastErrorUserCode$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastErrorUserString$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLastMessage$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLength$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLiveState$qqrv
@Realaudioobjects_tlb@TRealAudio@GetLoop$qqrv
@Realaudioobjects_tlb@TRealAudio@GetMaintainAspect$qqrv
@Realaudioobjects_tlb@TRealAudio@GetMute$qqrv
@Realaudioobjects_tlb@TRealAudio@GetNoLabels$qqrv
@Realaudioobjects_tlb@TRealAudio@GetNoLogo$qqrv
@Realaudioobjects_tlb@TRealAudio@GetNumEntries$qqrv
@Realaudioobjects_tlb@TRealAudio@GetNumLoop$qqrv
@Realaudioobjects_tlb@TRealAudio@GetNumSources$qqrv
@Realaudioobjects_tlb@TRealAudio@GetOriginalSize$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsEarly$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsLate$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsMissing$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsOutOfOrder$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsReceived$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPacketsTotal$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPlayState$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPosition$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPreFetch$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPreferedLanguageID$qqrv
@Realaudioobjects_tlb@TRealAudio@GetPreferedLanguageString$qqrv
@Realaudioobjects_tlb@TRealAudio@GetRegion$qqrv
@Realaudioobjects_tlb@TRealAudio@GetShowAbout$qqrv
@Realaudioobjects_tlb@TRealAudio@GetShowPreferences$qqrv
@Realaudioobjects_tlb@TRealAudio@GetShowStatistics$qqrv
@Realaudioobjects_tlb@TRealAudio@GetShuffle$qqrv
@Realaudioobjects_tlb@TRealAudio@GetSource$qqrv
@Realaudioobjects_tlb@TRealAudio@GetSourceTransport$qqrs
@Realaudioobjects_tlb@TRealAudio@GetStereoState$qqrv
@Realaudioobjects_tlb@TRealAudio@GetTitle$qqrv
@Realaudioobjects_tlb@TRealAudio@GetUserCountryID$qqrv
@Realaudioobjects_tlb@TRealAudio@GetVersionInfo$qqrv
@Realaudioobjects_tlb@TRealAudio@GetVolume$qqrv
@Realaudioobjects_tlb@TRealAudio@GetWantErrors$qqrv
@Realaudioobjects_tlb@TRealAudio@GetWantKeyboardEvents$qqrv
@Realaudioobjects_tlb@TRealAudio@GetWantMouseEvents$qqrv
@Realaudioobjects_tlb@TRealAudio@GetWordBoolProp$qqri
@Realaudioobjects_tlb@TRealAudio@HasNextEntry$qqrv
@Realaudioobjects_tlb@TRealAudio@HasNextItem$qqrv
@Realaudioobjects_tlb@TRealAudio@HasPrevEntry$qqrv
@Realaudioobjects_tlb@TRealAudio@HasPrevItem$qqrv
@Realaudioobjects_tlb@TRealAudio@HideShowStatistics$qqrv
@Realaudioobjects_tlb@TRealAudio@InitControlData$qqrv
@Realaudioobjects_tlb@TRealAudio@IsStatisticsVisible$qqrv
@Realaudioobjects_tlb@TRealAudio@OptParam
@Realaudioobjects_tlb@TRealAudio@SetAuthor$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetAutoGotoURL$qqrs
@Realaudioobjects_tlb@TRealAudio@SetAutoStart$qqrs
@Realaudioobjects_tlb@TRealAudio@SetBackgroundColor$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetCanSeek$qqrs
@Realaudioobjects_tlb@TRealAudio@SetCenter$qqrs
@Realaudioobjects_tlb@TRealAudio@SetConsole$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetConsoleEvents$qqrs
@Realaudioobjects_tlb@TRealAudio@SetControls$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetCopyright$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetDoubleSize$qqrv
@Realaudioobjects_tlb@TRealAudio@SetEnableContextMenu$qqrs
@Realaudioobjects_tlb@TRealAudio@SetEnableDoubleSize$qqrs
@Realaudioobjects_tlb@TRealAudio@SetEnableFullScreen$qqrs
@Realaudioobjects_tlb@TRealAudio@SetEnableMessageBox$qqrs
@Realaudioobjects_tlb@TRealAudio@SetEnableOriginalSize$qqrs
@Realaudioobjects_tlb@TRealAudio@SetFullScreen$qqrv
@Realaudioobjects_tlb@TRealAudio@SetImageStatus$qqrs
@Realaudioobjects_tlb@TRealAudio@SetLoop$qqrs
@Realaudioobjects_tlb@TRealAudio@SetMaintainAspect$qqrs
@Realaudioobjects_tlb@TRealAudio@SetMute$qqrs
@Realaudioobjects_tlb@TRealAudio@SetNoLabels$qqrs
@Realaudioobjects_tlb@TRealAudio@SetNoLogo$qqrs
@Realaudioobjects_tlb@TRealAudio@SetNumLoop$qqrl
@Realaudioobjects_tlb@TRealAudio@SetOriginalSize$qqrv
@Realaudioobjects_tlb@TRealAudio@SetPosition$qqrl
@Realaudioobjects_tlb@TRealAudio@SetPreFetch$qqrs
@Realaudioobjects_tlb@TRealAudio@SetRegion$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetShowAbout$qqrs
@Realaudioobjects_tlb@TRealAudio@SetShowPreferences$qqrs
@Realaudioobjects_tlb@TRealAudio@SetShowStatistics$qqrs
@Realaudioobjects_tlb@TRealAudio@SetShuffle$qqrs
@Realaudioobjects_tlb@TRealAudio@SetSource$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetTitle$qqrpb
@Realaudioobjects_tlb@TRealAudio@SetVolume$qqrs
@Realaudioobjects_tlb@TRealAudio@SetWantErrors$qqrs
@Realaudioobjects_tlb@TRealAudio@SetWantKeyboardEvents$qqrs
@Realaudioobjects_tlb@TRealAudio@SetWantMouseEvents$qqrs
@Realaudioobjects_tlb@TRealAudio@SetWordBoolProp$qqrio
@TGlobalHotKey@
@TGlobalHotKey@$bctr$qqrp18Classes@TComponent
@TGlobalHotKey@GRegisterHotKey$qv
@TGlobalHotKey@GUnRegisterHotKey$qv
@TMyButtonCollection@
@TMyButtonCollection@$bctr$qqrp17Controls@TControlp15Extctrls@TPanel
@TMyButtonCollection@$bdtr$qqrv
@TMyButtonCollection@Add$qqrv
@TMyButtonCollection@GetItem$qqri
@TMyButtonCollection@GetOwner$qqrv
@TMyButtonCollection@Owner$qqrv
@TMyButtonCollection@SetItem$qqrip23TMyButtonCollectionItem
@TMyButtonCollection@Update$qqrp23Classes@TCollectionItem
@TMyButtonCollectionItem@
@TMyButtonCollectionItem@$bctr$qqrp19Classes@TCollection
@TMyButtonCollectionItem@$bdtr$qqrv
@TMyButtonCollectionItem@SetButton$qqrp14TMyImageButton
@TMyButtonPanel@
@TMyButtonPanel@$bctr$qqrp18Classes@TComponent
@TMyButtonPanel@$bdtr$qqrv
@TMyButtonPanel@PaintWindow$qqrpv
@TMyButtonPanel@ShowControls$qqrv
@TMyGroupBox@
@TMyGroupBox@$bctr$qqrp18Classes@TComponent
@TMyGroupBox@$bdtr$qqrv
@TMyGroupBox@Paint$qqrv
@TMyImage@
@TMyImage@$bctr$qqrp18Classes@TComponent
@TMyImage@$bdtr$qqrv
@TMyImage@Dispatch$qqrpv
@TMyImage@LButtonDown$qqrr17Messages@TMessage
@TMyImage@SetActPicture$qqrp17Graphics@TPicture
@TMyImage@SetInActPicture$qqrp17Graphics@TPicture
@TMyImage@SetPic$qo
@TMyImageButton@
@TMyImageButton@$bctr$qqrp18Classes@TComponent
@TMyImageButton@$bdtr$qqrv
@TMyImageButton@CMMouseEnter$qqrr17Messages@TMessage
@TMyImageButton@CMMouseLeave$qqrr17Messages@TMessage
@TMyImageButton@Click$qqrv
@TMyImageButton@Dispatch$qqrpv
@TMyImageButton@HideSubItems$qqrv
@TMyImageButton@Paint$qqrv
@TMyImageButton@SetBackColor$qqr15Graphics@TColor
@TMyImageButton@SetBackPic$qqrp16Graphics@TBitmap
@TMyImageButton@SetEnterColor$qqr15Graphics@TColor
@TMyImageButton@SetLeaveColor$qqr15Graphics@TColor
@TMyImageButton@SetMyGlyph$qqrp16Graphics@TBitmap
@TMyImageButton@SetRectColor$qqr15Graphics@TColor
@TMyImageButton@SetTextLayout$qqr13TMyTextLayout
@TMyImageButton@ShowControls$qqrv
@TMyProgressBar@
@TMyProgressBar@$bctr$qqrp18Classes@TComponent
@TMyProgressBar@AdjustColors$q18Controls@TBevelCutr15Graphics@TColort2
@TMyProgressBar@Paint$qqrv
@TMyProgressBar@SetMax$qqri
@TMyProgressBar@SetPosition$qqri
@TMyTrayIcon@
@TMyTrayIcon@$bctr$qqrp18Classes@TComponent
@TMyTrayIcon@$bdtr$qqrv
@TMyTrayIcon@AddTrayIcon$qqrv
@TMyTrayIcon@DeleteTrayIcon$qqrv
@TMyTrayIcon@DoMessage$qqrr17Messages@TMessage
@TMyTrayIcon@Minimize$qqrv
@TMyTrayIcon@Restore$qqrv
@TMyTrayIcon@SetIcon$qqrp14Graphics@TIcon
@TMyWindowBar@
@TMyWindowBar@$bctr$qqrp18Classes@TComponent
@TMyWindowBar@$bdtr$qqrv
@TMyWindowBar@Paint$qqrv
@TMyWindowBar@SetIconEnter$qqrp17Graphics@TPicture
@TMyWindowBar@SetIconLeave$qqrp17Graphics@TPicture
@TMyWindowBar@SetNewAlign$qqr9TNewAlign
@TMyWindowBar@SetPicture$qqrp17Graphics@TPicture
@TMyWindowBar@WndProc$qqrr17Messages@TMessage
@TMyWindowIcon@
@TMyWindowIcon@$bctr$qqrp18Classes@TComponent
@TMyWindowIcon@$bdtr$qqrv
@TMyWindowIcon@Dispatch$qqrpv
@TMyWindowIcon@SetIconEnter$qqrp17Graphics@TPicture
@TMyWindowIcon@SetIconLeave$qqrp17Graphics@TPicture
@TMyWindowIcon@WndProc$qqrr17Messages@TMessage
@TTLForm@
@TTLForm@$bctr$qqrp18Classes@TComponent
@TTLForm@AfterConstruction$qqrv
@TTLForm@MLangInit$qv
@TTLForm@MLangInit$qv
@TTLForm@MLangInit$qv
@TTLForm@MLangInit$qv
@TTLForm@MLangWrite$qv
@TXPGroupBox@
@TXPGroupBox@$bctr$qqrp18Classes@TComponent
@TXPGroupBox@$bctr$qqrpv
@TXPGroupBox@AdjustClientRect$qqrr11Types@TRect
@TXPGroupBox@CreateParams$qqrr22Controls@TCreateParams
@Tlform@Register$qqrv
@Xpgroupbox@Register$qqrv
_FormChangePassword
_FormFindProgram
_FormPassword
_FormProgInfo
_FormReg
_FormSearchProgram
_FormSetPass
_FormTrial
_TLFormLang
_TLPDFormMain
__GetExceptDLLinfo
___CPPdebugHook

Sections

UPX0
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 924KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tlpd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tlpd64.exe
.exe windows:4 windows x64 arch:x64

e1ebd6e2e8eb431bfd30e56faa50613e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

kernel32

CloseHandle
GetModuleHandleW
OpenProcess
GetShortPathNameA
GetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
GetVersionExA
WinExec
GetCurrentProcessId
LocalFree
SystemTimeToFileTime
GetVolumeInformationA
GetSystemTime
_lopen
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
_lread
DeviceIoControl
GlobalFree
MultiByteToWideChar
GetSystemDirectoryA
GlobalAlloc
_lcreat
_lclose
_lwrite
_llseek
CreateFileA
FlushFileBuffers
InitializeCriticalSection
LoadLibraryA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
Sleep
HeapSize
ExitProcess
RtlUnwindEx
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc

user32

PostMessageA
RegisterWindowMessageA
DialogBoxParamA
EndPaint
GetMessageA
SetTimer
RegisterClassExA
KillTimer
DrawTextA
LoadStringA
LoadIconA
GetClientRect
BeginPaint
TranslateMessage
CreateWindowExA
TranslateAcceleratorA
EndDialog
DefWindowProcA
LoadAcceleratorsA
DispatchMessageA
FindWindowA
LoadCursorA

advapi32

RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
BuildExplicitAccessWithNameA
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
RegCloseKey
RegSetValueExA

tlpd64

Unhook
Init
Hook

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
CheckDlgButton
SetCursor
LoadCursorA
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OldPassUninst.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/PDInst.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CheckInst
CheckPass
CheckPassInput
GetOSVersion
InstDrv
SetPass
Uninst
UninstDrv

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64GetExePath.exe
.exe windows:4 windows x64 arch:x64

0d333c9c874366b1f3538297ed3e01b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
GetShortPathNameA
GetProcAddress
LoadLibraryA
WritePrivateProfileStringA
ExpandEnvironmentStringsA
FindNextFileA
DeleteFileA
OpenProcess
CloseHandle
FreeLibrary
FindClose
GetModuleFileNameA
FindFirstFileA
HeapReAlloc
InitializeCriticalSection
HeapSize
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
RaiseException
RtlPcToFileHeader
ExitProcess
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
Sleep
GetLocaleInfoA

advapi32

RegSetValueExA
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 35KB - Virtual size: 84KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

yC Size: 3KB - Virtual size: 8KB

48815f256b99e9e5b31546e652c07562

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 8KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

6f0348b9471f82776a05d65cb2b52aa2

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 516B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

ce84b1242c03983a66a4321dfd4f1948

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

.text
Size: 35KB - Virtual size: 84KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

yC
Size: 3KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 516B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 880B

.reloc
Size: 480B - Virtual size: 476B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 1024B - Virtual size: 828B

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.PDMON
Size: 72KB - Virtual size: 69KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 3KB

.PDMON
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 944B

UPX0
Size: - Virtual size: 116KB

UPX1
Size: 23KB - Virtual size: 24KB

UPX2
Size: 512B - Virtual size: 4KB