fb0d074b6a502d4d1aae8af98ffe34ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb0d074b6a502d4d1aae8af98ffe34ea_JaffaCakes118
Size

6.3MB
MD5

fb0d074b6a502d4d1aae8af98ffe34ea
SHA1

3b8dc2bbb07c1a510b1fd55dc34e1ca4e077b5b3
SHA256

57cd63cc07c6c144b64e9b4583f7606413981c210f8b5d8442d182dc3b8c4600
SHA512

749aab5dc0c37c74f56c204b0974799d449df7273d17583ccebb0b47fc6b165aa565271bec5351d241c35ad1e3df5e3e392d7a753a245c337a2c7f2377464206
SSDEEP

196608:inTcbiFYE+vAVTpWVjNA1kjSeuE8OoQU029gcq1r+dm0JJ:iYbUCArWASeQU01c3dNJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/生化危机5联机教程+工具补丁/联机补丁/DLLLoad.exe	vmprotect

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/生化危机5联机教程+工具补丁/vLan2900.exe
unpack003/DCx64.exe
unpack003/DCx86.exe
unpack003/certmgr.exe
unpack004/lib_game.dll
unpack004/lib_war3.dll
unpack004/lib_war3x.dll
unpack004/vLanSvc.dll
unpack004/zlib1.dll
unpack002/unzip.exe
unpack005/UPnP.DLL
unpack005/sqlite3.dll
unpack005/vLan.exe
unpack002/vLoader.exe
unpack001/生化危机5联机教程+工具补丁/生化危机5联机教程.exe
unpack001/生化危机5联机教程+工具补丁/联机补丁/DLLLoad.exe
unpack001/生化危机5联机教程+工具补丁/联机补丁/TeknoGods.dll

Files

fb0d074b6a502d4d1aae8af98ffe34ea_JaffaCakes118
.zip
生化危机5联机教程+工具补丁/vLan2900.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
drv.zip
.zip
DCx64.exe
.exe windows:6 windows x64 arch:x64

76bbb3bb57493f8af4afd8c7c700309a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

devcon.pdb

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
FileTimeToSystemTime
GetFullPathNameW
FindFirstFileW
LoadLibraryW
GetFileAttributesW
GetProcAddress
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DCx86.exe
.exe windows:6 windows x86 arch:x86

d06468ab9c11b378b5ddeb17e2b95db7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

devcon.pdb

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

kernel32

LocalFree
FormatMessageW
CloseHandle
GetCurrentProcess
GetLastError
lstrlenW
GetDateFormatW
FileTimeToSystemTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
fputws
fputs
??3@YAXPAX@Z
_controlfp
memset
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
wprintf
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPAXI@Z

ntdll

RtlUnwind

ole32

CLSIDFromString

setupapi

SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiBuildClassInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupDiGetClassDescriptionExW
SetupCloseInfFile
SetupDiOpenClassRegKeyExW
SetupDiGetDriverInstallParamsW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiGetDeviceRegistryPropertyW
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
CM_Get_First_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IPVE.cer
IPvE.cat
IPvE.inf
IPvE.sys
.sys windows:6 windows x86 arch:x86

33f84239113b36edbcc0ba99341ffff8

Code Sign

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

Issuer

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

Not Before

02/04/2009, 09:05

Not After

31/12/2039, 23:59

Subject

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:60:4a:83:e8:fd:99:28:19:85:d9:31:33:5a:9c:2e:d8:0f:df:9b
Signer

Actual PE Digest

f7:60:4a:83:e8:fd:99:28:19:85:d9:31:33:5a:9c:2e:d8:0f:df:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\ipve.adapter\objfre_w2k_x86\i386\IPvE.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeAnsiString
IoReleaseCancelSpinLock
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
MmMapLockedPagesSpecifyCache
IofCompleteRequest
memset
IoFreeMdl
memcpy

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisTerminateWrapper
NdisInitializeEvent
NdisMSetAttributesEx
NdisOpenConfiguration
NdisReadConfiguration
NdisReadNetworkAddress
NdisMRegisterMiniport
NdisMRegisterAdapterShutdownHandler
NdisMRegisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisUnchainBufferAtBack
NdisInitializeWrapper
NdisCloseConfiguration
NdisAllocateBufferPool
NdisFreeMemory
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateMemoryWithTag
NdisFreePacketPool
NdisAllocatePacketPoolEx
NdisFreeBufferPool
NdisMSleep
NdisPacketPoolUsage
NdisMDeregisterDevice
NdisSetEvent
NdisWaitEvent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IPvEx64.cat
IPvEx64.inf
IPvEx64.sys
.sys windows:6 windows x64 arch:x64

831bfdc5136361010d292ea895cc323a

Code Sign

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

Issuer

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

Not Before

02/04/2009, 09:05

Not After

31/12/2039, 23:59

Subject

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:ef:6b:e6:b2:86:00:d8:6d:63:17:00:26:32:74:9d:a2:0f:1d:b3
Signer

Actual PE Digest

ed:ef:6b:e6:b2:86:00:d8:6d:63:17:00:26:32:74:9d:a2:0f:1d:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

x:\ipve.adapter\objfre_wlh_amd64\amd64\IPvE.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
RtlFreeAnsiString
IoReleaseCancelSpinLock
ZwClose
ZwSetSecurityObject
ZwOpenFile
RtlCreateSecurityDescriptor
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
IofCompleteRequest
MmMapLockedPagesSpecifyCache
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoFreeMdl

ndis.sys

NdisFreePacketPool
NdisUnchainBufferAtBack
NdisWaitEvent
NdisSetEvent
NdisMDeregisterDevice
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisMRegisterDevice
NdisCloseConfiguration
NdisReadNetworkAddress
NdisReadConfiguration
NdisOpenConfiguration
NdisMSetAttributesEx
NdisInitializeEvent
NdisAllocateMemoryWithTag
NdisAllocatePacket
NdisAllocateBuffer
NdisFreePacket
NdisFreeMemory
NdisAllocatePacketPoolEx
NdisAllocateBufferPool
NdisPacketPoolUsage
NdisMSleep
NdisFreeBufferPool
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IPvEx86.cat
IPvEx86.inf
IPvEx86.sys
.sys windows:6 windows x86 arch:x86

ea9e98a9882e01fe4cd453d997a93d22

Code Sign

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

Issuer

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

Not Before

02/04/2009, 09:05

Not After

31/12/2039, 23:59

Subject

CN=IPVE,1.2.840.113549.1.9.1=#0c0c73766340697076652e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:9f:6b:8f:e0:45:f9:52:4a:f1:ad:4e:82:1a:e3:96:c9:a8:2e:6b
Signer

Actual PE Digest

de:9f:6b:8f:e0:45:f9:52:4a:f1:ad:4e:82:1a:e3:96:c9:a8:2e:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\ipve.adapter\objfre_wlh_x86\i386\IPvE.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeAnsiString
IoReleaseCancelSpinLock
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
MmMapLockedPagesSpecifyCache
IofCompleteRequest
memset
IoFreeMdl
memcpy

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisTerminateWrapper
NdisInitializeEvent
NdisMSetAttributesEx
NdisOpenConfiguration
NdisReadConfiguration
NdisReadNetworkAddress
NdisMRegisterMiniport
NdisMRegisterDevice
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisUnchainBufferAtBack
NdisWaitEvent
NdisSetEvent
NdisInitializeWrapper
NdisCloseConfiguration
NdisFreePacketPool
NdisFreeMemory
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateMemoryWithTag
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisFreeBufferPool
NdisMSleep
NdisPacketPoolUsage
NdisMDeregisterDevice

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certmgr.exe
.exe windows:6 windows x86 arch:x86

7a7c6506fbb24dc5a3e42f717ca920c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CertMgr.pdb

Imports

advapi32

CryptAcquireContextA
CryptReleaseContext

kernel32

Sleep
InterlockedCompareExchange
RtlUnwind
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
MapViewOfFile
CreateFileMappingA
GetFileSize
WriteFile
WideCharToMultiByte
InterlockedExchange
GetSystemTime
SystemTimeToFileTime
CompareFileTime
MultiByteToWideChar
FileTimeToLocalFileTime
CreateFileW
FileTimeToSystemTime
UnmapViewOfFile
CloseHandle
GetLastError
SetLastError
GetModuleHandleA

msvcrt

_controlfp
?terminate@@YAXXZ
malloc
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
scanf
memcpy
_wasctime
memset
_wtol
printf
wprintf
towupper
realloc
free
strtok
_vsnwprintf
_wcsicmp
vwprintf

user32

LoadStringA
LoadStringW

crypt32

CryptInitOIDFunctionSet
CertFreeCertificateContext
CertSetCertificateContextProperty
CertEnumCertificatesInStore
CryptEncodeObject
CertFreeCRLContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertFreeCTLContext
CertAddCRLContextToStore
CertAddCTLContextToStore
CertEnumCTLsInStore
CertAddCertificateContextToStore
CertDeleteCRLFromStore
CertDuplicateCRLContext
CertDeleteCTLFromStore
CertDuplicateCTLContext
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CryptStringToBinaryA
CryptStringToBinaryW
CertCloseStore
CertAddEncodedCRLToStore
CertOpenStore
CertAddEncodedCertificateToStore
CertAddEncodedCTLToStore
CertRDNValueToStrW
CryptDecodeObject
CryptFindOIDInfo
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptSIPLoad
CryptSIPRetrieveSubjectGuid
CertGetCertificateContextProperty
CertEnumCertificateContextProperties
CertRDNValueToStrA
CertSaveStore
CertGetPublicKeyLength
CryptHashPublicKeyInfo
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CertGetCTLContextProperty
CertFindCTLInStore
CryptInstallOIDFunctionAddress

cryptui

CryptUIDlgCertMgr

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rule.db
svc.zip
.zip
lib_game.dll
.dll windows:5 windows x86 arch:x86

2e4ecfddbe5fc6501c034f4c597acf2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\vLanSvc\Release\lib_game.pdb

Imports

iphlpapi

GetTcpTable
GetUdpTable

ws2_32

gethostname
getsockname
sendto
bind
gethostbyname
getsockopt
WSAIoctl

winmm

timeGetTime

kernel32

InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetCurrentThread
GetModuleFileNameW
DisableThreadLibraryCalls
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
VirtualQuery
VirtualProtect
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
SetLastError
GetLocaleInfoA
LoadLibraryA
HeapSize
VirtualAlloc
HeapFree
HeapAlloc
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
LCMapStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW

user32

CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx

advapi32

RegOpenKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW

Exports

Exports

HookApi
UnHookApi
cast_filter
port_filter
recv_filter
send_filter
state_filter

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHAREDA
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib_war3.dll
.dll windows:5 windows x86 arch:x86

280b7b053dcb71a1b37beb1070b0787e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\vLanSvc\Release\lib_war3.pdb

Imports

iphlpapi

GetUdpTable
GetTcpTable

psapi

GetModuleFileNameExW

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

sendto
getpeername
bind
send

kernel32

GetCommandLineA
HeapSize
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
SetEvent
SleepEx
GetModuleHandleW
GetCurrentThread
Thread32First
TerminateThread
ReadProcessMemory
TerminateProcess
Thread32Next
GetModuleFileNameW
DisableThreadLibraryCalls
OpenThread
CreateEventW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
GetThreadContext
SetThreadContext
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LCMapStringA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter

user32

GetWindowThreadProcessId
SetWindowTextW
CallNextHookEx
FindWindowW
EnumWindows
wsprintfW
GetWindowTextW
SetWindowsHookExW
UnhookWindowsHookEx
MessageBoxW
SendMessageW

Exports

Exports

HookApi
UnHookApi
cast_filter
port_filter
recv_filter
send_filter
state_filter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHAREDA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib_war3x.dll
.dll windows:5 windows x86 arch:x86

280b7b053dcb71a1b37beb1070b0787e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\vLanSvc\Release\lib_war3x.pdb

Imports

iphlpapi

GetUdpTable
GetTcpTable

psapi

GetModuleFileNameExW

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

sendto
getpeername
bind
send

kernel32

GetCommandLineA
HeapSize
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
SetEvent
SleepEx
GetModuleHandleW
GetCurrentThread
Thread32First
TerminateThread
ReadProcessMemory
TerminateProcess
Thread32Next
GetModuleFileNameW
DisableThreadLibraryCalls
OpenThread
CreateEventW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
FlushInstructionCache
GetThreadContext
SetThreadContext
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LCMapStringA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter

user32

GetWindowThreadProcessId
SetWindowTextW
CallNextHookEx
FindWindowW
EnumWindows
wsprintfW
GetWindowTextW
SetWindowsHookExW
UnhookWindowsHookEx
MessageBoxW
SendMessageW

Exports

Exports

HookApi
UnHookApi
cast_filter
port_filter
recv_filter
send_filter
state_filter

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHAREDA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vLanSvc.dll
.dll windows:5 windows x86 arch:x86

f265cca17c1d486de8b884b63463d943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACreateEvent
closesocket
send
connect
select
WSAGetLastError
WSARecvFrom
recv
WSAGetOverlappedResult
WSASendTo
WSAStartup
WSACloseEvent
ioctlsocket
WSASocketW
getsockname
setsockopt
bind
socket

winmm

timeGetTime

zlib1

uncompress
compress

iphlpapi

GetIpAddrTable
GetIfTable
GetInterfaceInfo
IpReleaseAddress

kernel32

HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TerminateProcess
CreateFileA
FreeLibrary
WaitForSingleObject
SleepEx
WriteFile
LoadLibraryW
ReadFile
GetOverlappedResult
GetLastError
GetProcAddress
CreateEventW
DeviceIoControl
CloseHandle
SetPriorityClass
GetCurrentProcess
SetEvent
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
CreateThread
GetVersionExW
DeleteCriticalSection
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

Exports

Exports

method_check_port
method_enter_zone
method_exit_zone
method_get_mac
method_get_status
method_get_user_state
method_init_device
method_psp_detect
method_reset
method_send_chat
method_set_chat_event
method_set_drop_event
method_set_psp_detect_event
method_set_vlan_hwnd
method_user_list
vLanSvc_Free
vLanSvc_Init

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

7e3560e4dd2deaa398fa039458dd4b4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
malloc
strerror
fflush
_errno
fopen
fread
fprintf
_vsnprintf
sprintf
ftell
fseek
fclose
clearerr
_fdopen
_initterm
_adjust_fdiv
fwrite
fputc

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unzip.exe
.exe windows:4 windows x86 arch:x86

376feacfd33edfe0c284f3b4e459a7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
OpenFile
LeaveCriticalSection
HeapFree
GetProcessHeap
EnterCriticalSection
lstrcpynA
HeapAlloc
lstrcmpiA
lstrlenA
GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
SetConsoleCtrlHandler
ExitProcess
TerminateProcess
GetCommandLineA
UnhandledExceptionFilter
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
SetVolumeLabelA
_lclose
MultiByteToWideChar
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadFile
SetStdHandle
GetProcAddress
LoadLibraryA
HeapReAlloc
SetEndOfFile
FindClose
FindFirstFileA
FindNextFileA
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
SetFileAttributesA
CreateFileA
GetLastError
GetVersion
SetFileTime
CloseHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
SetConsoleMode
GetConsoleMode
DeleteFileA
GetFileAttributesA
FileTimeToSystemTime
ReadConsoleInputA
GetCurrentDirectoryA
CreateDirectoryA

advapi32

GetSecurityDescriptorControl
OpenProcessToken
AdjustTokenPrivileges
GetKernelObjectSecurity
LookupPrivilegeValueA
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidAcl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
IsValidSid

user32

OemToCharA
CharToOemA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vLan.zip
.zip
UPnP.DLL
.dll windows:5 windows x86 arch:x86

3bf9239e34067b94243294fd0bb994ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\UPnP.DLL\Release\UPnP.pdb

Imports

ws2_32

WSASetLastError
recv
send
ioctlsocket
connect
recvfrom
inet_addr
htonl
select
WSAGetLastError
ntohs
getsockname
shutdown
setsockopt
sendto
bind
socket
__WSAFDIsSet
closesocket
listen
accept
gethostname
inet_ntoa
WSAStartup
WSACleanup
gethostbyname
htons

kernel32

GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
SetStdHandle
CreateFileA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
Sleep
GetSystemTimeAsFileTime
GetVersionExA
GetComputerNameA
GlobalMemoryStatus
QueryPerformanceCounter
GetTickCount
GetSystemInfo
CreateEventA
InterlockedExchangeAdd
InterlockedExchange
GetProcessAffinityMask
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetLastError
OpenProcess
GetCurrentProcessId
TlsAlloc
SetLastError
TlsGetValue
GetThreadPriority
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
ReleaseSemaphore
TlsSetValue
InterlockedDecrement
CreateSemaphoreA
TlsFree
DeleteCriticalSection
ResumeThread
GetProcAddress
FreeLibrary
InitializeCriticalSection
ResetEvent
SetThreadContext
GetThreadContext
SuspendThread
WaitForMultipleObjects
LoadLibraryA
GetModuleHandleA
GetCommandLineA
HeapFree
HeapAlloc
WideCharToMultiByte
GetTimeZoneInformation
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
GetModuleHandleW
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
WriteFile
GetCPInfo
MultiByteToWideChar
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode

Exports

Exports

UPnP_MapPort
pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/frame_bg.png
.png
data/logo.png
.png
data/logo_chs.png
.png
data/navbar_bg.png
.png
sqlite3.dll
.dll windows:5 windows x86 arch:x86

eea2c159b162999fc0b681e108345afa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
WideCharToMultiByte
LoadLibraryW
GetVersionExW
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
LoadLibraryA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
RtlUnwind
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
GetModuleHandleA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vLan.exe
.exe windows:5 windows x86 arch:x86

73ee62995e4e6ac3ddb919324c40d027

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\vLan\Release\vLan.pdb

Imports

zlib1

compress
uncompress

ws2_32

gethostbyname
WSAStartup
connect
select
getsockname
setsockopt
recv
socket
__WSAFDIsSet
closesocket
send
inet_ntoa
htonl
htons
inet_addr

sqlite3

sqlite3_free
sqlite3_open
sqlite3_close
sqlite3_mprintf
sqlite3_get_table
sqlite3_free_table
sqlite3_exec

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetBestRoute

upnp

UPnP_MapPort

vlansvc

method_send_chat
method_get_mac
method_exit_zone
method_init_device
method_get_status
method_set_vlan_hwnd
method_set_chat_event
method_user_list
method_set_psp_detect_event
method_set_drop_event
method_reset
method_enter_zone
method_get_user_state
vLanSvc_Init
method_check_port
method_psp_detect

kernel32

MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
EnterCriticalSection
CreateEventW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
DeviceIoControl
CreateProcessW
WaitForSingleObject
TerminateThread
TerminateProcess
InterlockedExchange
CreateThread
lstrlenA
lstrcpynA
SetEvent
GetVersionExW
LeaveCriticalSection
SleepEx
GetTickCount
CreateMutexW
FindResourceW
LoadResource
LoadLibraryExW
SizeofResource
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
lstrcmpW
SetUnhandledExceptionFilter
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSection
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
IsValidCodePage
IsDebuggerPresent
HeapCreate
VirtualFree
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
VirtualProtect
HeapAlloc
GetModuleFileNameW
UnhandledExceptionFilter
MulDiv
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
GetProcessHeap
IsProcessorFeaturePresent
HeapFree
lstrcpynW
GetModuleHandleA

user32

GetMenuItemCount
RemoveMenu
AdjustWindowRectEx
MapWindowPoints
DestroyMenu
GetMonitorInfoW
SetTimer
GetWindowRect
GetWindowDC
DrawTextW
KillTimer
DialogBoxParamW
DrawEdge
SetRectEmpty
GetClassLongW
PtInRect
GetDoubleClickTime
GetCapture
DrawFocusRect
InflateRect
OffsetRect
IntersectRect
SystemParametersInfoW
DestroyCursor
GetCursorPos
ShowWindow
GetActiveWindow
EqualRect
MessageBoxW
IsWindowVisible
EnableWindow
CopyRect
SetCursor
LoadImageW
GetSysColorBrush
GetDlgCtrlID
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
GetMessageW
ScreenToClient
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
InvalidateRgn
LoadCursorW
GetClientRect
wvsprintfW
TranslateMessage
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
GetDC
RegisterClassExW
InvalidateRect
GetWindowTextW
SetClassLongW
GetClassNameW
ReleaseDC
GetDlgItem
RedrawWindow
GetDesktopWindow
GetSysColor
LoadAcceleratorsW
IsCharAlphaNumericW
LoadMenuW
DispatchMessageW
IsWindowEnabled
GetSystemMetrics
UpdateWindow
SetDlgItemTextW
MonitorFromPoint
PostQuitMessage
TrackPopupMenu
SetForegroundWindow
LoadStringA
MessageBeep
GetMenuItemInfoW
LoadIconW
TrackPopupMenuEx
AppendMenuW
SetWindowPos
IsWindow
CreateWindowExW
ReleaseCapture
SendMessageW
SetWindowTextW
GetWindow
MoveWindow
PeekMessageW
MonitorFromWindow
LoadStringW
PostMessageW
GetParent
GetMenu
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
DestroyAcceleratorTable
CreatePopupMenu
UnregisterClassA
EndDialog

gdi32

SelectClipRgn
SetBkMode
SetDIBColorTable
SetBkColor
StretchBlt
CreateFontIndirectW
CreateDIBSection
DPtoLP
LPtoDP
LineTo
SetViewportOrgEx
PatBlt
SetWindowOrgEx
MoveToEx
GetClipRgn
SaveDC
ExtTextOutW
GetDIBColorTable
CreateRectRgn
Polyline
GetClipBox
IntersectClipRect
RestoreDC
Polygon
CreatePen
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
SetTextColor
CreateSolidBrush
GetStockObject

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

Shell_NotifyIconW

ole32

CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
DoDragDrop
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance

oleaut32

VarDateFromStr
VarUI4FromStr
VariantChangeType
VariantCopy
VarDecFromStr
VarDecCmp
VarR8FromStr
VarI4FromStr
SysAllocString
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysFreeString

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipFree
GdipAlloc

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vLoader.exe
.exe windows:5 windows x86 arch:x86

688caa41b5bba9575e3aff16766a1462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
socket
htons
select
closesocket
WSAStartup
inet_addr

comctl32

InitCommonControlsEx

wininet

InternetOpenW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW

rpcrt4

UuidFromStringW

advapi32

OpenSCManagerW
RegQueryValueExW
RegSetValueExW
RegCloseKey
QueryServiceConfigW
RegEnumKeyExW
ControlService
RegOpenKeyExW
EqualSid
RegCreateKeyExW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
GetSecurityInfo
CloseServiceHandle
OpenProcessToken
DeleteService
GetTokenInformation
OpenServiceW
RegDeleteKeyW

gdi32

CreateFontIndirectW

user32

DispatchMessageW
GetWindowThreadProcessId
DefWindowProcW
DestroyWindow
EnumDesktopWindows
SetTimer
GetWindowRect
SetActiveWindow
GetMessageW
PostQuitMessage
PostMessageW
KillTimer
LoadCursorW
OpenDesktopW
CloseDesktop
wsprintfW
TranslateMessage
LoadIconW
InvalidateRect
GetWindowTextW
SetWindowPos
ShowWindow
CreateWindowExW
MessageBoxW
RegisterClassW
GetSystemMetrics
SendMessageW
UpdateWindow
EnableWindow
SetWindowTextW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

shell32

ord155
SHGetSpecialFolderLocation
ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW

oleaut32

SysFreeString
SysAllocString

kernel32

GetLocaleInfoA
HeapSize
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
WriteFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
HeapAlloc
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapFree
SetStdHandle
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
CreateMutexW
FindFirstFileW
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
SleepEx
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
TerminateThread
CopyFileW
SizeofResource
GetVersionExW
GetExitCodeProcess
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetLastError
GetProcAddress
FindClose
LocalAlloc
LockResource
CreateEventW
SetCurrentDirectoryW
RemoveDirectoryW
FindNextFileW
CloseHandle
GetWindowsDirectoryW
DeleteFileW
LocalFree
SetFileAttributesW
CreateThread
Sleep
ExitProcess
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ReadFile
SetHandleCount

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version.txt
生化危机5联机教程+工具补丁/教程说明.txt
生化危机5联机教程+工具补丁/生化危机5联机教程.exe
.exe windows:4 windows x86 arch:x86

6c424b31860b36863dc94d7c0c507097

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutOpen
waveOutRestart
waveOutPause
waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutWrite

msvfw32

DrawDibClose
DrawDibDraw
DrawDibOpen

mfc42

ord5300
ord4698
ord5307
ord4274
ord6375
ord413
ord825
ord711
ord6307
ord4167
ord521
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1146
ord1168
ord6199
ord4299
ord2864
ord4710
ord2379
ord6215
ord800
ord537
ord5875
ord2859
ord755
ord470
ord4220
ord2584
ord3654
ord2438
ord6270
ord3797
ord2863
ord6605
ord6157
ord3663
ord1644
ord860
ord540
ord2370
ord3092
ord4853
ord4224
ord6334
ord6055
ord1776
ord5290
ord3402
ord4424
ord3716
ord567
ord790
ord6646
ord2302
ord6111
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord554
ord366
ord807
ord2086
ord2494
ord2627
ord2626
ord4163
ord6625
ord4457
ord5252
ord1200
ord6131
ord6216
ord4413
ord4612
ord4610
ord4545
ord4387
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord1576
ord5302
ord2725
ord4079
ord2256
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord2558
ord5301
ord5214
ord296
ord986
ord520
ord2621
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord2726
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1920
ord4262
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4889
ord4531
ord4226
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord784
ord517
ord5260
ord4723
ord3075
ord5037
ord5146
ord4692
ord1948
ord5303
ord4699
ord5715
ord565
ord817

msvcrt

_stricmp
fwrite
_ftol
calloc
memset
memcpy
__CxxFrameHandler
_EH_prolog
abs
strcpy
strlen
fclose
clock
malloc
exit
fopen
fread
free
ftell
fseek
sprintf
_splitpath
_setmbcp
__getmainargs
floor
realloc
_msize
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__p__fmode
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_except_handler3
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
Sleep

user32

LoadIconA
SetTimer
GetWindowRect
GetDesktopWindow
SendMessageA
IsWindowVisible
ReleaseDC
DrawIcon
GetClientRect
GetDC
RedrawWindow
SetCursor
LoadCursorA
GetParent
GetSubMenu
LoadMenuA
EnableWindow
PostThreadMessageA
PostMessageA
UpdateWindow

gdi32

StretchDIBits

shell32

ShellExecuteA

Exports

Exports

??0CPixel@@QAE@EEE@Z
??0CPixel@@QAE@XZ
??0CRawBmp@@QAE@XZ
??0SCSRFileHead@@QAE@XZ
??1CRawBmp@@QAE@XZ
??4CPixel@@QAEAAU0@U0@@Z
??4CRawBmp@@QAEAAV0@ABV0@@Z
??4SCSRFileHead@@QAEAAU0@ABU0@@Z
?Create@CRawBmp@@QAEHHH@Z
?DeleteData@CRawBmp@@QAEXXZ
?GetBlock@CRawBmp@@QAEPAUCPixel@@HH@Z
?GetImageData@CRawBmp@@QAEPAUCPixel@@XZ
?GetPoint@CRawBmp@@QAEPAUCPixel@@HH@Z
?SetBlock@CRawBmp@@QAEHHHPAUCPixel@@@Z

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
生化危机5联机教程+工具补丁/联机补丁/ConnectionOverrideVLAN.reg
生化危机5联机教程+工具补丁/联机补丁/DLLLoad.exe
.exe windows:5 windows x86 arch:x86

d63b5ec38c11528ee1ca08a62c7f6830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

)��Q��1& _lw�9!�;D��C�� L7��nD+u1��?|[��K�U_��hi^�3r%�FV�DAcq�U�%�ͻ�TL�ln�r�hi|�3s��XE��z��R�$�5�`(suz��%�y OYW�!bZ�?Ԍ��b��q/�h��DZ�n�U@H��a�9Tj�SF#��]��E�J�ɬfxC��H�ж�Ub��+=�%�TS�q��9��e��~}TDG��ڿ~)I�6��k��X�w[�6�آƲ�IvqC��=��s�}!��E��j��}��M��r�pX��+�ſ��ÊwU�0Y}��(K�gE�l��a�$�ʒ�Ĵ'��"Aai�?�ݶh ��D�%�c��O-=�g�U{d�65qhvqW)��5�(}�To�Sp��<8@�p�e;3W�p��`^0^�œ<[͸��Z��|�xu�&]��'�P��ho"��( �r͜��ײ �Кʭ�Ճ}��y� �S*�B^�,�I5��7��*�W��[�c��~��7�� L�.��8y!�Б��d�4��ڠ�d��ɬޚ�d��mS��>��s�+��5=h��Yj ҹ�^��3��WޛId|P'fL��6�s �̌��7�L��|��o�Ω�w�#�}��'~T��UBn";�W В.�1�< ԃ��fc�=i�{5�te�¦40J�MG��'le&� +o5Ðh|��u|��dO1��Ek��+��`��P�֛UuA��c��k�T7PZZ�O4�g��Q��$[�A03�$E~�m�W��J�:��&�q�%��v�L+p��u�c��G��(�Tn��p��*M��Q}�8��2��0��ܙl~�� ]h�B�CJj�3u]�y� �X;��Y��H�&҄��lv�>�w�$�mi�.��t\�J��k�,dr��O��x�J��O_;R\]C��Q�r-��Z��E��e�Bǐ�k�D<�a�<�.7�@Q�� 8�7��j��d@�L"�{��[I��,�k �m��2�V�}ݥ�Syme5.7�>�<�ӄ��)��8��]��}��t2�|G{D$�}bC�Om��qC6��2S��ay�� BE,�!:�c��kR�@j� ͏d3��-�G�Y ��.Ox$:e�X{N��0�f6�£xr~2w0��> ,�j��#Է@��=��$+UҸ��M�(޴@A��_�B]g�aE�/��S�)|�Ie��Ym�<�IoУ�5��zf�,�-q�G��EI��p/��;�Z�� t lu|�ˆіF��x1�QO��u�#1�%��}�ס�hL��%��N��4T��b�p��7�[�4�P��T�'�fm��}��%W��D8e�,O! \�k��Z�(�y�U��X��׏��b��Hn��f�7�:�g��q~�qB*��s��e�nY��ƥ<��{|(�4g��p��F��A�|&��P`��}�u4��h#��YV��{� f�{��B��Z�ynW��Y��촭R��$<�u�{�� gPݪ�Jp��P��^νۅnz�xc��;�4��a��P�׼��Ně��V��Vp>F��bQ�-؏��s�̠�7+_ŧ�!1t~� ��X>n��V�z�JP|̚p��5��zz��畇\��(tܡU4��˃��?�� -�O��qF�9c��1��x��k4��*�c'-�̙�+� Z�T�� ׃�8�J�lȸ��k ��#��n'B�0��~�B��K��G&�b�*�CK\��0�-��f��;:�6�o�cݜ��h�~��Hq��;s��R� L��Ș.0Q.U�+T��8I~U��kC!��<�]��6K��\��0��O�\�Or��Hj�g��6%��i,� P�Ų��%!�Cu�^dHS��.�ܡ��jq�k�}��nR;��&,M.�-��yᴰ�d�#�>��ƕ�+U��1. ��o9`�_�2ުͰ�,�ǹo�� g��[��!��l6�l�n�I��`�Z��X�ȼ. ��13e��y�t9��y,��7��+6e��Ȣz�u/�74Rb@�K�X��G�Pb@ӆ�Q��0��C��ң�W��49r @=X�g�ob��^7��-�u�m��}��=��i�njZL2�3 (�<��a�H) ��O1�/��F��ӑwM-cmM��xP�O��_a�/� �{�|d*��<�"��p� ��&��A�U�lOQ��R^D�9��"� C��v��ʖ��kԈ�$W� ��)I~�%j ��4�X� ��Pr�&y0�F��#��R��4� �+��*��-�~V��vƔ̵� .��-�π��/��4�D3��!H�|*��D��G�-�7��!��E�'��W.�Q��d�;��>��#j�r��K��'z�W��i�o��A��th��ͦ��<1/ �L!�h�C��Ù�X#a-��ɤ�]�}�~��.�r��~��Gc$��'��`}��r�m+�G��-��L�׺�3a#$F,��)W�ȇ҇�M�K?�,��P"�,�6l��9�o��,�ز�B�a8Fc��aD�2�څ cD�&��s��(<#��ا��@Y+ ?�r}�5��t��P��4�63�,�D��H��L�>��!܉\T�%��h�P��Ɍ!�k��J�A�0}�@��u��q�y~A�mk��>�l��X�<^��H�_�I�z=�h��[�W��q5��Fu��3��+c;� ��Xhh(��&Hg��n� �5�2.�P��p�

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
生化危机5联机教程+工具补丁/联机补丁/TeknoGods.dll
.dll windows:5 windows x86 arch:x86

0dba86a97df36cbebac4fc2ac2925052

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetAsyncKeyState
MessageBoxA

kernel32

GetModuleHandleW
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

winmm

PlaySoundA

Exports

Exports

T)��Y��|>cX�.J7Q7:3d��%��6E��DP虗��\��F,j��>��MD۹]��"8��Hw��ZL6�ut��Mh`~�1v�麡$[s��a� ��s�ud)�Ix�H{�gG��Q�+;��6�Z��v�n��r�a Wr�%��%��w��W ��f%x�J��Z�Cj{��w�JR�V��K��V� ��-��k��U��3.8%��}�U?3��@�� Y�\@H�=�"�1�G Y��~5o%7>��كgE�n�'F�ʂk�<6��U�b�?zmh'��ӄ�W�F f�A 9��o��%� 9��|5��;_�0��|x!��}u]?Еl�a��}p3!�n�[��"k� %��m��H��^$#�E�+S�CkM��"��&�4�4�%�� z '�[�,(��i��L��1=� Q!��4*糶�}�zt��kK`m�9V�DcJeg r�uTR��L�yL̈��lώ��0��@(7X�l��Fh+&��K��.��s�X��gJ-IT,o��A�a��T 0v�?��%��"�g�W1U(0��B��[9Z-�Mȶ�p��(��T7 �~.C��P�X��_�!c��ѧ��e'�Q%L`Tm� �B`�@� `Nk�E�u׮>y�x ��c5t��bO��ङ�W8p5m��q�J�.v� �4��"�M��Ӻ��g��*�U�%�~�ɖ��5� .�d]A�n�$��;��fө�!^ve�FP��l�gd{�p�),��6�_W5hƬ�?�'��º��c93�~�� [��b��Ąlf4��>�+h��l�?�� św�.��-$LV��k��=I!��\[�s�$�X�t��#�J��8�,��/:t샄��B��9 �W��b��$)��(��/u��`�C��E�ӯ��4ʅ�L$ק��ۍqf�/��:ڊ^�3��)��5�[�w��XW��H��aР6��+�M�_!��GO|�ܑ��g M�qR�`�۴es��˳��WW��8*JS҂R�;#p>�d�!�� r�Gm(��M��+{]�\u�Z��֭T�!�&�� Z�D1+�� /rwh��J75��V�;sM�L��ׄM�q�tN=U$A%��C��"��X�À�ٜ>��X��1�Z�c�5B�C=E��x=xG:I��y'��U0x��N�k/�X��l��'\JdP�ڭ�%`��U��̒l��{��Ocy��:�Sͥp��w��B�!s�[sj�z��2�f��y"�(B��ŁJ̿G�X� �3B�5�I�܊,{Qa3��]bm,F7G��Mf÷V$��@$Q��/��}��]�6��3��%Th�.�m��\h�$=h!�V� �Z(sl>��^3�W� ��)S�L�*�P��A��<��S�h6�k�~��~��Gc�c�U�W`�ˮ7�fkoHM��Ï8�@��-�� 졽��-iY�m_2��xam}�"#��2 N�p0�d�ѿ_Yc]9�Wj��ٝ��Sd��e�tr��҅�5�֜�B�ǥ|�'�#1b��m�&��^�m�̨�>xhO\ݳ� TV-d�*�y5a��1�Y��n��V>��d82��j��j��h��/#o��k��k�WW��x��wj`s7c��E��Љe��v�M�u��'>)&H�'��f�?��'��6��4͛�V�-�#�7�ax��S��!^��n�d(\�{ўT� �ؙ�|+�"k��&{&A�#S=؛`!�Z��T�T[Q��EP*�e��oS&��@�z3滊בO�mDD�ai�3�j<��p�a��s�F�<�X��5GR�R��"�6Q�y�"&y�v��S�N,��7�ݐ�� Ix�df�3��׀8+�%G�x;��c+��<��<;l��O�to��a*��瞊�e2�#�¹ �8��g��:��B�a(g�o��3�1C��/]r=C�5��}��$�m��D�eM$a�!/��V�T�!R��p{2��>�?�ky)zk.�q��H�u·g R�!$� 9��@DK?�Y��V�y��`��L��*��(�4��ퟝ:(m�7�}�$ߋ��C��1��~S:q6��@�E��y.r_ܒML��T�U�{�3ӈ3�.�hO��!�gT�M��j�s�6 �אe\��_2�+P�zu1�wL͂�ZTrp��Znp�x$��CR ̞=LH��去�IJ�Ao:8��@E�*:H�m|^��i��v�5��d[��:��&��R��S�v�<0�T�^p��i?�a��*��ǁ2� ��K6X�]�� *JNe8-!��#�q~�@*��2�f��E��&2�Pkz��mx�tn�o�<#��xi�d��#i�wl~+��7Y�a��/�M�]܇,�.k��G��Yw&�O[MSЯ�J�Ln��k��Qh�~��\�ʹ��١�ژ4�%��[a��,�9�1}r�o01ڛ��v ��;o�:XK��E+Џ�Ê��A��l��qZ��IT��?!��g- �P��5�wY�6��"��f�gꓮ~>3��зЅk��TD�)er��Z��U��C��.�D��K�0R˫�W��X��$��ZU��f̎l��T��I��4|:�3��L��cU��%��@�i�På��LT$HuZv�S>��g��@W��8p�d!��T��1�W�ٶ��);��3M�y�gj��P��)�I�$��/�+4G^�U��%vT�oWl��x�O��3 ߘQ�_��_�pA�i h�)�A��œp�5�Ӱ�
_x

Sections

.text
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tekno0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tekno1
Size: - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tekno2
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
生化危机5联机教程+工具补丁/联机补丁/readme.txt

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 532KB

.rsrc Size: 3KB - Virtual size: 2KB

76bbb3bb57493f8af4afd8c7c700309a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

setupapi

user32

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 852B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 368B

d06468ab9c11b378b5ddeb17e2b95db7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

setupapi

user32

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 2KB - Virtual size: 2KB

33f84239113b36edbcc0ba99341ffff8

Code Sign

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f7:60:4a:83:e8:fd:99:28:19:85:d9:31:33:5a:9c:2e:d8:0f:df:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 532KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 852B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 368B

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 2KB - Virtual size: 2KB

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f7:60:4a:83:e8:fd:99:28:19:85:d9:31:33:5a:9c:2e:d8:0f:df:9b
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 384B - Virtual size: 305B

.data
Size: 256B - Virtual size: 248B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 896B - Virtual size: 808B

.reloc
Size: 512B - Virtual size: 512B

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

ed:ef:6b:e6:b2:86:00:d8:6d:63:17:00:26:32:74:9d:a2:0f:1d:b3
Signer

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 1024B - Virtual size: 732B

.data
Size: 512B - Virtual size: 524B

.pdata
Size: 1024B - Virtual size: 636B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 808B

49:2b:a2:a0:72:ff:7d:43:b0:c1:42:89:12:4f:5e:a8
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

de:9f:6b:8f:e0:45:f9:52:4a:f1:ad:4e:82:1a:e3:96:c9:a8:2e:6b
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 289B

.data
Size: 512B - Virtual size: 252B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 808B

.reloc
Size: 1024B - Virtual size: 536B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 22KB - Virtual size: 21KB