0f2fc1d712ebab0a642ecb2e34909c85500d14e8b4c4adbda7aa55a553480758

Sharing

Copy URL

Twitter E-mail

General

Target

0f2fc1d712ebab0a642ecb2e34909c85500d14e8b4c4adbda7aa55a553480758
Size

8.9MB
MD5

a78dd09de5ba714f67149b20d35e6be7
SHA1

57594032e07d5a3d0a8bfd3d1ecbd129745b0fbe
SHA256

0f2fc1d712ebab0a642ecb2e34909c85500d14e8b4c4adbda7aa55a553480758
SHA512

4c4776b6ff45ec189718b6152872faeae91cbc5f84996506ab7ac40864e2af3d85f53bc1e1a1f0f0cfa316366c24fd93e20534d1d5df76de1e3675ea8b0c2242
SSDEEP

196608:jwFIAfzcMVhDd0cFO1F5Z3b8W8V2+4envXlATIP8IJUhruj4rI86tl2CJrwLWh:M++zhJ0cFOJZr8pI1Kz8R1uAI802Aw8

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/通关新/haoi.dll
unpack001/通关新/qs.dll
unpack001/通关新/系统配置/ProcessHider.exe
unpack001/通关新/系统配置/f2f3f.exe
unpack001/通关新/通关2.6.exe

Files

0f2fc1d712ebab0a642ecb2e34909c85500d14e8b4c4adbda7aa55a553480758
.rar
通关新/haoi.dll
.dll regsvr32 windows:4 windows x86 arch:x86

aa9e21d62a8bd9fb3b21757e0a8d7a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6662
ord3663
ord3619
ord3573
ord3626
ord640
ord2450
ord2414
ord5875
ord6172
ord5789
ord1640
ord323
ord1641
ord1140
ord922
ord2818
ord926
ord541
ord6877
ord2764
ord4129
ord6883
ord5710
ord941
ord2763
ord5608
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1622
ord924
ord939
ord801
ord1131
ord2725
ord3953
ord537
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord823
ord825
ord860
ord2614
ord861
ord6467
ord539
ord540
ord1601
ord858
ord535
ord4278
ord2915
ord5572
ord800

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_ftol
getenv
sscanf
fflush
malloc
strcat
longjmp
__CxxLongjmpUnwind
_setjmp3
fwrite
fputs
calloc
strncpy
free
remove
atoi
time
srand
strlen
strcpy
strcmp
exit
fopen
printf
fseek
ftell
fclose
rewind
fread
sprintf
rand
memset
memcpy
memcmp
_mbscmp
__CxxFrameHandler
_purecall
strchr
_mkdir

kernel32

CreateDirectoryA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
Sleep
InterlockedDecrement
HeapFree
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
LocalAlloc
HeapAlloc
GetProcessHeap
lstrcpyA
CloseHandle
SetFilePointer
WriteFile
CreateFileA
GetSystemDirectoryA
GetLocalTime
lstrcatA
GetModuleFileNameA
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileStringA
lstrcmpA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
CopyFileA
DeleteFileA
ReadFile
GetFileSize
CreateThread
GetProcAddress
LoadLibraryA
InterlockedIncrement
LocalFree

user32

FillRect
GetDC
DispatchMessageA
ReleaseDC
LoadImageA
MessageBoxA
GetActiveWindow
TranslateMessage
PeekMessageA

gdi32

GetPixel
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateFontIndirectA

shell32

StrChrA

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen

atl

ord57
ord18
ord15
ord21
ord16
ord23
ord30
ord58
ord32

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCheckPlatform
WinHttpOpen
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReadData
WinHttpCloseHandle

shlwapi

PathIsDirectoryA
PathFileExistsA

Exports

Exports

CheckKey
CheckKeyW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetAnswer
GetAnswerW
GetBusy
GetBusyW
GetPoint
GetPointW
IsRight
IsRightW
KeyEndDate
KeyEndDateW
Login
LoginW
Pay
PayW
RegID
RegIDW
SendByte
SendByteEx
SendByteExW
SendByteW
SendError
SendErrorW
SendFile
SendFileEx
SendFileExW
SendFileW
SetIsLog
SetIsSavePic
SetLogType
SetQuality
SetRebate
SetRebateW
UseKey
UseKeyW
WriteWordtoJPG
WriteWordtoJPGW

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
通关新/qs.dll
.dll windows:6 windows x86 arch:x86

6041bc97bda9ada0dad342187c45a6bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter

Exports

Exports

EAllocateVirtualMemory
ECreateThreadEx
EDrawBox
EFindProcSignCode
EFreeVirtualMemory
EGetModuleExportAddress
EGetMoudleSize
EIsInstall
EQSDeleteFileEx
EQueryVirtualMemory
ERemoteCall
ETracelessinjection
GetMoudleBase
GetMoudleEx
HideProcessAdd
HideProcessSub
Mouse_move
ReadBytes
ReadMemory
SetProcess
WriteBytes
WriteMemory
WriteMemoryEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
通关新/丰源/1.0启动位置.png
.png
通关新/丰源/QQ截图20230215140417.png
.png
通关新/丰源/丰源1.png
.png
通关新/丰源/丰源2.png
.png
通关新/丰源/丰源3.png
.png
通关新/丰源/丰源4.png
.png
通关新/丰源/丰源5.png
.png
通关新/丰源/丰源说明.txt
通关新/丰源/丰源进度.txt
通关新/关都无准备/关都前4道馆.txt
通关新/关都无准备/关都后4道馆.txt
通关新/关都无准备/关都后四道馆顺序.png
.png
通关新/关都无准备/关都说明.txt
通关新/关都无准备/混混技能顺序.png
.png
通关新/合众/无准备合众/合众.txt
通关新/合众/无准备合众/说明.txt
通关新/合众/有准备合众/2V固执鳄鱼.png
.png .ps1 polyglot
通关新/合众/有准备合众/2V鳄鱼满努力值.png
.png
通关新/合众/有准备合众/合众.txt
通关新/合众/有准备合众/盔甲鸟.png
.png
通关新/城都通关/说明.txt
通关新/平行四通/平行四通进度.txt
通关新/平行四通/视频地址.txt
通关新/平行四通/进度61.png
.png
通关新/神奥/QQ截图20231018223530.png
.png
通关新/神奥/QQ截图20231018224555.png
.png
通关新/神奥/QQ截图20231018224623.png
.png
通关新/神奥/QQ截图20231018224635.png
.png
通关新/神奥/神奥4.png
.png
通关新/神奥/神奥通关要求.txt
通关新/神奥/顺序.png
.png
通关新/系统配置/ProcessHider.exe
.exe windows:6 windows x64 arch:x64

d96ef6d3889eef39e40520fc5cbecee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\61114\Downloads\ProcessHider-master\x64\Release\ProcessHider.pdb

Imports

kernel32

SizeofResource
WriteProcessMemory
GetCurrentProcess
WriteFile
K32GetModuleFileNameExW
CreateFileW
ReleaseMutex
ResumeThread
UnmapViewOfFile
GetLastError
LockResource
CloseHandle
LoadResource
IsWow64Process
VirtualAllocEx
CreateMutexExW
CreateProcessW
CreateFileMappingW
MapViewOfFile
OpenMutexW
HeapFree
WaitForSingleObject
HeapAlloc
GetProcessHeap
CreateRemoteThread
WriteConsoleW
GetCurrentProcessId
GetProcAddress
LoadLibraryW
FindResourceW
OpenProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
RtlUnwind

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
通关新/系统配置/b1键.bmp
通关新/系统配置/bkmpc.txt
通关新/系统配置/b键.bmp
通关新/系统配置/f2f3f.exe
.exe windows:6 windows x64 arch:x64

6650b206d50c0f3bc0fe2e0e652019d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
SetProcessAffinityMask
LoadLibraryA
IsBadReadPtr
Sleep
CloseHandle
GetLastError
SetErrorMode
SetEvent
CreateEventA
OpenEventA
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateFileMappingA
OpenFileMappingA
FreeLibrary
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LCMapStringEx
GetTickCount
GetSystemInfo
GetCurrentProcess
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetStdHandle
WriteFile
GetModuleFileNameW
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapSize
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
CreateFileW

user32

PeekMessageA
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
GetWindowThreadProcessId
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
通关新/系统配置/hp.bmp
通关新/系统配置/tm.bmp
通关新/系统配置/yzm.bmp
通关新/系统配置/zd单.bmp
通关新/系统配置/三.bmp
通关新/系统配置/不能跑.bmp
通关新/系统配置/不融冰.bmp
通关新/系统配置/丰源1.bmp
通关新/系统配置/丰源2.bmp
通关新/系统配置/丰源进度.txt
通关新/系统配置/买龙爪.bmp
通关新/系统配置/交叉.bmp
通关新/系统配置/关都1.bmp
通关新/系统配置/关都2.bmp
通关新/系统配置/关都进度.txt
通关新/系统配置/内敛性格.bmp
通关新/系统配置/冰冻牙.bmp
通关新/系统配置/冲浪术.bmp
通关新/系统配置/几楼.bmp
通关新/系统配置/取消.bmp
通关新/系统配置/取消进化.bmp
通关新/系统配置/叹号.bmp
通关新/系统配置/合众1.bmp
通关新/系统配置/合众2.bmp
通关新/系统配置/合众无准备.txt
通关新/系统配置/合众有准备.txt
通关新/系统配置/咬碎.bmp
.png
通关新/系统配置/咬碎回忆.bmp
通关新/系统配置/咬碎技能.bmp
通关新/系统配置/哈欠.bmp
通关新/系统配置/喷雾.bmp
通关新/系统配置/喷雾pc.bmp
通关新/系统配置/喷雾pc1.bmp
通关新/系统配置/地图.bmp
通关新/系统配置/地幔岩.bmp
通关新/系统配置/塔1pc.bmp
通关新/系统配置/塔2pc.bmp
通关新/系统配置/塔3pc.bmp
通关新/系统配置/塔4pc.bmp
通关新/系统配置/大胆性格.bmp
通关新/系统配置/学习.bmp
通关新/系统配置/学习装置.bmp
通关新/系统配置/学技能是.bmp
通关新/系统配置/学技能是1.bmp
通关新/系统配置/定身.bmp
通关新/系统配置/宝可梦配置.ini
通关新/系统配置/居合斩.bmp
通关新/系统配置/岩石.bmp
通关新/系统配置/平行四通进度.txt
通关新/系统配置/怪力术.bmp
通关新/系统配置/战斗中.bmp
通关新/系统配置/战斗中1.bmp
通关新/系统配置/技能机器.bmp
通关新/系统配置/挂了.bmp
通关新/系统配置/携带.bmp
通关新/系统配置/攀瀑.bmp
通关新/系统配置/攀瀑回忆.bmp
通关新/系统配置/攀瀑技能.bmp
通关新/系统配置/攀瀑技能2.bmp
通关新/系统配置/新1.bmp
通关新/系统配置/新2.bmp
通关新/系统配置/新3.bmp
通关新/系统配置/新4.bmp
通关新/系统配置/无理取闹.bmp
通关新/系统配置/是1.bmp
通关新/系统配置/是2.bmp
通关新/系统配置/木炭.bmp
通关新/系统配置/气势.bmp
通关新/系统配置/水滴安.bmp
通关新/系统配置/温和性格.bmp
通关新/系统配置/潜水.bmp
通关新/系统配置/火.bmp
通关新/系统配置/灰条.bmp
通关新/系统配置/版本号.ini
通关新/系统配置/电机.bmp
通关新/系统配置/登船.bmp
通关新/系统配置/碎岩.bmp
通关新/系统配置/神奥1.bmp
通关新/系统配置/神奥2.bmp
通关新/系统配置/神奥进度.txt
通关新/系统配置/紫衫.bmp
通关新/系统配置/结实.bmp
通关新/系统配置/绿草.bmp
通关新/系统配置/绿草1.bmp
通关新/系统配置/翻页.bmp
通关新/系统配置/胆小性格.bmp
通关新/系统配置/背包.bmp
通关新/系统配置/自我激励.bmp
通关新/系统配置/逃洞.bmp
通关新/系统配置/选猪.bmp
通关新/系统配置/金钱不足.bmp
通关新/系统配置/铜镜.bmp
通关新/系统配置/闪焰冲锋回忆.bmp
通关新/系统配置/除雾.bmp
通关新/系统配置/隐形岩技能.bmp
通关新/系统配置/飞天.bmp
通关新/系统配置/香草.bmp
通关新/系统配置/鳗鱼pc.bmp
通关新/系统配置/鸭嘴.bmp
通关新/系统配置/黑龙pc.bmp
通关新/系统配置/龙爪pc.bmp
通关新/系统配置/龙爪位置.bmp
通关新/说明.txt
通关新/通关2.6.exe
.exe windows:4 windows x86 arch:x86

587f5c8b04ce8267c500e7eeef11a933

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

winmm

midiStreamClose
midiStreamRestart
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart

ws2_32

recvfrom
ioctlsocket
recv
WSAAsyncSelect
closesocket
send
select
getpeername
accept
ntohl
WSACleanup
WSAStartup
inet_ntoa

kernel32

lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointer
GetFileSize
GetFileType
DuplicateHandle
GetCurrentProcess
GetLocalTime
GetSystemDirectoryA
GetWindowsDirectoryA
GetTimeZoneInformation
SetLastError
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
CreateMutexA
ReleaseMutex
SuspendThread
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
IsProcessorFeaturePresent
LocalFree
FlushFileBuffers
lstrcmpiA
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
RaiseException
HeapSize
GetACP
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
lstrcmpA
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
InterlockedExchange
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
LockFile

user32

ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetWindowTextLengthA
GetWindowTextA
GetDlgItem
GetClassNameA
GetDesktopWindow
SetWindowTextA
GetForegroundWindow
CharUpperA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
GetScrollPos
RegisterClassA
GetMenuItemCount
ClientToScreen
GetMenuItemID
GetSysColor
UnregisterClassA

gdi32

CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
ExtCreateRegion
SetPixel
CreateRectRgn
CreateRectRgnIndirect
SetBkColor
FillRgn
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
CreateDIBSection
GetDeviceCaps

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
ChooseColorA

advapi32

RegCreateKeyExA
RegOpenKeyA
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CLSIDFromProgID

oleaut32

SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
VariantChangeType
VariantClear
VariantCopy

comctl32

ImageList_Destroy
ord17
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Duplicate
ImageList_Read

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetOpenA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 980KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
通关新/通关汉化/ns_strings_zh.xml
通关新/通关汉化/ns_strings_zh_heartgold.xml
.xml
通关新/通关汉化/ns_strings_zh_platinum.xml
.xml
通关新/通关汉化/ns_strings_zh_storyline.xml
.xml
通关新/通关汉化/ns_strings_zh_white.xml
通关新/通关汉化/strings_de.xml
.xml
通关新/通关汉化/strings_en.xml
.xml
通关新/通关汉化/strings_es.xml
.xml
通关新/通关汉化/strings_fr.xml
.xml
通关新/通关汉化/strings_it.xml
.xml
通关新/通关汉化/strings_ja.xml
.xml
通关新/通关汉化/strings_ko.xml
.xml
通关新/通关汉化/strings_pl.xml
.xml
通关新/通关汉化/strings_pt-BR.xml
.xml
通关新/通关汉化/strings_zh-Hant.xml
.xml
通关新/通关汉化/strings_zh.xml
.xml
通关新/通关汉化/strings_zh_dump.xml

Sharing

General

Malware Config

Signatures

Files

aa9e21d62a8bd9fb3b21757e0a8d7a2b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

oleaut32

atl

winhttp

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 5KB

6041bc97bda9ada0dad342187c45a6bd

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 476B

d96ef6d3889eef39e40520fc5cbecee0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 335KB - Virtual size: 340KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 152KB - Virtual size: 151KB

.reloc Size: 2KB - Virtual size: 1KB

6650b206d50c0f3bc0fe2e0e652019d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 20KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

587f5c8b04ce8267c500e7eeef11a933

Headers

File Characteristics

Imports

rasapi32

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 476B

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 335KB - Virtual size: 340KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 152KB - Virtual size: 151KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 20KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 144KB - Virtual size: 526KB

.vmps0
Size: 980KB - Virtual size: 976KB

.rsrc
Size: 496KB - Virtual size: 494KB