LangDialog
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe
Resource
win7-20240903-en
windows7-x64
18 signatures
120 seconds
Behavioral task
behavioral2
Sample
cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
18 signatures
120 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
120 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ProcDll.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe
-
Size
1.0MB
-
MD5
b070c84b1a2ac1d2cf4b39dd37a9b3d5
-
SHA1
af69b3b51040b56df18b83f9b215e16f37803b4b
-
SHA256
cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d
-
SHA512
c77940d28b567746a040a4f16b75691d722812599273041144ec1f01f863204d74498ce7d83775d1de2ab3521d27e42c5624af03548b2fcaefef74061bb70ccf
-
SSDEEP
12288:MYEWcMwLfzH5BUdtsKR0yCKM8CxF7h5NGyENSrzXVoGsqACwUeCCbSzVczdDsgch:MYUk3X5N2FXNGCrZEqACXeCXcdve1z
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe unpack001/$PLUGINSDIR/LangDLL.dll
Files
-
cea5b644c9d8ba538a51eb15b5e138750e35e79c16ad404a683f3f17b9bec38d.exe.exe windows:5 windows x86 arch:x86
68bff8fee922a5704e0f3cd32a36c7bc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
lstrlenW
CloseHandle
GetDiskFreeSpaceW
LocalFree
OutputDebugStringW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynW
user32
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
CreateWindowExW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 441KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 564KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 355KB - Virtual size: 356KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
$PLUGINSDIR/LangDLL.dll.dll windows:5 windows x86 arch:x86
e981c0ab92cb1f191bb5e23392e14796
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW
user32
SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC
gdi32
CreateFontIndirectW
GetDeviceCaps
DeleteObject
Exports
Exports
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 729B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 350B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ProcDll.dll.dll windows:4 windows x86 arch:x86
8b431c5f086e9c52c4bb2cb68f7bc480
Code Sign
7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before11/10/2018, 00:00Not After02/02/2020, 23:59SubjectCN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before11/10/2018, 00:00Not After02/02/2020, 23:59SubjectCN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00Not After11/01/2031, 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00Not After22/03/2029, 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
e1:b1:55:d2:af:93:76:cc:17:11:1e:e9:1b:d1:1e:fb:c9:57:0d:a8:99:15:40:78:14:81:95:97:cb:77:d2:eaSigner
Actual PE Digeste1:b1:55:d2:af:93:76:cc:17:11:1e:e9:1b:d1:1e:fb:c9:57:0d:a8:99:15:40:78:14:81:95:97:cb:77:d2:eaDigest Algorithmsha256PE Digest Matchestrue00:36:46:0c:20:4c:9c:16:5d:86:91:04:97:8b:51:b5:69:fa:5b:0aSigner
Actual PE Digest00:36:46:0c:20:4c:9c:16:5d:86:91:04:97:8b:51:b5:69:fa:5b:0aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
e:\aaronymhe\QQLive_proj\trunk\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb
Imports
kernel32
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
DeleteFileW
SetFileAttributesW
CopyFileW
LocalFree
TerminateProcess
GetExitCodeProcess
DuplicateHandle
QueryDosDeviceW
TerminateThread
VirtualFree
VirtualAlloc
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetLongPathNameW
lstrcatW
GetPrivateProfileIntW
OutputDebugStringW
GlobalSize
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
SetFilePointer
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetCurrentDirectoryA
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetModuleHandleW
GetPrivateProfileStringW
lstrlenW
WritePrivateProfileStringW
CreateDirectoryW
GetFileSize
ReadFile
DeleteCriticalSection
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
GetVersion
OpenSemaphoreW
CreateNamedPipeW
OpenMutexW
VirtualProtect
IsBadWritePtr
WaitForMultipleObjects
SetErrorMode
WriteFile
CreatePipe
ResetEvent
IsBadReadPtr
GlobalDeleteAtom
GlobalFindAtomW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
CreateEventW
GetWindowsDirectoryW
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionNamesW
SetEnvironmentVariableW
SetEvent
OpenEventW
VirtualQuery
GetSystemDefaultLangID
GetProcessTimes
GlobalAddAtomW
MoveFileExW
GetCommandLineW
SleepEx
FreeResource
lstrcpynA
lstrcpyA
SetEndOfFile
GetDiskFreeSpaceW
UnlockFile
DeleteFileA
LockFileEx
AreFileApisANSI
GetFullPathNameA
GetSystemInfo
GetTempPathA
GetFullPathNameW
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
FormatMessageA
HeapCompact
CreateMutexW
OutputDebugStringA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTickCount
GetCurrentThreadId
Sleep
GlobalAlloc
lstrcpyW
GlobalFree
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
DeviceIoControl
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
LoadLibraryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
GetVersionExW
CreateFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcpynW
OpenProcess
lstrcmpiW
CloseHandle
UnlockFileEx
FormatMessageW
CreateFileMappingA
WaitForSingleObjectEx
GetFileAttributesExW
LockFile
FlushViewOfFile
GetThreadLocale
GetDriveTypeA
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
LocalFileTimeToFileTime
FreeLibrary
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetVersionExA
GetCommandLineA
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
user32
SetWindowLongW
SetWindowPos
RedrawWindow
GetWindowLongW
FindWindowW
GetWindowThreadProcessId
SendMessageW
UnregisterClassA
CharUpperW
RemovePropW
PostQuitMessage
GetPropW
EnumChildWindows
GetDesktopWindow
WaitForInputIdle
wsprintfW
EndPaint
GetClientRect
BeginPaint
CallWindowProcW
FindWindowA
IsIconic
SetPropW
DefWindowProcW
RegisterClassExW
UnregisterClassW
PostMessageW
CloseClipboard
AllowSetForegroundWindow
LoadStringW
MsgWaitForMultipleObjects
PeekMessageW
LoadImageW
DialogBoxParamW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
IsWindow
GetDlgItem
UpdateWindow
ScreenToClient
MoveWindow
SetTimer
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
EndDialog
SendMessageTimeoutW
KillTimer
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
ClientToScreen
OffsetRect
FindWindowExW
EnumWindows
GetWindowTextW
CharNextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
MessageBoxW
gdi32
CreateSolidBrush
SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
GetStockObject
advapi32
RegOpenKeyW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenSCManagerW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExA
QueryServiceConfigW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountSidW
GetSidIdentifierAuthority
GetSecurityInfo
shell32
CommandLineToArgvW
SHGetSpecialFolderPathW
SHChangeNotify
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ole32
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoLoadLibrary
CoFreeLibrary
CoCreateGuid
CoInitialize
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
StringFromGUID2
CoUninitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VarBstrCmp
VariantClear
VariantInit
shlwapi
ord176
PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
wnsprintfW
PathRemoveFileSpecW
PathStripPathW
PathAppendW
PathFindFileNameW
PathIsDirectoryW
comctl32
_TrackMouseEvent
msimg32
TransparentBlt
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
netapi32
NetWkstaTransportEnum
Netbios
NetApiBufferFree
urlmon
URLDownloadToFileW
psapi
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW
ws2_32
ntohs
htons
htonl
ntohl
wininet
InternetGetCookieExW
InternetGetCookieW
InternetSetCookieExW
InternetSetCookieW
InternetGetConnectedState
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
Exports
Exports
AddToFirewall
AsynDownload
AsynIPControlDownload
AsynPCMgrDownload
ChangeCacheACL
CheckDeleteUserDataFlag
CheckDownload
CheckExclude360
CheckExcludeProcess
CheckIPControlDownload
CheckInstallPath
CheckInstallType
CheckIsWindows10OrGreater
CheckModuleUsing
CheckPCMgrDownload
CheckRunUIFlag
ClearP2PCache
ClearSSOConfig
CreateBitmapCtrl
CreatePath
DeleteConnectTypeFile
DeleteInstalledToBrowserCookie
Destroy
ExcuteAsExplorer
ExcuteAsParent
ExitQQLiveServiceProcess
FindProcessByName
GetChannelFormIECookie
GetCheckBoxStatus
GetClipboard
GetCommentsInfo
GetFileVersion
GetOSVersion
GetOriginalFilenameInfo
GetParentProcName
GetProtocalVersion
GetShortCutOfApplicationInDirectory
GetUrlEncode
GetUserGUID
HasUserAborted
InitFirewallInterface
InitPCMgrDetector
InvokeShellVerb
IsProcRunning
JoinExCommandLine
KillProcByID
KillProcByName
KillProcByNameAndWait
KillProcByPath
KillProcByPathAndWait
LockIEMainPage
ModifyDirPage
OpenFirewall
OpenFirewallWithoutInit
OpenUrlByDefaultBrowser
ParseCmdLine
PinOrUnpinStartMenuIcon
PinOrUnpinStartScreenIcon
PinOrUnpinTaskBarIcon
PopupTipBesideShortcut
RegMultiSzEdit
RegisterQQLiveProtocal
RemoveFirewall
RemoveFirewallWithoutInit
RemoveFromFirewall
RunPCMgrDetector
SetCompletionRate
SetCtrlFontTitle
SetIEMainPage
SetInstallPath
SetInstallProgress
Show
ShowMsgBox
SvcUninstall
UnRegisterQQLiveProtocal
UninitFirewallInterface
UnitPCMgrDetector
UnloadMatrixDriver
Update
UpdateAppData
WordFindHelper
WriteConnectTypeFile
WriteInstalledToBrowserCookie
WriteUnistFlag
free_instfilespage_bitmap
getWindow
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 228KB - Virtual size: 226KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ