09b511800247aff0c6b4f178ee2d5564_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09b511800247aff0c6b4f178ee2d5564_JaffaCakes118
Size

1.6MB
MD5

09b511800247aff0c6b4f178ee2d5564
SHA1

a3db85c2198413f91c63cbeb58d2d8ea3faab180
SHA256

f4dbb23d02bc2f4482c8c99f7984e6caa4b10e5b58af567897faa68af6f86c13
SHA512

ba4191155f5c889d732766238bdb22d9daf17ee2b3a3975f5e4892b1906ca5ce9bc045a6c5bb0d03ea45269219330e6201bb9422f4fa27a49ee841754f51cefb
SSDEEP

49152:Bljz5aF1zVJz4KYCZxEyFCvZHU3ccsNJY7QkBLc6:BlQF5KCYDvyhhBLl

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/P2Pzzz/ARPOver.exe
unpack001/P2Pzzz/DBdll.dll
unpack001/P2Pzzz/P2POver.exe
unpack001/P2Pzzz/P2P终结者绿色破解版说明.EXE
unpack001/P2Pzzz/Registry.exe
unpack001/P2Pzzz/Update.exe
unpack001/P2Pzzz/WinPcap_3_1.exe
unpack002/$PLUGINSDIR/ExecDos.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsWeb.dll
unpack002/$PLUGINSDIR/nxs.dll
unpack002/$SYSDIR/Packet.dll
unpack002/$SYSDIR/WanPacket.dll
unpack002/$SYSDIR/drivers/npf.sys
unpack002/$SYSDIR/pthreadVC.dll
unpack002/$SYSDIR/wpcap.dll
unpack002/NetMonInstaller.exe
unpack002/daemon_mgm.exe
unpack002/npf_mgm.exe
unpack002/rpcapd.exe
unpack001/P2Pzzz/lpk.dll
unpack001/P2Pzzz/p2pfilter.sys

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/P2Pzzz/WinPcap_3_1.exe	nsis_installer_1

Files

09b511800247aff0c6b4f178ee2d5564_JaffaCakes118
.rar
P2Pzzz/ARPOver.exe
.exe windows:4 windows x86 arch:x86

1c7bec1acae7e2603bbe21886b253cbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wpcap

pcap_open_live
pcap_sendpacket
pcap_close
pcap_next_ex

ws2_32

ntohl
inet_addr

mfc42

ord5714
ord2982
ord3147
ord5289
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3626
ord3663
ord641
ord686
ord2414
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3571
ord1146
ord1168
ord384
ord2302
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord2862
ord2096
ord1641
ord2453
ord3996
ord4698
ord3998
ord6648
ord2764
ord858
ord1105
ord1200
ord2411
ord4079
ord5307
ord2578
ord6055
ord1776
ord4398
ord5290
ord3402
ord3582
ord802
ord616
ord1086
ord542
ord567
ord4275
ord4809
ord5981
ord2864
ord3089
ord3874
ord2396
ord816
ord4299
ord6880
ord6605
ord5789
ord562
ord6199
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord3301
ord823
ord6762
ord2915
ord4287
ord2080
ord3573
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord5785
ord5875
ord283
ord3293
ord3797
ord6696
ord2754
ord6194
ord6021
ord1640
ord323
ord2859
ord537
ord924
ord535
ord4129
ord5683
ord5572
ord860
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord5300
ord2725
ord5302
ord2023
ord3346
ord4218
ord6907
ord2860
ord1576

msvcrt

__CxxFrameHandler
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_mbscmp
__dllonexit
sprintf
_exit
_XcptFilter
_onexit
_acmdln
__getmainargs
exit
_controlfp
_setmbcp

kernel32

GetTickCount
GetPrivateProfileStringA
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
TerminateThread

user32

DispatchMessageA
EnableWindow
PostMessageA
IsIconic
LoadBitmapA
KillTimer
SetTimer
FillRect
CopyRect
GetSysColor
TabbedTextOutA
DrawTextA
GrayStringA
DrawIcon
GetSystemMetrics
GetClientRect
SendMessageA
GetSystemMenu
AppendMenuA
LoadIconA
GetFocus
TranslateMessage
GetParent
FrameRect

gdi32

BitBlt
Escape
ExtTextOutA
GetTextExtentPoint32A
TextOutA
GetBkColor
GetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible

comctl32

ImageList_SetBkColor
ImageList_Draw
ImageList_AddMasked

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/DBdll.dll
.dll windows:4 windows x86 arch:x86

cdaeac65b2bf199739102889805253be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetCommandLineA
GetTimeZoneInformation
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapAlloc
GetStdHandle
HeapFree
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
GetLastError
SetLastError
InterlockedIncrement
FormatMessageA
lstrlenA
LocalAlloc
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
CloseHandle
GlobalAlloc
lstrcmpA
GlobalDeleteAtom
InterlockedDecrement
GetModuleFileNameA
GetCurrentThread
GetCurrentThreadId
lstrcmpiA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetFileType

user32

GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetSystemMetrics
ShowWindow
SetWindowPos
SetWindowLongA
AdjustWindowRectEx
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
SetFocus
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetMenuItemCount
GetSubMenu
GetMenuItemID
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
SetCursor
PostMessageA
PostQuitMessage
GetClientRect
CopyRect
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
GetWindowTextA
GetWindowRect
wsprintfA
GetTopWindow
GetClassInfoA
GetCapture
WinHelpA
RegisterClassA
GetMenu
DestroyWindow
DefWindowProcA
SetPropA
CreateWindowExA
GetClassLongA
RemovePropA
GetPropA
CallWindowProcA
GetForegroundWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
IsIconic
SystemParametersInfoA
PtInRect
GetWindowPlacement
GetClassNameA

gdi32

GetDeviceCaps
SaveDC
DeleteDC
SelectObject
GetStockObject
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap
DeleteObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

ole32

CoUninitialize
CoInitialize
CoCreateInstance
OleRun

oleaut32

SysAllocString
VariantCopy
VariantClear
SysFreeString
VariantInit
VariantChangeType
SysAllocStringLen
GetErrorInfo

Exports

Exports

?CloseDB@@YAHXZ
?CreateTable@@YAHPAD@Z
?OpenDB@@YAHPAD@Z
?ReadData@@YAHPAUtagFlowStruct@@H@Z
?SaveData@@YAHPAUtagFlowStruct@@H@Z

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2Pzzz/License.txt
P2Pzzz/P2POver.chm
.chm
P2Pzzz/P2POver.exe
.exe windows:4 windows x86 arch:x86

fb5a9b7c4413efc955cb8eef3571fac3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wpcap

pcap_close
pcap_open_live
pcap_setbuff
pcap_sendpacket
pcap_next_ex

ws2_32

gethostbyaddr
ntohs
inet_addr
inet_ntoa
ntohl

iphlpapi

GetAdaptersInfo
SendARP

netapi32

NetMessageBufferSend

msimg32

GradientFill

dbdll

?OpenDB@@YAHPAD@Z
?SaveData@@YAHPAUtagFlowStruct@@H@Z
?ReadData@@YAHPAUtagFlowStruct@@H@Z
?CloseDB@@YAHXZ

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ExitThread
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
lstrlenA
DeleteFileA
Sleep
GetVersionExA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalUnlock
GlobalLock
CreateThread
RaiseException
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
TerminateProcess
ExitProcess
RtlUnwind
SizeofResource
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
GlobalAlloc
GetTickCount
MultiByteToWideChar
TerminateThread
WaitForSingleObject
CopyFileA
WinExec
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
GetModuleHandleA
FormatMessageA
LocalFree
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
GlobalFree
FindFirstFileA
FindClose
lstrcpynA
GetFileTime
GetFileSize
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
GetVersion
SetEvent
lstrcmpA
GetCurrentThread
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
DeviceIoControl
CreateFileA
GetLastError
GetFileAttributesA
GetWindowsDirectoryA
CloseHandle

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetActiveWindow
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
SetFocus
AdjustWindowRectEx
IsWindowVisible
GetScrollInfo
SetScrollInfo
SetScrollRange
GetTopWindow
MessageBoxA
IsChild
wsprintfA
RegisterClassA
GetDlgItem
GetWindowTextLengthA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
IntersectRect
GetWindowPlacement
SetActiveWindow
SystemParametersInfoA
GetClassNameA
SetMenuDefaultItem
RegisterWindowMessageA
GetDC
SetWindowRgn
GetSysColorBrush
RegisterClassExA
SetRect
OffsetRect
UpdateWindow
GetFocus
GetKeyState
GrayStringA
DrawTextA
TabbedTextOutA
WindowFromPoint
GetCapture
GetMessageA
ClientToScreen
GetDlgCtrlID
KillTimer
SetTimer
TrackPopupMenu
PostMessageA
TranslateMessage
DispatchMessageA
LoadMenuA
RedrawWindow
FillRect
GetSysColor
DrawFocusRect
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
UnregisterHotKey
SetForegroundWindow
SetWindowPos
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
IsIconic
GetSystemMetrics
GetDesktopWindow
InflateRect
DestroyMenu
LoadStringA
CharUpperA
WinHelpA
wvsprintfA
DrawIcon
GetSystemMenu
AppendMenuA
RegisterHotKey
GetCursorPos
ScreenToClient
PtInRect
IsWindow
GetClassInfoA
DefWindowProcA
GetClientRect
EnableWindow
SendMessageA
SetCursor
InvalidateRect
CopyRect
GetWindowTextA
GetWindowRect
GetParent
DrawIconEx
DrawStateA
LoadCursorA
LoadBitmapA
LoadImageA
LoadIconA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetPropA

gdi32

GetWindowExtEx
CombineRgn
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetBkColor
GetViewportExtEx
PatBlt
DPtoLP
GetTextColor
LPtoDP
GetDeviceCaps
SetMapMode
DeleteDC
DeleteObject
Escape
ExtTextOutA
CreateRectRgn
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
TextOutA
RectVisible
PtVisible
GetPixel
CreateFontIndirectA
GetStockObject
CreateSolidBrush
GetObjectA
GetClipBox
SelectObject
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontA
GetTextExtentPoint32A
GetTextExtentPointA
CreateDIBitmap
BitBlt

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
StartServiceA
ControlService
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SysFreeString

Sections

.text
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 708KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/P2P终结者绿色破解版说明.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/Registry.exe
.exe windows:4 windows x86 arch:x86

9fa98a67ae064c1a95751c9d859d4818

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetFileAttributesA
GetFileSize
GetFileTime
GetProcessVersion
GetCPInfo
SetErrorMode
RtlUnwind
ExitProcess
TerminateProcess
HeapAlloc
GetStartupInfoA
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
HeapFree
SetHandleCount
GetStdHandle
GetFileType
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryA
WritePrivateProfileStringA
LocalReAlloc
TlsGetValue
TlsFree
TlsSetValue
GlobalReAlloc
LocalAlloc
GlobalHandle
TlsAlloc
GlobalFlags
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
GetFullPathNameA
FindClose
GetVolumeInformationA
FindFirstFileA
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
GetLastError
GetCurrentProcess
DuplicateHandle
LoadLibraryA
MulDiv
SetLastError
lstrcatA
FreeLibrary
GetVersion
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
GetProcAddress
lstrcpyA
GetModuleHandleA
FindResourceA
GlobalFree
LockResource
LoadResource
GetEnvironmentVariableA
CloseHandle
GetModuleFileNameA
DeleteFileA
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetVersionExA
HeapDestroy
GetEnvironmentStrings
GetEnvironmentStringsW

user32

CharUpperA
LoadStringA
GetClassNameA
PtInRect
LoadCursorA
DrawTextA
GrayStringA
GetSysColorBrush
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
BeginPaint
EndPaint
TabbedTextOutA
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
ReleaseDC
GetDC
ClientToScreen
ShowWindow
SetWindowTextA
PostMessageA
wsprintfA
GetWindowTextA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
IsDialogMessageA
SetForegroundWindow
RemovePropA
GetMessageTime
SendMessageA
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
CopyRect
GetMessagePos
GetForegroundWindow
GetPropA
GetMenu
UnregisterClassA

gdi32

GetClipBox
SetBkColor
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
RectVisible
Escape
CreateBitmap
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA

comctl32

ord17

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/Update.exe
.exe windows:4 windows x86 arch:x86

3a18a5b53c34e210a36edd4cece0abee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
GetStartupInfoA
TerminateProcess
RtlUnwind
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
RaiseException
GetCommandLineA
ExitThread
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapReAlloc
HeapSize
WritePrivateProfileStringA
GlobalGetAtomNameA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LockResource
FindResourceA
LoadResource
MultiByteToWideChar
WideCharToMultiByte
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SizeofResource
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GetCurrentThread
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetFileAttributesA
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
InterlockedDecrement
InterlockedIncrement
SetHandleCount
lstrcpynA
CreateThread
GetVersionExA
FindFirstFileA
FindClose
GetFileAttributesA
GetFileTime
GetFileSize
MulDiv
LocalFree
FreeLibrary
SetLastError
LoadLibraryA
GetCurrentThreadId
GetVersion
lstrcatA
GetStdHandle
lstrcmpiA
GetModuleFileNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
GetFileType
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObject
CopyFileA
Sleep
lstrlenA
CreateDirectoryA
WinExec
GetProfileStringA
CloseHandle
CreateEventA
GetLastError
GetExitCodeThread

user32

SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
CheckMenuItem
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
LoadStringA
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
SetCursor
GetClassNameA
PtInRect
InflateRect
LoadCursorA
GetSysColorBrush
DestroyMenu
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
ShowWindow
SendDlgItemMessageA
EnableMenuItem
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetDC
ReleaseDC
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
EnumWindows
GetParent
KillTimer
SetTimer
GetWindowTextA
GetWindowRect
IsDialogMessageA
InvalidateRect
PostMessageA
GetTopWindow
SetWindowTextA
MessageBoxA
UpdateWindow
IsWindow
EnableWindow
SendMessageA
GetSubMenu
GetMenuItemCount
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
UnregisterClassA

gdi32

CreateFontA
PatBlt
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
DeleteDC
RestoreDC
SelectObject
SaveDC
SetBkMode
GetStockObject
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
CreateSolidBrush
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBitmap
CreateCompatibleDC
BitBlt
SetWindowExtEx
GetTextExtentPointA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17
ImageList_Destroy

ws2_32

shutdown
closesocket
WSAEnumNetworkEvents
WSASend
WSAConnect
WSAEventSelect
WSAWaitForMultipleEvents
WSARecv
setsockopt
WSASocketA
WSAGetLastError
WSAStartup
WSACleanup
htons
ntohs
ntohl
htonl
inet_addr
inet_ntoa
gethostbyname

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/WinPcap_3_1.exe
.exe windows:4 windows x86 arch:x86

381e79edf6f32b225643e232be0965fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
CreateWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
EmptyClipboard
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
GetDlgItem

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:4 windows x86 arch:x86

1a5b47ca342113ac49d8568610b85a28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
TerminateProcess
Sleep
GetExitCodeProcess
PeekNamedPipe
WriteFile
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetExitCodeThread
WaitForSingleObject
CreateThread
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

FindWindowExA
wsprintfA
SetDlgItemTextA
RedrawWindow
IsWindow

msvcrt

_adjust_fdiv
malloc
_initterm
free
_write
_close
_open
fflush
strlen
memset
strrchr
strchr
strtol
_strnicmp
calloc

Exports

Exports

exec
wait

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

9d433976e02d79532f0d635ee81d0b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
MapWindowPoints
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadImageA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

d79c2fe1aafe446fbd9b984f61377e3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
lstrcpyA
GetTickCount
DeleteFileA
WriteFile
Sleep
CreateFileA
CreateThread
WaitForSingleObject
MulDiv
CloseHandle

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nxs.dll
.dll windows:4 windows x86 arch:x86

e18347a0d90ed806e5568c00e96f58d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GetModuleHandleA
CloseHandle
Sleep
CreateThread
GetCurrentThreadId
lstrcpynA
GlobalAlloc

user32

SendDlgItemMessageA
SetWindowLongA
GetWindowLongA
SetDlgItemTextA
GetDlgItemTextA
DestroyWindow
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
IsWindow
CreateDialogParamA
ShowWindow
AttachThreadInput
IsWindowVisible
SetWindowPos
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
wsprintfA
PostMessageA
EnableWindow
SetWindowTextA
LoadIconA

msvcrt

_stricmp
strtol

Exports

Exports

Destroy
HasUserAborted
Show
Update
getWindow

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Packet.dll
.dll windows:4 windows x86 arch:x86

a8045d201fdcff39736c580dad656cef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr

wanpacket

WanPacketGetStats
WanPacketSetBpfFilter
WanPacketTestAdapter
WanPacketSetReadTimeout
WanPacketSetMode
WanPacketSetMinToCopy
WanPacketReceivePacket
WanPacketCloseAdapter
WanPacketOpenAdapter
WanPacketGetReadEvent
WanPacketSetBufferSize

kernel32

GetStringTypeA
LCMapStringW
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
ReleaseMutex
WaitForSingleObject
WideCharToMultiByte
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateMutexW
GetStringTypeW
GetLastError
CreateEventW
DeviceIoControl
GetVersion
SetLastError
CreateFileW
SetEvent
ReadFile
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameW
LCMapStringA
FlushFileBuffers
MultiByteToWideChar
HeapFree
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement

user32

wsprintfW

advapi32

OpenServiceW
QueryServiceStatus
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ControlService

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WanPacket.dll
.dll windows:4 windows x86 arch:x86

d1365884b82c502a6b807942e541ebcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

npptools

CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob
CreateBlob
DestroyBlob

kernel32

GetFileType
GlobalAlloc
GlobalFree
FreeLibrary
LoadLibraryA
GetSystemTimeAsFileTime
LeaveCriticalSection
SetEvent
EnterCriticalSection
GetVersionExA
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
OutputDebugStringA
WaitForSingleObject
ResetEvent
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

ole32

CoInitializeEx
CoInitialize
CoUninitialize

Exports

Exports

WanPacketCloseAdapter
WanPacketGetReadEvent
WanPacketGetStats
WanPacketOpenAdapter
WanPacketReceivePacket
WanPacketSetBpfFilter
WanPacketSetBufferSize
WanPacketSetMinToCopy
WanPacketSetMode
WanPacketSetReadTimeout
WanPacketTestAdapter

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/npf.sys
.sys windows:5 windows x86 arch:x86

330366a156f1cd215a328f63c2b6208b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\i386\npf.pdb

Imports

ntoskrnl.exe

DbgPrint
KeQuerySystemTime
_allrem
_alldiv
KeWaitForSingleObject
KeInitializeEvent
_aullrem
_aulldiv
ZwSetInformationThread
KeSetEvent
InterlockedExchange
KeClearEvent
IoCreateNotificationEvent
InterlockedIncrement
ObfDereferenceObject
InterlockedExchangeAdd
KeInitializeSpinLock
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
InterlockedDecrement
_allmul
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlWriteRegistryValue
MmMapLockedPagesSpecifyCache
ExFreePool

hal

KfReleaseSpinLock
KeQueryPerformanceCounter
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock

ndis.sys

NdisCloseAdapter
NdisFreePacketPool
NdisSystemProcessorCount
NdisOpenAdapter
NdisResetEvent
NdisWaitEvent
NdisSetEvent
NdisDeregisterProtocol
NdisInitializeEvent
NdisAllocatePacketPool
NdisFreePacket
NdisAllocatePacket
NdisRegisterProtocol
NdisUnchainBufferAtFront

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wpcap.dll
.dll windows:4 windows x86 arch:x86

06f3d2c48036103c8a5f5cfdcf3daca1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetEndOfFile
CreateFileA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
ReadFile
SetStdHandle
CloseHandle
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
GetVersion
HeapFree
HeapAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

ws2_32

send
ntohl
ntohs
inet_ntoa
htonl
WSAGetLastError
gethostbyname
inet_addr
getservbyname
htons
WSASetLastError
closesocket
accept
gethostbyaddr
getservbyport
select
setsockopt
getsockopt
getsockname
getpeername
WSACleanup
WSAStartup
connect
listen
bind
recv
getprotobyname
shutdown
socket

packet

PacketGetReadEvent
PacketGetStatsEx
PacketSendPackets
PacketInitPacket
PacketSetDumpLimits
PacketSetDumpName
PacketSetMode
PacketIsDumpEnded
PacketGetVersion
PacketGetAdapterNames
PacketGetNetInfoEx
PacketSetReadTimeout
PacketSetMinToCopy
PacketSetBuff
PacketAllocatePacket
PacketSetHwFilter
PacketFreePacket
PacketCloseAdapter
PacketGetNetType
PacketOpenAdapter
PacketGetStats
PacketReceivePacket
PacketSendPacket
PacketSetBpf

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_freealldevs
pcap_freecode
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_datalink
pcap_setbuff
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/WpBann.htm
.html
NetMonInstaller.exe
.exe windows:5 windows x86 arch:x86

94502e058da0fe00a88ebbc87703a18c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wprintf
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
daemon_mgm.exe
.exe windows:4 windows x86 arch:x86

2826a777c5b099aee5bc5037f22b32db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
Sleep
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
CloseHandle
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

DeleteService
ChangeServiceConfigA
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
npf_mgm.exe
.exe windows:4 windows x86 arch:x86

cca90a57f8cbd4ba808e467ec181cfd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
FormatMessageA
LocalFree
FreeLibrary
GetLastError
Sleep
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle
SetStdHandle
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

ControlService
CreateServiceA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rpcapd.exe
.exe windows:4 windows x86 arch:x86

8e2727c84cf6ac7ed96f0b04b324d2d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
select
recv
htonl
htons
accept
getsockname
WSASetLastError
getpeername
inet_ntoa
WSAGetLastError
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
closesocket
WSACleanup
WSAStartup
connect
listen
bind
ntohl
send
shutdown
socket

wpcap

pcap_open_offline
pcap_open_live
pcap_next_ex
pcap_compile
install_bpf_program
pcap_geterr
bpf_validate
pcap_setfilter
pcap_findalldevs
pcap_freealldevs
pcap_strerror
pcap_stats
pcap_close

pthreadvc

pthread_attr_setdetachstate
pthread_create
pthread_attr_destroy
pthread_setcancelstate
pthread_setcanceltype
pthread_cancel
pthread_exit
pthread_attr_init

kernel32

FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
WriteFile
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
GetCommandLineA
SetConsoleCtrlHandler
HeapAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
LoadLibraryA
CloseHandle
FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
SetEndOfFile
GetSystemDirectoryA
Sleep

user32

MessageBoxA

advapi32

ImpersonateLoggedOnUser
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
LogonUserA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2Pzzz/band.dat
P2Pzzz/chatdns.dat
P2Pzzz/flow.mdb
P2Pzzz/host.dat
P2Pzzz/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2Pzzz/p2pOver.ini
P2Pzzz/p2pfilter.sys
.sys windows:4 windows x86 arch:x86

595687010f92ae0ff547af4bee977f33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 1024B - Virtual size: 1011B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2Pzzz/regurl.dat
P2Pzzz/revision.txt
P2Pzzz/site.dat
P2Pzzz/update.idx
P2Pzzz/version.dat
P2Pzzz/中国破解联盟-木蚂蚁社区.url
.url
P2Pzzz/使用说明.txt
P2Pzzz/注册说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

1c7bec1acae7e2603bbe21886b253cbe

Headers

File Characteristics

Imports

wpcap

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 464B

.rsrc Size: 8KB - Virtual size: 4KB

cdaeac65b2bf199739102889805253be

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 20KB - Virtual size: 17KB

fb5a9b7c4413efc955cb8eef3571fac3

Headers

File Characteristics

Imports

wpcap

ws2_32

iphlpapi

netapi32

msimg32

dbdll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 324KB - Virtual size: 322KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 88KB - Virtual size: 8.9MB

.rsrc Size: 708KB - Virtual size: 705KB

Headers

File Characteristics

Sections

CODE Size: 97KB - Virtual size: 96KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 464B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 324KB - Virtual size: 322KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 88KB - Virtual size: 8.9MB

.rsrc
Size: 708KB - Virtual size: 705KB

CODE
Size: 97KB - Virtual size: 96KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 16KB - Virtual size: 31KB

.tls
Size: 4KB - Virtual size: 12B

.rsrc
Size: 156KB - Virtual size: 152KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 326B