| File Path | Type and Hashes |
|---|---|
|
C:\Windows\System32\jmoruvx\jmoruvx\xyyabcc\m.ini |
Type : ASCII text, with CRLF line terminators MD5 : 4fcf8781342590e76bca4e8734717d5d SHA-1 : dde2df571a755f6a3fb248b46e85c8b436aa96ac SHA-256 : 69e222f6f47b8acb76355a990eb48d4ea9f943236a7f2efda19396ff6d5fc9e7 SHA-512 : b120dcb922f2cedfbe1cd09f57fc30e2e534f88231081f868f9a2a9ab5f1307e5d51410c9c422a52d1603c8728fa918c967c1ca08052b3030ca704c5c601d5e2 Size : 0.128 Kilobytes. |
|
C:\Windows\Help\jmoruvx.hlp |
Type : ASCII text, with very long lines, with no line terminators MD5 : cddd845fe09c3ee1d41c68c3501a5195 SHA-1 : ab4f837abd4ee38d7025dfdd78f75edba55246e7 SHA-256 : 4986c6b4253f906bb62090ae60ee9ac8f8f66ae3a7fb1174bdd1ce139ee54b61 SHA-512 : 2d9a839d1de2ca96ea0436e6df04f0b301fab2f6cbb55e403c4c1e23e35948aa2199b87715f6226aaade434eaebfe861e62730b761de5a8048600375fedbe8f6 Size : 1252.91 Kilobytes. |
|
C:\Windows\2.ini |
Type : ASCII text, with CRLF line terminators MD5 : 453ddf5b3489d85f5827ece64188c9f6 SHA-1 : a3cfd968009d9476e6a11be079b1f9644011be38 SHA-256 : 8f4d362b81afbd04cf56406240e3dc8da83b1aee2475038de8d3fc581a4b2e76 SHA-512 : 46cfc3c9f806c6fed98ba318fe275c148c3ed1539dcf4dab9509ebc990897bd393c888c66d47a364dd4100996a94b662df376e253371f08d7db58b150a8c9a8a Size : 0.079 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj001.IMD |
Type : data MD5 : ca587ec3b3b0ad7e5e0f582cab7a2091 SHA-1 : d20dfdbe698afc7a73dbc97557393c9c2666e9e9 SHA-256 : 97e4e24f591457b78f810761826a4ab1eda01965c666c70bc6a42c3922855d2a SHA-512 : 3e0fcbd6e44aa400050e4b48531f15866df0fd41b17738b62280e8caa21effed406144ca5a90ac823a20108ade5491ed94a995b5bbb2abaff7d73aae90c03d78 Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj007.IMD |
Type : data MD5 : d7c1640a597febf0f1b30ac089a77ffd SHA-1 : 66f3b0d34659e470cbde386f60d4a0fdded75be1 SHA-256 : cafd36a35fb4f44ed68c926f7bee62263fa384e0275ba1ffef49f111a6722798 SHA-512 : 75422da95df39e3f2dbf47027d8dde3b01e08e97e478ac0d9f6142c18832c87485c37423695fdbe4dba4a3c0ad11325685336893adf8f9a7a1200f487a906f9c Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj003.IMD |
Type : data MD5 : 92c7c15b603005c43791e3fe08524275 SHA-1 : 4b84a2f7b22395f934fb7be2053e479883b52a41 SHA-256 : ded5a9ba85fbe50d7f6cf2dc0f13fd8bc8f946e9abd27e2d86b6843515c9e5e1 SHA-512 : 956c5ba4ef8b15645a358573b4990bc9523fa45b0df8720fc90a66c39b4a773e76566208670e2b37f8d88514c828215af9df7b8bbdf976e2664f436a598f91c9 Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj009.IMD |
Type : data MD5 : b59e65d992b60e11bc8a231453afc658 SHA-1 : 27ce5a4dc3fe25bcdb6f0fa589ad0bce8c3b0bb6 SHA-256 : 8d53f613ad2434a2b8de0ad4d452463a9dc93c1925d9fc6a74c46d746ddf487b SHA-512 : 6d415bdc75ce0c948047d845611669bff6adc6a66541d993db72df3c54ac1f88118dfe8ddde34772c4d67880a9e0ae2cbc9f66c0edef5290eb6f99381e9ed688 Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj006.IMD |
Type : data MD5 : 1b13a1ffcc42d6c0b02fbc8723e4c7a8 SHA-1 : 0cd60532b3d38c730033e906bad55789b728a672 SHA-256 : a3641acf3b9bda1d6f618f54b5d63d2e8d17257aa5417e46f76ca53143c24d65 SHA-512 : 18f5b33235802fa0c3826b26021eb81977cb6de008d6268e96abc7422c508d1f5d3b194c004cd94bb1857b44708cf61b1d263a7e6d6d81f80db1d7b7f268a9c9 Size : 62.645 Kilobytes. |
|
C:\Windows\System32\Help\2.jmoruvx |
Type : ASCII text, with CRLF line terminators MD5 : 8a57eee1149e828387d896d90997e180 SHA-1 : c3d7b7731255fba61332becbaa4ae7451812c82f SHA-256 : b376ca135d55d1311328eaabbaed09200acadde486a1059794116990e3438057 SHA-512 : 5f434d48ecaf7f48074cb6a1ffdf4f399d62d7518c47851cb2edf1bcbc732a2c05ca3fb89622274bbb4bb5e6f1688310a135247ea364a06a13a20704c90052f7 Size : 0.018 Kilobytes. |
|
C:\Windows\System32\Help\upbiran.ini |
Type : ASCII text, with CRLF line terminators MD5 : 4fd52c1e023f9f241a59230dd5f21f44 SHA-1 : e40a538bc8c3f5d055a55f841ac683867e051afc SHA-256 : a0607c348c6812efcc39a9b97ba08f518674567e0849decdc867a71a0f56d5e4 SHA-512 : 1c77955c145132633b12f99dc2bac437eb0c3c83b5cb40ae84152ef358c4f4dad025acccaaa5d561d881c30c64aea1360db6ac425cf221cc54a78000a3656eb4 Size : 0.018 Kilobytes. |
|
C:\Windows\System32\jmoruvx\jmoruvx\xyyabcc\pqqrstu.exe C:\Windows\System32\spool\DRIVERS\W32X86\3\moruvxj\moruvxj.exe |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 : ee4b591cd2aec19b55a0119995d03239 SHA-1 : 4fd96f7750b6b9ad8a6ed3533b33495074db4e35 SHA-256 : b7ece47f94e358931c833a34ac90e578563e81732ffd8f5d3ca5c469e72f7f5f SHA-512 : a023ddfa56e4d17234edd409339732cb6a0c94c2feb33b1882818a83e6ef90ac4a8ad4ce916c7d9fa405ae9a32521fad2233f51f65ac2a6ae0a2bb42157d538c Size : 6186.484 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj004.IMD |
Type : data MD5 : 11bcc9a9993b474b5aa8a5b71497f1de SHA-1 : 66dc89c7333deb4543a21a70b186ed48600d2849 SHA-256 : fc821585a07334f27c1062bd2aa7bcf3ff07fe0689633955aeb968932f29f51c SHA-512 : aa632fb81f321271ca22ccbb5fbf5e69ac1411324dbedc7b82da27c1043c572bebda2f6c60fa8107cb073bfd79ed73ffaf6959dd3b44385fc36c4efff6d12e2a Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj002.IMD |
Type : data MD5 : 06031d6aa949a302fec69f61844efc92 SHA-1 : 1d82aaccade409633b2d063f4261f6259aa6ea13 SHA-256 : d7782b831e996b7cf46ffd28d3cba9b3c8be6721a4743fbff371c6b9e6a6f28b SHA-512 : 9dd2970cf1257796882e6a9f83cdb92e191a0ed843d9ec4daf2cfea3333b6b26a0fcf27f713066a7c9cfb9c8e478df53fcd17b18e99bd6b4a164c656fad63ead Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj000.IMD |
Type : PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 : dad1ffe4513f1e9e0d51b1c2ccc0c028 SHA-1 : 25c884f0397b382dab48e46c7e9b26213bf02ccd SHA-256 : 877e7eacf5e02054fd7ef1318cb14344187c086deba6a128fb561e60d2b6cd2e SHA-512 : 9b32266bb205824de2488db82bae782b1629817ab12f09a77218a8bd4be34c001ef69b46f170e18b0f184addeb339b6e92927204ac6f0e1fc54369e3730082dc Size : 62.645 Kilobytes. |
|
C:\Windows\System32\Help\1.jmoruvx |
Type : ASCII text, with CRLF line terminators MD5 : fedd6a3ee2e8b8e0b034f60aecbfe4c1 SHA-1 : 6fa1117d5e24f677535a658998e1e9bd0688b12c SHA-256 : 39b5239f68307fa387415dcba6e9e5997d3c2a46240aac84f206522fc4930860 SHA-512 : 7ad02c7d8121e3b34ebed6fe38c228c49c495e9ed6577f8d403006fbb58844cabaa3334f896d1bf953fd2f5c5e0a5a0b1a21df81a54eae6e37992d44e44c2cc0 Size : 0.026 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj008.IMD |
Type : data MD5 : b30951ac77fa220c87e299962bc9ef3b SHA-1 : bc1e344079c3ae07750c4edae21e7320d0685aa6 SHA-256 : 907b21b6b006f905f6e925a400aa3d4ca06ba20f9e3ef45b239ed705d89745ad SHA-512 : 95ba6aed6de6e678d998666eb4db171e8999a1330fcda56fd1f936b2893c27e0b52d3df457ec4859499da67466219375859e78745464def9840f779da6550905 Size : 62.645 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj010.IMD |
Type : data MD5 : f1d3ff8443297732862df21dc4e57262 SHA-1 : 9069ca78e7450a285173431b3e52c5c25299e473 SHA-256 : df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 SHA-512 : ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 Size : 0.004 Kilobytes. |
|
D:\RECYCLER\S-1-5-18\Dc8\moruvxj\moruvxj005.IMD |
Type : Apple DiskCopy 4.2 image U\364\213E\010\213@\374\350\001~\373\377uE\213E\010\213@\364\350l\271\373\377P\213E\010\213@\370\350`\271\373\377P\350^\242\373\377j, 2336291048 bytes, 0x3fb9fbff tag size, 0xe9 encoding, 0x1 format MD5 : 8687c42c0e7889e68357ae24c3391f2c SHA-1 : e3b2298c55edd4c47a325c1f147c89f045e6ca4a SHA-256 : 694411636b67509de0cfec7915bd8255eaf2d0624cc20fd4f5a7539d0ffc205a SHA-512 : ffd444eb16fb11894e4d96536cec93470ddeb59b8c6e901da9ebac198f1581ec9f76e2cb445592f1e11a0fd09e239f430e7e45a03c6dab99eed3f982b17ea3e8 Size : 62.645 Kilobytes. |
| Match Rules |
|---|
| File Name: | virussign.com_754ab92ada89fdd88a100e5dd854dcb0.exe |
| File Type: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| SHA1: | f2c7dbed7119e7c49e43bbc00bcfa56ddd091a2b |
| MD5: | 754ab92ada89fdd88a100e5dd854dcb0 |
| First Seen Date: | 2024-12-02 09:26:55.755682 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2024-12-02 09:26:55.755682 ( ) |
| Human Expert Analysis Date: | 2024-12-02 14:38:34.640807 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 4 |
| trid | [[31.8, u'UPX compressed Win32 Executable'], [31.2, u"Win32 EXE Yoda's Crypter"], [16.6, u'Win32 Executable Delphi generic'], [7.7, u'Win32 Dynamic Link Library (generic)'], [5.3, u'Win32 Executable (generic)']] |
| compilation time stamp | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] [SUSPICIOUS] |
| LegalCopyright | Sunward Information Technology Co.Ltd |
| InternalName | BarClientView.exe |
| FileVersion | 2010, 8, 6, 1 |
| CompanyName | Sunward Information Technology Co.Ltd |
| ProductName | BarClientView.exe |
| ProductVersion | 7, 1, 3, 0 |
| FileDescription | BarClientView.exe |
| OriginalFilename | BarClientView.exe |
| Translation | 0x0804 0x03a8 |
| entry point | 0x456464 (UPX1) |
| machine type | Intel 386 or later - 32Bit |
| file size | 626454 |
| ssdeep | 12288:TGzQYR4IeaAVB6ETW82Ku8UKfdndrQwoS:T8lgaAVB6evW8UKlndr |
| sha256 | ee459eb850f0c934651a4b7b85827cd033834e1f3efec3d0f1c6ac8f772f293c |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/2/c/7/f2c7dbed7119e7c49e43bbc00bcfa56ddd091a2b', u'EXE:OriginalFileName': u'BarClientView.exe', u'EXE:ProductName': u'BarClientView.exe', u'EXE:InternalName': u'BarClientView.exe', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:12:02 09:26:44+00:00', u'EXE:InitializedDataSize': 4096, u'File:FileModifyDate': u'2024:12:02 09:26:25+00:00', u'EXE:FileVersionNumber': u'2010.8.6.1', u'EXE:FileVersion': u'2010, 8, 6, 1', u'File:FileSize': u'612 kB', u'EXE:CharacterSet': u'Windows, Chinese (Simplified)', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'7, 1, 3, 0', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Sunward Information Technology Co.Ltd', u'File:FileName': u'f2c7dbed7119e7c49e43bbc00bcfa56ddd091a2b', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'1992:06:19 22:22:17+00:00', u'EXE:FileFlagsMask': u'0x001f', u'EXE:LegalCopyright': u'Sunward Information Technology Co.Ltd', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/f/2/c/7', u'EXE:FileDescription': u'BarClientView.exe', u'EXE:EntryPoint': u'0x56464', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 151552, u'File:FileInodeChangeDate': u'2024:12:02 09:26:44+00:00', u'EXE:UninitializedDataSize': 286720, u'EXE:LanguageCode': u'Chinese (Simplified)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'7.1.3.0'}] |
| mime type | application/x-dosexec |
| imphash | bcf75e287e43fcf41bb59e2f7e37a071 |
| File Path on Client | Seen Count |
|---|---|
| virussign.com_754ab92ada89fdd88a100e5dd854dcb0.exe | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x46000 | 0x46000 | 6.55769308275 | 383abeef443b2fc8705703d906449477 |
| UPX1 | 0x47000 | 0x25000 | 0x24400 | 4.59093188705 | 50a563cd7035d408d6c11ae2cbbe0c4b |
| .rsrc | 0x6c000 | 0x1000 | 0xe00 | 4.62426498288 | 0430fbc0a5270693a437c9a5fb069fd7 |
| .imports | 0x6d000 | 0x2000 | 0x1800 | 4.49361700883 | b0bb39e16175f74c1a74a094dfc5e365 |
-
KERNEL32.DLL
- DeleteCriticalSection
- LeaveCriticalSection
- EnterCriticalSection
- InitializeCriticalSection
- VirtualFree
- VirtualAlloc
- LocalFree
- LocalAlloc
- GetTickCount
- QueryPerformanceCounter
- GetVersion
- GetCurrentThreadId
- InterlockedDecrement
- InterlockedIncrement
- VirtualQuery
- WideCharToMultiByte
- MultiByteToWideChar
- lstrlenA
- lstrcpynA
- LoadLibraryExA
- GetThreadLocale
- GetStartupInfoA
- GetProcAddress
- GetModuleHandleA
- GetModuleFileNameA
- GetLocaleInfoA
- GetLastError
- GetCommandLineA
- FreeLibrary
- FindFirstFileA
- FindClose
- ExitProcess
- CreateThread
- WriteFile
- UnhandledExceptionFilter
- SetFilePointer
- SetEndOfFile
- RtlUnwind
- ReadFile
- RaiseException
- GetStdHandle
- GetFileSize
- GetFileType
- CreateFileA
- CloseHandle
-
user32.dll
- GetKeyboardType
- LoadStringA
- MessageBoxA
- CharNextA
-
advapi32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
-
oleaut32.dll
- SysFreeString
- SysReAllocStringLen
- SysAllocStringLen
-
KERNEL32.DLL
- TlsSetValue
- TlsGetValue
- LocalAlloc
- GetModuleHandleA
-
advapi32.dll
- RegDeleteValueA
-
KERNEL32.DLL
- lstrlenW
- WritePrivateProfileStringA
- WriteFile
- WinExec
- WaitForSingleObject
- VirtualQueryEx
- VirtualQuery
- VirtualProtectEx
- VirtualFree
- VirtualAlloc
- UnlockFile
- TerminateThread
- TerminateProcess
- SleepEx
- Sleep
- SizeofResource
- SetThreadPriority
- SetPriorityClass
- SetFilePointer
- SetEvent
- SetErrorMode
- SetEndOfFile
- ResumeThread
- ResetEvent
- RemoveDirectoryA
- ReadProcessMemory
- ReadFile
- OpenProcess
- MulDiv
- MoveFileExA
- MoveFileA
- LockResource
- LockFile
- LoadResource
- LoadLibraryA
- LeaveCriticalSection
- IsDBCSLeadByte
- InitializeCriticalSection
- HeapAlloc
- GlobalUnlock
- GlobalReAlloc
- GlobalMemoryStatus
- GlobalHandle
- GlobalLock
- GlobalFree
- GlobalAlloc
- GetVolumeInformationA
- GetVersionExA
- GetTickCount
- GetThreadPriority
- GetThreadLocale
- GetThreadContext
- GetSystemInfo
- GetStringTypeExA
- GetStdHandle
- GetProcessHeap
- GetProcAddress
- GetPrivateProfileStringA
- GetPriorityClass
- GetModuleHandleA
- GetModuleFileNameA
- GetLogicalDriveStringsA
- GetLocaleInfoA
- GetLocalTime
- GetLastError
- GetFullPathNameA
- GetFileSize
- GetFileAttributesA
- GetExitCodeProcess
- GetDiskFreeSpaceA
- GetDateFormatA
- GetCurrentThreadId
- GetCurrentThread
- GetCurrentProcessId
- GetCurrentProcess
- GetComputerNameA
- GetCPInfo
- GetACP
- FreeResource
- FreeLibrary
- FormatMessageA
- FindResourceA
- FindNextFileA
- FindFirstFileA
- FindClose
- FileTimeToLocalFileTime
- FileTimeToDosDateTime
- ExitProcess
- EnumCalendarInfoA
- EnterCriticalSection
- DuplicateHandle
- DeleteFileA
- DeleteCriticalSection
- CreateMutexA
- CreateFileA
- CreateEventA
- CreateDirectoryA
- CompareStringA
- CloseHandle
-
gdi32.dll
- UnrealizeObject
- StretchBlt
- SetWinMetaFileBits
- SetTextColor
- SetStretchBltMode
- SetROP2
- SetEnhMetaFileBits
- SetDIBColorTable
- SetBrushOrgEx
- SetBkMode
- SetBkColor
- SelectPalette
- SelectObject
- RealizePalette
- PlayEnhMetaFile
- PatBlt
- MoveToEx
- MaskBlt
- GetWindowOrgEx
- GetWinMetaFileBits
- GetTextMetricsA
- GetTextExtentPoint32A
- GetSystemPaletteEntries
- GetStockObject
- GetPixel
- GetPaletteEntries
- GetObjectA
- GetEnhMetaFilePaletteEntries
- GetEnhMetaFileHeader
- GetEnhMetaFileBits
- GetDeviceCaps
- GetDIBits
- GetDIBColorTable
- GetCurrentPositionEx
- GetBrushOrgEx
- GetBitmapBits
- GdiFlush
- ExtTextOutA
- DeleteObject
- DeleteEnhMetaFile
- DeleteDC
- CreatePenIndirect
- CreatePalette
- CreateHalftonePalette
- CreateFontIndirectA
- CreateDIBitmap
- CreateDIBSection
- CreateCompatibleDC
- CreateCompatibleBitmap
- CreateBrushIndirect
- CreateBitmap
- CopyEnhMetaFileA
- BitBlt
-
user32.dll
- CreateWindowExA
- mouse_event
- keybd_event
- UpdateWindow
- UnregisterClassA
- TranslateMessage
- SwapMouseButton
- SetWindowPos
- SetWindowLongA
- SetTimer
- SetRect
- SetProcessWindowStation
- SetCursorPos
- SendMessageA
- ReleaseDC
- RegisterClassExA
- RegisterClassA
- PostMessageA
- OpenWindowStationA
- OpenDesktopA
- MessageBoxA
- LoadStringA
- LoadIconA
- KillTimer
- IsWindowVisible
- GetWindowThreadProcessId
- GetWindowTextA
- GetWindowRect
- GetWindowLongA
- GetWindowDC
- GetSystemMetrics
- GetSystemMenu
- GetSysColor
- GetProcessWindowStation
- GetMessageA
- GetLastInputInfo
- GetIconInfo
- GetForegroundWindow
- GetFocus
- GetDesktopWindow
- GetDC
- GetCursorPos
- GetClipboardData
- GetClassInfoA
- FillRect
- ExitWindowsEx
- EnumWindows
- EnumChildWindows
- EnableMenuItem
- EmptyClipboard
- DrawIconEx
- DispatchMessageA
- DestroyWindow
- DestroyIcon
- DefWindowProcA
- CreateIcon
- CloseWindowStation
- CloseClipboard
- CallWindowProcA
- AttachThreadInput
- CharNextA
- CharLowerBuffA
- CharUpperBuffA
- CharToOemA
-
KERNEL32.DLL
- Sleep
-
oleaut32.dll
- SafeArrayPtrOfIndex
- SafeArrayGetUBound
- SafeArrayGetLBound
- SafeArrayCreate
- VariantChangeType
- VariantCopy
- VariantClear
- VariantInit
-
advapi32.dll
- DeleteService
- CloseServiceHandle
-
wsock32.dll
- WSACleanup
- WSAStartup
- WSAGetLastError
- WSACancelAsyncRequest
- WSAAsyncGetServByName
- WSAAsyncGetHostByName
- WSAAsyncSelect
- getservbyname
- gethostbyname
- socket
- shutdown
- send
- recv
- ntohs
- listen
- ioctlsocket
- inet_ntoa
- inet_addr
- htons
- getsockname
- connect
- closesocket
- bind
-
ntdll.dll
- NtQueryInformationProcess
-
shell32.dll
- SHGetFileInfoA
- SHFileOperationA
-
WS2_32.DLL
- WSAIoctl
{u'lang': u'LANG_CHINESE', u'name': u'RT_ICON', u'offset': 414884, u'sha256': u'a332c191874d96c037fadce37905842f82c68fb2b68fb7b02961008c040245fc', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 443560, u'sha256': u'70c827d7ba31067739b5aaab926c8b6d6f2deb118a051b368acb330d95f1ac94', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 872}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 416052, u'sha256': u'd91dc4e26fd86def5ee907c72f32457bea07d21fa618012245f641d08501548d', u'type': u'data', u'size': 130}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 416184, u'sha256': u'05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4', u'type': u'data', u'size': 42}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 416228, u'sha256': u'9665348f07508c6c2a568fc90ec4c04736668adc3521e311a4c7659973d92313', u'type': u'data', u'size': 388}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 416616, u'sha256': u'0519d7704cb64bab3aeca7c3b96affd55641099a2a162e88537cb1b8dbfcd540', u'type': u'data', u'size': 1254}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 417872, u'sha256': u'eaa0b4fe4704e193dd2ed1f8de1cb20e1001034fdb30307ee44aa664966d4ffc', u'type': u'data', u'size': 612}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 418484, u'sha256': u'cffcd4956911b3d50eef378cb051e598baba0db48246b07780af03b01c67c64d', u'type': u'data', u'size': 730}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 419216, u'sha256': u'35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be', u'type': u'data', u'size': 138}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 419356, u'sha256': u'1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8', u'type': u'data', u'size': 172}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 419528, u'sha256': u'31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc', u'type': u'data', u'size': 222}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 419752, u'sha256': u'2b5551644093e58a4af74928fb744bd735fa2ef5f99824e6918ff9f6a33a3803', u'type': u'data', u'size': 1192}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 420944, u'sha256': u'e9212b16f2d3292d0b0eb67134a70778ff1b0aede4918831e5bdba3f950db2a7', u'type': u'data', u'size': 552}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 421496, u'sha256': u'0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95', u'type': u'data', u'size': 44}
{u'lang': u'LANG_CHINESE', u'name': u'RT_STRING', u'offset': 421540, u'sha256': u'1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212', u'type': u'data', u'size': 66}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 421608, u'sha256': u'291d557dc17e1317554d7e6eeee51be221a5de93e98f469e1a694aa69c51948a', u'type': u'data', u'size': 1793}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 423404, u'sha256': u'88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610', u'type': u'Sendmail frozen configuration ', u'size': 16}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 423420, u'sha256': u'de5d8c7c13ce9e42b29dd4f8f11aef94def82f42856ea14b32005ce8ed42faea', u'type': u'data', u'size': 604}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 444436, u'sha256': u'5300b5aceb70e14ae313b70f97b0ce0c5c269171a9ecaaa04f003982cd17ba42', u'type': u'MS Windows icon resource - 1 icon, 16x16', u'size': 20}
{u'lang': u'LANG_CHINESE', u'name': u'RT_GROUP_ICON', u'offset': 424044, u'sha256': u'ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1', u'type': u'MS Windows icon resource - 1 icon, 16x16, 16 colors', u'size': 20}
{u'lang': u'LANG_CHINESE', u'name': u'RT_VERSION', u'offset': 444460, u'sha256': u'284c1675feaddec2d9f698967adebab93772210a0bc89c518f1cc1cd12213f0f', u'type': u'data', u'size': 848}