0dd32e6ffef11810ee79b4ff0f8c026a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dd32e6ffef11810ee79b4ff0f8c026a_JaffaCakes118
Size

7.9MB
MD5

0dd32e6ffef11810ee79b4ff0f8c026a
SHA1

7a8ff822fc43d2eb0ec1b2677ed3e828f6df13ff
SHA256

6d5b2f629c276f27925a96365adada41cb94fa1fb09102f3e3ea9c9377127fd3
SHA512

f90e182a96cca53e6d12fa112e84414a275e45e052674a1505398ef4c1b8d5048b5ff8799f73000b15475c5b454982a6660063075ec7893b08fd7cc102396a22
SSDEEP

196608:Vav4vreaJARoebujEo3ElPU2avRZb+PPFzrv4hLCFkuqggtNa:EGjJARhujpUlLPPFvnkuitk

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/IMG.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/IMG.dll	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/IMG.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/LauncherSplash.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UIEx.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/xml.dll
unpack001/SDL.dll
unpack001/SDL_net.dll
unpack003/dosbox-20060729/SDL.dll
unpack003/dosbox-20060729/SDL_net.dll
unpack003/dosbox-20060729/dosbox.exe
unpack001/dosbox.exe
unpack001/ʼϷ.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0dd32e6ffef11810ee79b4ff0f8c026a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:21:db:26:ce:0c:b3:e4
Certificate

Issuer

CN=TrustAsia.com Code Signing CA,O=Dotsoft Technologies\, Inc.,C=CN

Not Before

01/03/2011, 01:07

Not After

01/03/2014, 01:07

Subject

CN=亚洲诚信数字签名测试证书,O=上海域联软件技术有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04
Certificate

Issuer

CN=TrustAsia.com Root CA,O=Dotsoft Technologies\, Inc.,C=CN

Not Before

15/02/2010, 16:37

Not After

15/02/2020, 16:37

Subject

CN=TrustAsia.com Code Signing CA,O=Dotsoft Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:64:cf:73:aa:fa:ce:c6:f1:57:6d:01:d2:c6:c6:6a:22:24:7b:6c
Signer

Actual PE Digest

8c:64:cf:73:aa:fa:ce:c6:f1:57:6d:01:d2:c6:c6:6a:22:24:7b:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/01.jpg
.jpg
$PLUGINSDIR/02.jpg
.jpg
$PLUGINSDIR/03.jpg
.jpg
$PLUGINSDIR/04.jpg
.jpg
$PLUGINSDIR/IMG.dat
$PLUGINSDIR/IMG.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

show
stop

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LauncherSplash.dll
.dll windows:4 windows x86 arch:x86

fa303e84e019660a7244adc8ac12aeef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
GetCurrentProcess
CloseHandle
WaitForSingleObject
Sleep
CreateThread
ReadProcessMemory
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
lstrcpynA
lstrlenA
GetCurrentThreadId
WriteProcessMemory
lstrcpyA
lstrcmpiA
lstrcatA
GlobalAlloc
GlobalFree
CreateProcessA

user32

DestroyWindow
IsWindowVisible
EnumDisplaySettingsA
wsprintfA
SystemParametersInfoA
SetWindowPos
LoadCursorA
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
BeginPaint
GetClientRect
SetWindowLongA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
RegisterClassA
EndPaint
UnregisterClassA
RealGetWindowClassA
EnumThreadWindows
IsWindow
SendMessageA
ShowWindow
PostMessageA
SetWindowRgn
GetForegroundWindow

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

msvfw32

MCIWndCreateA

winmm

timeKillEvent
timeSetEvent
PlaySoundA

oleaut32

OleLoadPicturePath

msvcrt

strlen
malloc
strcmp
free
strtol
_lseek
memset
memcmp
_read
memcpy
_close
_open

Exports

Exports

hwnd
play
show
stop
wait

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Progress.bmp
$PLUGINSDIR/ProgressBar.bmp
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UIEx.dll
.dll windows:4 windows x86 arch:x86

b134f67006924ec3c4955fb7af5ba9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcmpiA
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree

user32

CallWindowProcA
LoadCursorA
InvalidateRect
GetDlgItem
MapWindowPoints
GetWindowLongA
GetAncestor
SystemParametersInfoA
GetWindowDC
DialogBoxParamA
GetWindowRect
ReleaseDC
EndPaint
SetWindowLongA
SetPropA
RemovePropA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
BeginPaint
EndDialog
wsprintfA
SetCursor

gdi32

DeleteObject
CreateFontIndirectA
DeleteDC
SelectObject
BitBlt
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
CreatePatternBrush
SetBrushOrgEx
StretchBlt
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

DlgBox
Init
Link
SkinBtn
SkinDlg
SkinProgress
onClick

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btn.bmp
$PLUGINSDIR/check.bmp
$PLUGINSDIR/close.bmp
$PLUGINSDIR/closebox.bmp
$PLUGINSDIR/ins.bmp
$PLUGINSDIR/license.rtf
.rtf
$PLUGINSDIR/music.mp3
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/opt.bmp
$PLUGINSDIR/soft.bmp
$PLUGINSDIR/uncheck.bmp
$PLUGINSDIR/wel.bmp
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/yxdown/haowan.ico
$PROGRAMFILES/yxdown/xiaoyouxi.ico
$PROGRAMFILES/yxdown/yeyoutuijian.ico
BAKDATA.R3
BBKSDAT1.R3
CONFIG.5
DISK_1.VER
DISK_2.VER
DISK_3.VER
DISK_4.VER
EDMUSIC.R3
END.EXE
END1GRP.R3
END2GRP.R3
ESAVE0.R3S
ESAVE1.R3S
ESAVE2.R3S
FACEDAT.R3
FONT.R3
FUCKGRP2.R3
GRPDRV.EXE
HEXBCHP.R3
HEXBCHR.R3
HEXBMAP.R3
HEXGRP.R3
HEXICHR.R3
HEXZCHP.R3
HEXZCHR.R3
HEXZMAP.R3
INSTALL.16P
INSTALL.EXE
INSTALL.SYS
IPPAN0.R3
IPPAN0M.R3
MAIN.EXE
MARK.R3
MMAP.R3
MMAPBGPL.R3
MSAVE.R3
MSAVE0.R3S
MSAVE1.R3S
MSAVE2.R3S
MUSIC.R3
OPEN.EXE
OPGRP.R3
OPMUSIC.R3
PACKGRP.R3
PMAP.R3
PRO.SAV
REKO3IBM.COM
SBOPL2.COM
SDL.dll
.dll windows:4 windows x86 arch:x86

e046ce41267987ef4ccfabb239186c31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetTime
mciSendCommandA
mciGetErrorStringA
joyGetNumDevs
joyGetPosEx
joyGetDevCapsA
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveOutUnprepareHeader
waveOutWrite

kernel32

LoadLibraryA
CreateEventA
SetEnvironmentVariableA
GetVersionExA
CreateFileA
SetErrorMode
SetFilePointer
ReadFile
WriteFile
GetDriveTypeA
GetModuleHandleA
GetLocaleInfoA
GetACP
MultiByteToWideChar
FormatMessageA
GetLastError
CreateMutexA
ReleaseMutex
CreateThread
GetCurrentThreadId
TerminateThread
QueryPerformanceCounter
Sleep
GetProcAddress
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
WaitForSingleObject
GetCurrentThread
SetThreadPriority
GetEnvironmentVariableA
DisableThreadLibraryCalls

user32

GetClientRect
AdjustWindowRect
GetWindowRect
ToUnicode
RegisterClassA
LoadImageA
SetTimer
PostMessageA
KillTimer
WindowFromPoint
PtInRect
MapWindowPoints
UnregisterClassA
GetClassInfoA
ToAsciiEx
DestroyCursor
GetCursor
CreateCursor
SetClassLongA
CreateIconFromResourceEx
SetWindowTextA
ClientToScreen
ClipCursor
SetCursor
BeginPaint
EndPaint
PostQuitMessage
SetCursorPos
SetFocus
TranslateMessage
MapVirtualKeyA
MsgWaitForMultipleObjects
GetParent
GetForegroundWindow
ScreenToClient
SetCapture
ReleaseCapture
GetDesktopWindow
InvalidateRect
DestroyIcon
ChangeDisplaySettingsA
IsZoomed
GetMenu
AdjustWindowRectEx
GetSystemMetrics
SetWindowPos
SetForegroundWindow
GetDC
ReleaseDC
EnumDisplaySettingsA
DestroyWindow
GetWindowLongA
SetWindowLongA
CreateWindowExA
ShowWindow
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
GetKeyboardLayout
PeekMessageA
DispatchMessageA
GetMessageA
GetKeyState
DefWindowProcA
CallWindowProcA
GetCursorPos

gdi32

CreateCompatibleBitmap
CreateDIBSection
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetDIBits
SetDIBColorTable
RealizePalette
SetPaletteEntries
GetDeviceGammaRamp
SetDeviceGammaRamp
GetDeviceCaps
DeleteObject
GetSystemPaletteEntries
SelectPalette
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
CreatePalette

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

fprintf
sscanf
realloc
qsort
_ftol
free
atoi
malloc
strncmp
signal
raise
_CIpow
strchr
_stricmp
ftell
fseek
fread
fwrite
_strrev
_pctype
_isctype
__mb_cur_max
fclose
_strlwr
_ltoa
_ultoa
_beginthreadex
_endthreadex
atof
strstr
_initterm
_adjust_fdiv
_iob

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_lltoa
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_revcpy
SDL_snprintf
SDL_strdup
SDL_strlcat
SDL_strlcpy
SDL_strtoull
SDL_ulltoa
SDL_vsnprintf

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDL_net.dll
.dll windows:4 windows x86 arch:x86

6983ad70e52cdb50438499158520025b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

bind
connect
socket
accept
listen
recv
closesocket
sendto
recvfrom
setsockopt
inet_ntoa
select
__WSAFDIsSet
gethostbyaddr
ioctlsocket
gethostbyname
WSACleanup
WSACancelBlockingCall
WSAGetLastError
send
WSAStartup

sdl

SDL_SetError

msvcrt

_adjust_fdiv
_initterm
_errno
malloc
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

SDLNet_AddSocket
SDLNet_AllocPacket
SDLNet_AllocPacketV
SDLNet_AllocSocketSet
SDLNet_CheckSockets
SDLNet_DelSocket
SDLNet_FreePacket
SDLNet_FreePacketV
SDLNet_FreeSocketSet
SDLNet_Init
SDLNet_Linked_Version
SDLNet_Quit
SDLNet_Read16
SDLNet_Read32
SDLNet_ResizePacket
SDLNet_ResolveHost
SDLNet_ResolveIP
SDLNet_TCP_Accept
SDLNet_TCP_Close
SDLNet_TCP_GetPeerAddress
SDLNet_TCP_Open
SDLNet_TCP_Recv
SDLNet_TCP_Send
SDLNet_UDP_Bind
SDLNet_UDP_Close
SDLNet_UDP_GetPeerAddress
SDLNet_UDP_Open
SDLNet_UDP_Recv
SDLNet_UDP_RecvV
SDLNet_UDP_Send
SDLNet_UDP_SendV
SDLNet_UDP_Unbind
SDLNet_Write16
SDLNet_Write32

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SMAP.R3
SMAPBGPL.R3
SNR0D.R3
SNR0M.R3
SNR1D.R3
SNR1M.R3
SNR2D.R3
SNR2M.R3
SNR3D.R3
SNR3M.R3
SNR4D.R3
SNR4M.R3
SSCCHR1.R3
SSCCHR2.R3
SanGuoYingJieZhuan_cht.ico
TFDED.COM
UninsYxdown.exe.nsis
ZIKU.16P
dosbox-20060729.rar
.rar
dosbox-20060729/SDL.dll
.dll windows:4 windows x86 arch:x86

e046ce41267987ef4ccfabb239186c31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetTime
mciSendCommandA
mciGetErrorStringA
joyGetNumDevs
joyGetPosEx
joyGetDevCapsA
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveOutUnprepareHeader
waveOutWrite

kernel32

LoadLibraryA
CreateEventA
SetEnvironmentVariableA
GetVersionExA
CreateFileA
SetErrorMode
SetFilePointer
ReadFile
WriteFile
GetDriveTypeA
GetModuleHandleA
GetLocaleInfoA
GetACP
MultiByteToWideChar
FormatMessageA
GetLastError
CreateMutexA
ReleaseMutex
CreateThread
GetCurrentThreadId
TerminateThread
QueryPerformanceCounter
Sleep
GetProcAddress
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
WaitForSingleObject
GetCurrentThread
SetThreadPriority
GetEnvironmentVariableA
DisableThreadLibraryCalls

user32

GetClientRect
AdjustWindowRect
GetWindowRect
ToUnicode
RegisterClassA
LoadImageA
SetTimer
PostMessageA
KillTimer
WindowFromPoint
PtInRect
MapWindowPoints
UnregisterClassA
GetClassInfoA
ToAsciiEx
DestroyCursor
GetCursor
CreateCursor
SetClassLongA
CreateIconFromResourceEx
SetWindowTextA
ClientToScreen
ClipCursor
SetCursor
BeginPaint
EndPaint
PostQuitMessage
SetCursorPos
SetFocus
TranslateMessage
MapVirtualKeyA
MsgWaitForMultipleObjects
GetParent
GetForegroundWindow
ScreenToClient
SetCapture
ReleaseCapture
GetDesktopWindow
InvalidateRect
DestroyIcon
ChangeDisplaySettingsA
IsZoomed
GetMenu
AdjustWindowRectEx
GetSystemMetrics
SetWindowPos
SetForegroundWindow
GetDC
ReleaseDC
EnumDisplaySettingsA
DestroyWindow
GetWindowLongA
SetWindowLongA
CreateWindowExA
ShowWindow
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayoutNameA
LoadKeyboardLayoutA
GetKeyboardLayout
PeekMessageA
DispatchMessageA
GetMessageA
GetKeyState
DefWindowProcA
CallWindowProcA
GetCursorPos

gdi32

CreateCompatibleBitmap
CreateDIBSection
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetDIBits
SetDIBColorTable
RealizePalette
SetPaletteEntries
GetDeviceGammaRamp
SetDeviceGammaRamp
GetDeviceCaps
DeleteObject
GetSystemPaletteEntries
SelectPalette
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
CreatePalette

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

fprintf
sscanf
realloc
qsort
_ftol
free
atoi
malloc
strncmp
signal
raise
_CIpow
strchr
_stricmp
ftell
fseek
fread
fwrite
_strrev
_pctype
_isctype
__mb_cur_max
fclose
_strlwr
_ltoa
_ultoa
_beginthreadex
_endthreadex
atof
strstr
_initterm
_adjust_fdiv
_iob

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_lltoa
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_revcpy
SDL_snprintf
SDL_strdup
SDL_strlcat
SDL_strlcpy
SDL_strtoull
SDL_ulltoa
SDL_vsnprintf

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dosbox-20060729/SDL_net.dll
.dll windows:4 windows x86 arch:x86

6983ad70e52cdb50438499158520025b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

bind
connect
socket
accept
listen
recv
closesocket
sendto
recvfrom
setsockopt
inet_ntoa
select
__WSAFDIsSet
gethostbyaddr
ioctlsocket
gethostbyname
WSACleanup
WSACancelBlockingCall
WSAGetLastError
send
WSAStartup

sdl

SDL_SetError

msvcrt

_adjust_fdiv
_initterm
_errno
malloc
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

SDLNet_AddSocket
SDLNet_AllocPacket
SDLNet_AllocPacketV
SDLNet_AllocSocketSet
SDLNet_CheckSockets
SDLNet_DelSocket
SDLNet_FreePacket
SDLNet_FreePacketV
SDLNet_FreeSocketSet
SDLNet_Init
SDLNet_Linked_Version
SDLNet_Quit
SDLNet_Read16
SDLNet_Read32
SDLNet_ResizePacket
SDLNet_ResolveHost
SDLNet_ResolveIP
SDLNet_TCP_Accept
SDLNet_TCP_Close
SDLNet_TCP_GetPeerAddress
SDLNet_TCP_Open
SDLNet_TCP_Recv
SDLNet_TCP_Send
SDLNet_UDP_Bind
SDLNet_UDP_Close
SDLNet_UDP_GetPeerAddress
SDLNet_UDP_Open
SDLNet_UDP_Recv
SDLNet_UDP_RecvV
SDLNet_UDP_Send
SDLNet_UDP_SendV
SDLNet_UDP_Unbind
SDLNet_Write16
SDLNet_Write32

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dosbox-20060729/dosbox.exe
.exe windows:4 windows x86 arch:x86

59cc730073681dd18155028e46365997

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sdl

SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyMutex
SDL_DisplayYUVOverlay
SDL_FillRect
SDL_Flip
SDL_FreeSurface
SDL_FreeYUVOverlay
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GetError
SDL_GetKeyName
SDL_GetModState
SDL_GetTicks
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickUpdate
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_MapRGB
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PollEvent
SDL_Quit
SDL_QuitSubSystem
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetVideoMode
SDL_ShowCursor
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoModeOK
SDL_WM_GrabInput
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WaitEvent
SDL_mutexP
SDL_mutexV
SDL_strlcat
SDL_strlcpy

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AllocConsole
ClearCommBreak
ClearCommError
CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
DeviceIoControl
ExitProcess
FindAtomA
FreeConsole
FreeLibrary
GetAtomNameA
GetCommModemStatus
GetCommState
GetCommandLineA
GetCurrentProcess
GetDriveTypeA
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
GetVolumeInformationA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
ReadFile
ReleaseSemaphore
ResetEvent
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleTitleA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile

msvcrt

_access
_chsize
_fdopen
_fstat
_getcwd
_mkdir
_putenv
_read
_rmdir
_stat
_strdup
_strupr
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
abort
atexit
atof
atoi
cos
exit
fclose
fflush
fgetc
fgetpos
fgets
floor
fmod
fopen
fprintf
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getc
getenv
localeconv
localtime
log
malloc
memchr
memcpy
memmove
memset
pow
printf
putc
puts
rand
remove
rename
setbuf
setlocale
setvbuf
signal
sin
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strftime
strlen
strncat
strncmp
strncpy
strrchr
strspn
strstr
strtod
strtok
strtol
strxfrm
time
tolower
toupper
ungetc
vsprintf

opengl32

glBegin
glBindTexture
glCallList
glClear
glClearColor
glDeleteLists
glDeleteTextures
glDisable
glEnable
glEnableClientState
glEnd
glEndList
glGenLists
glGenTextures
glGetIntegerv
glGetString
glIsList
glLoadIdentity
glMatrixMode
glNewList
glShadeModel
glTexCoord2f
glTexImage2D
glTexParameteri
glTexSubImage2D
glVertex2f
glViewport
wglGetProcAddress

user32

GetSystemMetrics
wsprintfA

winmm

midiOutClose
midiOutGetDevCapsA
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutShortMsg
midiOutUnprepareHeader

sdl_net

SDLNet_AddSocket
SDLNet_AllocSocketSet
SDLNet_CheckSockets
SDLNet_DelSocket
SDLNet_FreeSocketSet
SDLNet_Init
SDLNet_ResolveHost
SDLNet_TCP_Accept
SDLNet_TCP_Close
SDLNet_TCP_Open
SDLNet_TCP_Recv
SDLNet_TCP_Send
SDLNet_UDP_Bind
SDLNet_UDP_Close
SDLNet_UDP_Open
SDLNet_UDP_Recv
SDLNet_UDP_Send

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dosbox.exe
.exe windows:4 windows x86 arch:x86

59cc730073681dd18155028e46365997

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sdl

SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyMutex
SDL_DisplayYUVOverlay
SDL_FillRect
SDL_Flip
SDL_FreeSurface
SDL_FreeYUVOverlay
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GetError
SDL_GetKeyName
SDL_GetModState
SDL_GetTicks
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickUpdate
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_MapRGB
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PollEvent
SDL_Quit
SDL_QuitSubSystem
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetVideoMode
SDL_ShowCursor
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoModeOK
SDL_WM_GrabInput
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WaitEvent
SDL_mutexP
SDL_mutexV
SDL_strlcat
SDL_strlcpy

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AllocConsole
ClearCommBreak
ClearCommError
CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
DeviceIoControl
ExitProcess
FindAtomA
FreeConsole
FreeLibrary
GetAtomNameA
GetCommModemStatus
GetCommState
GetCommandLineA
GetCurrentProcess
GetDriveTypeA
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
GetVolumeInformationA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
ReadFile
ReleaseSemaphore
ResetEvent
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleTitleA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile

msvcrt

_access
_chsize
_fdopen
_fstat
_getcwd
_mkdir
_putenv
_read
_rmdir
_stat
_strdup
_strupr
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
abort
atexit
atof
atoi
cos
exit
fclose
fflush
fgetc
fgetpos
fgets
floor
fmod
fopen
fprintf
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getc
getenv
localeconv
localtime
log
malloc
memchr
memcpy
memmove
memset
pow
printf
putc
puts
rand
remove
rename
setbuf
setlocale
setvbuf
signal
sin
sprintf
sqrt
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strftime
strlen
strncat
strncmp
strncpy
strrchr
strspn
strstr
strtod
strtok
strtol
strxfrm
time
tolower
toupper
ungetc
vsprintf

opengl32

glBegin
glBindTexture
glCallList
glClear
glClearColor
glDeleteLists
glDeleteTextures
glDisable
glEnable
glEnableClientState
glEnd
glEndList
glGenLists
glGenTextures
glGetIntegerv
glGetString
glIsList
glLoadIdentity
glMatrixMode
glNewList
glShadeModel
glTexCoord2f
glTexImage2D
glTexParameteri
glTexSubImage2D
glVertex2f
glViewport
wglGetProcAddress

user32

GetSystemMetrics
wsprintfA

winmm

midiOutClose
midiOutGetDevCapsA
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutShortMsg
midiOutUnprepareHeader

sdl_net

SDLNet_AddSocket
SDLNet_AllocSocketSet
SDLNet_CheckSockets
SDLNet_DelSocket
SDLNet_FreeSocketSet
SDLNet_Init
SDLNet_ResolveHost
SDLNet_TCP_Accept
SDLNet_TCP_Close
SDLNet_TCP_Open
SDLNet_TCP_Recv
SDLNet_TCP_Send
SDLNet_UDP_Bind
SDLNet_UDP_Close
SDLNet_UDP_Open
SDLNet_UDP_Recv
SDLNet_UDP_Send

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mcyyouxi.ini
ʼϷ.exe
.exe windows:5 windows x86 arch:x86

8f5fa0cccd9fc6082b5e89ea387bb190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\游戏工作室\启动客户端\GameStart\Release\GameStart.pdb

Imports

kernel32

WriteConsoleW
CreateFileA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetConsoleOutputCP
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
CreateThread
ExitThread
ExitProcess
HeapReAlloc
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoW
FindResourceExW
VirtualProtect
Sleep
GetProfileIntW
GetTickCount
SearchPathW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
WriteConsoleA
GetEnvironmentStringsW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetFileSize
lstrcpyW
GetCurrentDirectoryW
GlobalGetAtomNameW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrlenA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetThreadLocale
InterlockedIncrement
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetModuleHandleA
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalFree
CopyFileW
GlobalSize
FormatMessageW
LocalFree
MulDiv
WideCharToMultiByte
lstrlenW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetVersionExA
GetFileAttributesW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
SetEnvironmentVariableA

user32

IsClipboardFormatAvailable
MapVirtualKeyExW
IsCharLowerW
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
UnregisterClassW
GetNextDlgGroupItem
InvalidateRgn
SetRect
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageW
DestroyIcon
CopyImage
OpenClipboard
RegisterClipboardFormatW
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
IsMenu
GetSystemMenu
SetClassLongW
SetParent
NotifyWinEvent
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
CharUpperW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
PostThreadMessageW
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
GetSysColorBrush
SetRectEmpty
MapVirtualKeyW
GetKeyNameTextW
DestroyMenu
GetMenuItemInfoW
CharNextW
ShowOwnedPopups
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetActiveWindow
CreateDialogIndirectParamW
EndDialog
SetWindowContextHelpId
MapDialogRect
SystemParametersInfoW
MessageBeep
RedrawWindow
IsZoomed
PostQuitMessage
GetMenuStringW
IsWindowEnabled
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetClientRect
PostMessageW
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
DrawIcon
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
DestroyCursor
GetWindowRgn
GetDoubleClickTime
GetIconInfo
SubtractRect
CopyIcon
GetNextDlgTabItem
CharUpperBuffW
GetWindowPlacement
GetWindow
GetMenuState
ModifyMenuW
InsertMenuW
CreatePopupMenu
GetMenuItemCount
LoadMenuW
CreateMenu
AppendMenuW
RemoveMenu
GetMenuItemID
LoadBitmapW
CopyRect
DrawStateW
FillRect
InflateRect
GetSysColor
EnableWindow
AnimateWindow
GetSubMenu
InvalidateRect
SetCursor
LoadCursorW
PtInRect
ShowWindow
SetWindowRgn
SendMessageW
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetSystemMetrics
CallWindowProcW
CallNextHookEx
SetWindowLongW
GetWindowLongW
GetClassNameW
SetTimer
KillTimer
GetDesktopWindow
GetWindowRect
GetMessageW

gdi32

CreateHatchBrush
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
OffsetRgn
GetRgnBox
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
SetDIBColorTable
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
GetPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
GetPixel
GetWindowExtEx
GetObjectType
GetViewportExtEx
PtVisible
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
CreatePalette
CreatePolygonRgn
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetObjectW
CreateSolidBrush
CreatePen
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
RectVisible

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueW

shell32

DragFinish
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
ShellExecuteW
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleDestroyMenuDescriptor
CreateStreamOnHGlobal
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
OleUninitialize
OleCreateMenuDescriptor
OleInitialize
CoUninitialize
CoInitializeEx
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator

oleaut32

SysAllocStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDeleteFont
GdipGetImagePalette
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily

ws2_32

WSACleanup
gethostbyname
WSAStartup

wininet

InternetQueryDataAvailable
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ϸ.bat

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

55:21:db:26:ce:0c:b3:e4Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04Certificate

Extended Key Usages

Key Usages

8c:64:cf:73:aa:fa:ce:c6:f1:57:6d:01:d2:c6:c6:6a:22:24:7b:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 3KB - Virtual size: 4KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 492B

.reloc Size: 1024B - Virtual size: 570B

fa303e84e019660a7244adc8ac12aeef

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvfw32

winmm

oleaut32

msvcrt

Exports

Exports

Sections

.data Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 702B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

55:21:db:26:ce:0c:b3:e4
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04
Certificate

8c:64:cf:73:aa:fa:ce:c6:f1:57:6d:01:d2:c6:c6:6a:22:24:7b:6c
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 3KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 492B

.reloc
Size: 1024B - Virtual size: 570B

.data
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 702B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 432B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB