PESCAN.IO - Analysis Report Valid Code |
|||||
File Structure: | |||||
![]() |
Information: |
Size: 982,00 KB SHA-256 Hash: CAD91DB77A9398695FDBF2FCA9B67DC8032DE5BA712B17A029C928B60B13A805 SHA-1 Hash: 8D4EA750B30B75E57AB2859369B9AC6DAB2E8412 MD5 Hash: FE4AF613CC77F1FC3B2120DA1CE21F51 Imphash: 372FDF146F61A3A63C03AB9EE983CCFA MajorOSVersion: 6 CheckSum: 00100876 EntryPoint (rva): 29980 SizeOfHeaders: 400 SizeOfImage: F9000 ImageBase: 59100000 Architecture: x86 ExportTable: 2CDC ImportTable: C625C Characteristics: 2102 TimeDateStamp: 464CB2BD Date: 17/05/2007 19:53:33 File Type: DLL Number Of Sections: 4 ASLR: Disabled Section Names: .text, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
Sections Info: |
Section Name | Flags | ROffset | RSize | VOffset | VSize |
---|---|---|---|---|---|
.text | 60000020 (Executable) | 400 | C8400 | 1000 | C82ED |
.data | C0000040 (Writeable) | C8800 | 22200 | CA000 | 22BA0 |
.rsrc | 40000040 | EAA00 | 600 | ED000 | 5C8 |
.reloc | 42000040 | EB000 | A800 | EE000 | A678 |
Description: |
InternalName: MSNCore.dll OriginalFilename: MSNCore.dll CompanyName: Microsoft Corporation LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved. ProductName: Microsoft CoreXT FileVersion: 8.5.1235.0517 |
Entry Point: |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 28D80 Code -> 837C2408010F8417D40300FF7424048B4C24108B54240CE81FFFFFFF59C20C008BFF558BEC33C04039450C0F8491CC03005D • CMP DWORD PTR [ESP + 8], 1 • JE 0X3E422 • PUSH DWORD PTR [ESP + 4] • MOV ECX, DWORD PTR [ESP + 0X10] • MOV EDX, DWORD PTR [ESP + 0XC] • CALL 0XF3B • POP ECX • RET 0XC • MOV EDI, EDI • PUSH EBP • MOV EBP, ESP • XOR EAX, EAX • INC EAX • CMP DWORD PTR [EBP + 0XC], EAX • JE 0X3DCC2 • POP EBP |
Signatures: |
CheckSum Integrity Problem: • Header: 1050742 • Calculated: 1063079 Rich Signature Analyzer: Code -> FEF29124BA93FF77BA93FF77BA93FF77799C9F77BB93FF77799CA2779A93FF77BA93FE778B91FF779D558477B993FF772D578177BB93FF779D558277B393FF77799CA077B593FF77799CF077BB93FF779D559277B593FF779D558577BB93FF779D5591774593FF779D558377BB93FF779D558777BB93FF7752696368BA93FF77 Footprint md5 Hash -> D780E141C96AF0DB53AAC6A8AB49076D • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
Packer/Compiler: |
Compiler: Microsoft Visual Studio Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2005)[DLL32] • PE: compiler: Microsoft Visual C/C++(2005)[-] • PE: linker: Microsoft Linker(8.0 or 11.0)[DLL32] • Entropy: 6.40024 |
Suspicious Functions: |
Library | Function | Description |
---|---|---|
KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
USER32.DLL | CallWindowProcA | Invokes the window procedure for the specified window and messages. |
ET Functions (carving): |
??0?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAE@ABV01@@Z ??0?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAE@XZ ??0?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAE@ABV01@@Z ??0?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAE@XZ ??0?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@ABV01@@Z ??0?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@PAVElement@1@@Z ??0CCustomColor@@QAE@W4EUIType@@@Z ??0CDUI2WindowMsg@@QAE@ABV0@@Z ??0CDUI2WindowMsg@@QAE@XZ ??0CDUIDialog@@QAE@XZ ??0CFramelessHost@@QAE@XZ ??0CMsgFilter@@QAE@ABV0@@Z ??0CMsgFilter@@QAE@XZ ??0CPerfMonitor@@QAE@XZ ??0CRMCompoundStringResource@@QAE@ABV0@@Z ??0CRMCompoundStringResource@@QAE@IKPB_W@Z ??0CRMCompoundStringResource@@QAE@XZ ??0CRMDUIParser@@QAE@XZ ??0CRMDirectStringResource@@QAE@ABV0@@Z ??0CRMDirectStringResource@@QAE@IKPB_W@Z ??0CRMDirectStringResource@@QAE@XZ ??0CRMResource@@QAE@ABV0@@Z ??0CRMResource@@QAE@PB_W0K0PAK@Z ??0CRMResource@@QAE@XZ ??0CRMSystemMetricInteger@@QAE@ABV0@@Z ??0CRMSystemMetricInteger@@QAE@ABVCRMDirectStringResource@@@Z ??0CRMSystemMetricInteger@@QAE@PB_W@Z ??0CRMSystemMetricInteger@@QAE@XZ ??0CRMSystemMetricString@@QAE@ABV0@@Z ??0CRMSystemMetricString@@QAE@ABVCRMDirectStringResource@@@Z ??0CRMSystemMetricString@@QAE@PB_W@Z ??0CRMSystemMetricString@@QAE@XZ ??0CWebBrowserElement@@QAE@XZ ??0CmdButton@@QAE@XZ ??0DialogHWNDHost@DirectUI@@QAE@ABV01@@Z ??0DialogHWNDHost@DirectUI@@QAE@XZ ??0DocObjHWNDHost@DirectUI@@QAE@XZ ??0DuiElementTimerHandler@@QAE@XZ ??0ElementRecycler@@QAE@H@Z ??0ItemRange@@QAE@XZ ??0NativeHWNDHost@DirectUI@@QAE@ABV01@@Z ??0NativeHWNDHost@DirectUI@@QAE@XZ ??0PNGGraphic@@QAE@XZ ??0PopupMenuHWNDHost@DirectUI@@QAE@ABV01@@Z ??0PopupMenuHWNDHost@DirectUI@@QAE@XZ ??0PopupWindow@DirectUI@@QAE@ABV01@@Z ??0PopupWindow@DirectUI@@QAE@XZ ??0TextHostT@@QAE@XZ ??0TimerHandler@@QAE@XZ ??0VirtualListView@@QAE@XZ ??0WLEditT@@QAE@XZ ??1?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAE@XZ ??1CDUIDialog@@UAE@XZ ??1CFramelessHost@@UAE@XZ ??1CMsgFilter@@QAE@XZ ??1CPerfMonitor@@QAE@XZ ??1CRMCompoundStringResource@@UAE@XZ ??1CRMDUIParser@@UAE@XZ ??1CRMDirectStringResource@@UAE@XZ ??1CRMResource@@UAE@XZ ??1CRMSystemMetricInteger@@UAE@XZ ??1CRMSystemMetricString@@UAE@XZ ??1CWebBrowserElement@@UAE@XZ ??1CmdButton@@UAE@XZ ??1DialogHWNDHost@DirectUI@@UAE@XZ ??1DocObjHWNDHost@DirectUI@@UAE@XZ ??1DocObjHost@DirectUI@@UAE@XZ ??1DuiAccessible@DirectUI@@UAE@XZ ??1DuiElementTimerHandler@@UAE@XZ ??1Element@DirectUI@@UAE@XZ ??1ElementRecycler@@QAE@XZ ??1FontCache@DirectUI@@UAE@XZ ??1HWNDContainer@@UAE@XZ ??1HWNDElementAccessible@DirectUI@@UAE@XZ ??1HWNDHostAccessible@DirectUI@@UAE@XZ ??1ItemRange@@UAE@XZ ??1NativeHWNDHost@DirectUI@@UAE@XZ ??1PNGGraphic@@UAE@XZ ??1Parser@DirectUI@@UAE@XZ ??1PopupMenuHWNDHost@DirectUI@@UAE@XZ ??1PopupWindow@DirectUI@@UAE@XZ ??1PropertySheetW@DirectUI@@UAE@XZ ??1SBAlloc@DirectUI@@UAE@XZ ??1SyncTimerHandler@@UAE@XZ ??1TimerHandler@@UAE@XZ ??1VirtualListView@@UAE@XZ ??1WLEditT@@UAE@XZ ??4?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z ??4?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z ??4?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEAAV01@ABV01@@Z ??4?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEPBVElement@1@PAV21@@Z ??4CDUI2WindowMsg@@QAEAAV0@ABV0@@Z ??4CMsgFilter@@QAEAAV0@ABV0@@Z ??4CRMCompoundStringResource@@QAEAAV0@ABV0@@Z ??4CRMDirectStringResource@@QAEAAV0@ABV0@@Z ??4CRMResource@@QAEAAV0@ABV0@@Z ??4CRMSystemMetricInteger@@QAEAAV0@ABV0@@Z ??4CRMSystemMetricString@@QAEAAV0@ABV0@@Z ??4DialogHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z ??4NativeHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z ??4PopupMenuHWNDHost@DirectUI@@QAEAAV01@ABV01@@Z ??4PopupWindow@DirectUI@@QAEAAV01@ABV01@@Z ??B?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QBEPAVElement@1@XZ ??BCCustomColor@@QAEKXZ ??BCRMDUIParser@@QBE_NXZ ??BCRMDirectStringResource@@QBEPB_WXZ ??BCRMSystemMetricInteger@@QAEHXZ ??BCRMSystemMetricString@@QAEPB_WXZ ??C?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QBEPAVElement@1@XZ ??_7?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@DirectUI@@6B@ ??_7?$IElementListenerImpl@VElement@DirectUI@@@DirectUI@@6B@ ??_7?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@6B@ ??_7CDUI2WindowMsg@@6B@ ??_7CMsgFilter@@6B@ ??_7DialogHWNDHost@DirectUI@@6B?$IElementListenerImpl@VDialogHWNDHost@DirectUI@@@1@@ ??_7DialogHWNDHost@DirectUI@@6BNativeHWNDHost@1@@ ??_7NativeHWNDHost@DirectUI@@6B@ ??_7PopupMenuHWNDHost@DirectUI@@6B@ ??_7PopupWindow@DirectUI@@6B@ ??_F?$ListenedElementPtr@VElement@DirectUI@@@DirectUI@@QAEXXZ ??_FElementRecycler@@QAEXXZ ?AccDefActionProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccDescProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccNameProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccRoleProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccStateProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccValueProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AccessibleProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z ?ActiveProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ActualReferencePointProp@RefPointElement@DirectUI@@2PAUPropertyInfo@2@A ?Add@Element@DirectUI@@QAEJPAV12@@Z ?Add@Element@DirectUI@@QAEJPAV12@P6AHPBX1@Z@Z ?Add@Element@DirectUI@@UAEJPAPAV12@I@Z ?Add@ElementRecycler@@QAEXPAVElement@DirectUI@@@Z ?Add@ScrollViewer@DirectUI@@UAEJPAPAVElement@2@I@Z ?AddControl@Toolbar@DirectUI@@QAEJPAVElement@2@PAVValue@2@PB_W@Z ?AddControl@ToolbarControls@DirectUI@@QAEJPAVElement@2@PAVValue@2@PB_W@Z ?AddElementToSelection@VirtualListView@@2PAEA ?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z ?AddRef@CPerfMonitor@@UAGKXZ ?AddRef@CWebBrowserHost@@UAGKXZ ?AddRef@DocObjHost@DirectUI@@UAGKXZ ?AddRef@DuiAccessible@DirectUI@@UAGKXZ ?AddRule@PropertySheetW@DirectUI@@QAEJPAUIClassInfo@2@PAUCond@2@PAUDecl@2@@Z ?AddString@Combobox@DirectUI@@QAEHPB_W@Z ?AdjustElementRect@@YGJPAVElement@DirectUI@@PAUtagRECT@@K@Z ?AdjustElementSize@@YGJPAVElement@DirectUI@@PAUtagSIZE@@K@Z ?AdjustInvalidationRect@WLEditT@@UAEXPAUtagRECT@@@Z ?AggressiveUpdateProp@HWNDHost@DirectUI@@2PAUPropertyInfo@2@A ?Alloc@SBAlloc@DirectUI@@QAEPAXXZ ?AllocateClassIndex@Element@DirectUI@@SGIXZ ?AllocatePropertyIndex@Element@DirectUI@@SGIXZ ?AlphaProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?AnimationProp@Animator@DirectUI@@2PAUPropertyInfo@2@A ?AnimationProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ArrowProp@DropDownButton@DirectUI@@2PAUPropertyInfo@2@A ?AsyncSelectionChange@TabControl@DirectUI@@2PAEA ?AsyncSetData@VirtualListView@@2PAEA ?Attach@CRMDUIParser@@QAEJPAVElement@DirectUI@@@Z ?Attach@Layout@DirectUI@@UAEXPAVElement@2@@Z ?AutoUpdatePos@PopupWindow@DirectUI@@IAEJXZ ?AvoidAnchor@PopupWindow@DirectUI@@SG_NHH@Z ?BackgroundIndexProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?BackgroundProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?BeforeNavigate2@CWebBrowserElement@@2PAEA ?BlendModeProp@PNGGraphic@@2PAUPropertyInfo@DirectUI@@A ?BlendValueProp@PNGGraphic@@2PAUPropertyInfo@DirectUI@@A ?BorderColorProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?BorderStyleProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?BorderThicknessProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?BringWindowToTop@NativeHWNDHost@DirectUI@@QAEXXZ ?BrushFromEnumI@DirectUI@@YGPAUHBRUSH__@@H@Z ?BuildButton@ButtonList@DirectUI@@MAEJPAVValue@2@@Z ?BuildCacheInfo@FlowLayout@DirectUI@@IAE?AUtagSIZE@@PAVElement@2@U3@PAVSurface@2@_N@Z ?BuildContent@ButtonList@DirectUI@@MAEJXZ ?BuildScrollViewer@ScrollViewer@DirectUI@@IAEJXZ ?BuildShortcutString@DirectUI@@YGJPAPA_W_W@Z ?BuildString@CRMCompoundStringResource@@UBE_NPA_WI@Z ?ButtonStyleProp@CmdButton@@2PAUPropertyInfo@DirectUI@@A ?CLSIDProp@DocObjHWNDHost@DirectUI@@2PAUPropertyInfo@2@A ?CSAdd@@YGJIPB_W00IK_NW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@00@Z ?CSAddFile@@YGJIPB_W0IK@Z ?CSConfigDownload@@YGJPB_W000IK_NPADIW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@00@Z ?CSConfigGetAttributeValue@@YGJPB_W0AAK@Z ?CSConfigGetAttributeValueAsBSTR@@YGJPB_W0AAVCComBSTR@ATL@@@Z ?CSConfigGetDownloadState@@YG?AW4tagCONFIGSERVERCLIENT_DOWNLOAD_STATE@@PA_N@Z ?CSConfigIsInfoReady@@YG_NXZ ?CSConfigLoadFromFile@@YGJPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z ?CSConfigLoadFromString@@YGJPB_W@Z ?CSConfigNotify@@YGXJ@Z ?CSConfigReleaseXML@@YGXXZ ?CSConfigReset@@YGXXZ ?CSConfigSelectNode@@YGJPB_WPAPAUIXMLDOMNode@@@Z ?CSGetAttributeValue@@YGJIPB_W0AAVCComBSTR@ATL@@@Z ?CSGetAttributeValue@@YGJPAUIXMLDOMNode@@PB_WAAVCComBSTR@ATL@@@Z ?CSGetDownloadState@@YG?AW4tagCONFIGSERVERCLIENT_DOWNLOAD_STATE@@IPA_N@Z ?CSGetElementInnerText@@YGJIPB_WAAVCComBSTR@ATL@@@Z ?CSGetElementInnerText@@YGJPAUIXMLDOMNode@@PB_WAAVCComBSTR@ATL@@@Z ?CSInitialize@@YGXXZ ?CSIsInfoReady@@YG_NI@Z ?CSLoadFromFile@@YGJIPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z ?CSLoadFromFile@@YGJPB_WPAPAUIXMLDOMNode@@@Z ?CSLoadFromString@@YGJIPB_WW4tagCONFIGSERVERCLIENT_EVENT_TYPE@@@Z ?CSLoadFromString@@YGJPB_WPAPAUIXMLDOMNode@@@Z ?CSNotify@@YGXIJ@Z ?CSReleaseXML@@YGXI@Z ?CSRemove@@YGJI@Z ?CSReset@@YGXXZ ?CSSelectNode@@YGJIPB_WPAPAUIXMLDOMNode@@@Z ?CSSelectNode@@YGJPAUIXMLDOMNode@@PB_WPAPAU1@@Z ?CSSetUserAgentString@@YGJPBDK@Z ?CSTerminate@@YGXXZ ?CanInPlaceActivate@DocObjHost@DirectUI@@UAGJXZ ?CapturedProp@Button@DirectUI@@2PAUPropertyInfo@2@A ?Change@Edit@DirectUI@@2PAEA ?ChangeTheme@CRMDUIParser@@QAEJPAVElement@DirectUI@@@Z ?CheckClick@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@HPAH2PAUtagClickInfo@1@@Z ?CheckClick@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@PAH2PAUtagClickInfo@1@@Z ?CheckContext@DirectUI@@YGHPAVElement@1@PAUInputEvent@1@PAHPAUtagClickInfo@1@@Z ?CheckContextMenu@DirectUI@@YGXPAVElement@1@PBUPropertyInfo@1@PAUInputEvent@1@@Z ?CheckOutFont@FontCache@DirectUI@@QAEPAUHFONT__@@PB_WHHHH@Z ?CheckedProp@Checkbox@DirectUI@@2PAUPropertyInfo@2@A ?ChildrenProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?Class@Animator@DirectUI@@2PAUIClassInfo@2@A ?Class@BorderSplitter@DirectUI@@2PAUIClassInfo@2@A ?Class@Button@DirectUI@@2PAUIClassInfo@2@A ?Class@ButtonArrow@DirectUI@@2PAUIClassInfo@2@A ?Class@ButtonDropDown@DirectUI@@2PAUIClassInfo@2@A ?Class@ButtonIcon@DirectUI@@2PAUIClassInfo@2@A ?Class@ButtonList@DirectUI@@2PAUIClassInfo@2@A ?Class@ButtonText@DirectUI@@2PAUIClassInfo@2@A ?Class@CExpando@@2PAUIClassInfo@DirectUI@@A ?Class@CExpandoH@@2PAUIClassInfo@DirectUI@@A ?Class@CWebBrowserElement@@2PAUIClassInfo@DirectUI@@A ?Class@Checkbox@DirectUI@@2PAUIClassInfo@2@A ?Class@CheckboxGroup@DirectUI@@2PAUIClassInfo@2@A ?Class@Clipper@@2PAUIClassInfo@DirectUI@@A ?Class@ClipperH@@2PAUIClassInfo@DirectUI@@A ?Class@CmdButton@@2PAUIClassInfo@DirectUI@@A ?Class@Combobox@DirectUI@@2PAUIClassInfo@2@A ?Class@Constrainer@DirectUI@@2PAUIClassInfo@2@A ?Class@Dialog@DirectUI@@2PAUIClassInfo@2@A ?Class@DialogHost@@2PAUIClassInfo@DirectUI@@A ?Class@DocObjHWNDHost@DirectUI@@2PAUIClassInfo@2@A ?Class@DropDownButton@DirectUI@@2PAUIClassInfo@2@A ?Class@Edit@DirectUI@@2PAUIClassInfo@2@A ?Class@Element@DirectUI@@2PAUIClassInfo@2@A ?Class@HTMLHost@DirectUI@@2PAUIClassInfo@2@A ?Class@HWNDContainer@@2PAUIClassInfo@DirectUI@@A ?Class@HWNDElement@DirectUI@@2PAUIClassInfo@2@A ?Class@HWNDHost@DirectUI@@2PAUIClassInfo@2@A ?Class@Hyperlink@DirectUI@@2PAUIClassInfo@2@A ?Class@Label@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuButton@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuItem2@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuItem@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuItemSeparator@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuItemSubMenu@DirectUI@@2PAUIClassInfo@2@A ?Class@MenuItemText@DirectUI@@2PAUIClassInfo@2@A ?Class@PNGGraphic@@2PAUIClassInfo@DirectUI@@A ?Class@PopupMenu2@DirectUI@@2PAUIClassInfo@2@A ?Class@PopupMenu@DirectUI@@2PAUIClassInfo@2@A ?Class@Progress@DirectUI@@2PAUIClassInfo@2@A ?Class@RefPointElement@DirectUI@@2PAUIClassInfo@2@A ?Class@RepeatButton@DirectUI@@2PAUIClassInfo@2@A ?Class@ScrollBar@DirectUI@@2PAUIClassInfo@2@A ?Class@ScrollViewer@DirectUI@@2PAUIClassInfo@2@A ?Class@Selector@DirectUI@@2PAUIClassInfo@2@A ?Class@SimpleScrollBar@DirectUI@@2PAUIClassInfo@2@A ?Class@SplitButton@DirectUI@@2PAUIClassInfo@2@A ?Class@TabButton@DirectUI@@2PAUIClassInfo@2@A ?Class@TabControl@DirectUI@@2PAUIClassInfo@2@A ?Class@TabPage@DirectUI@@2PAUIClassInfo@2@A ?Class@Thumb@DirectUI@@2PAUIClassInfo@2@A ?Class@Toolbar@DirectUI@@2PAUIClassInfo@2@A ?Class@ToolbarButton@DirectUI@@2PAUIClassInfo@2@A ?Class@ToolbarChevron@DirectUI@@2PAUIClassInfo@2@A ?Class@ToolbarControls@DirectUI@@2PAUIClassInfo@2@A ?Class@ToolbarDropDown@DirectUI@@2PAUIClassInfo@2@A ?Class@ToolbarSeparator@DirectUI@@2PAUIClassInfo@2@A ?Class@Viewer@DirectUI@@2PAUIClassInfo@2@A ?Class@VirtualListView@@2PAUIClassInfo@DirectUI@@A ?Class@WLEditT@@2PAUIClassInfo@DirectUI@@A ?ClassProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?Clear@CPerfMonitor@@QAEXXZ ?Clear@ElementRecycler@@QAEXXZ ?Clear@ItemRange@@QAEXXZ ?ClearSelection@VirtualListView@@QAEXXZ ?Click@Button@DirectUI@@2PAEA ?ClickItemAt@VirtualListView@@QAEJJI@Z ?Clicked@MenuItem@DirectUI@@2PAEA ?Clicked@MenuItemSubMenu@DirectUI@@2PAEA ?ClientToHostWindow@CWebBrowserElement@@2PAEA ?ClientToScreen@WLEditT@@UAEJPAUtagPOINT@@@Z ?ClipperIdProp@CExpando@@2PAUPropertyInfo@DirectUI@@A ?Clone@DuiAccessible@DirectUI@@UAGJPAPAUIEnumVARIANT@@@Z ?Close@CPerfMonitor@@QAEXXZ ?Close@PopupMenu@DirectUI@@2PAEA ?ClosePopups@PopupMenu@DirectUI@@QAEJXZ ?CloseSubMenu@MenuItemSubMenu@DirectUI@@UAEJXZ ?CloseSubMenus@PopupMenu@DirectUI@@QAEJPAVElement@2@@Z ?CloseWindowProp@Button@DirectUI@@2PAUPropertyInfo@2@A ?CmdContextProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?CmdGroupProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?CmdIDProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?CmdIdProp@CmdButton@@2PAUPropertyInfo@DirectUI@@A ?CmdValueProp@Button@DirectUI@@2PAUPropertyInfo@2@A ?ColorFromEnumI@DirectUI@@YGKH@Z ?ColorizeBitmap@DirectUI@@YG_NPAUHBITMAP__@@PAPAU2@KG@Z ?ColorizeProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ColorizeRGB@DirectUI@@YGKKKG@Z ?Combine@ItemRange@@QAEXABV1@@Z ?CommandStateChange@CWebBrowserElement@@2PAEA ?ComponentProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ContentAlignProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ContentIndexProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?ContentProp@Element@DirectUI@@2PAUPropertyInfo@2@A ?Context@Button@DirectUI@@2PAEA ?ContextMenuResIDProp@Button@DirectUI@@2PAUPropertyInfo@2@A ?ContextMenuResIDProp@Label@DirectUI@@2PAUPropertyInfo@2@A ?ContextSensitiveHelp@DocObjHost@DirectUI@@UAGJH@Z ?ContextSensitiveHelp@DuiAccessible@DirectUI@@UAGJH@Z ?ConvertElement@Parser@DirectUI@@UAEPAUIClassInfo@2@PB_W@Z ?ConvertEnum@Parser@DirectUI@@UAE_NPB_WPAHPAUPropertyInfo@2@@Z ?ConvertLayout@Parser@DirectUI@@UAEP6GJHPAHPAPAVValue@2@@ZPB_W@Z ?ConvertSystemMetricInteger@CRMSystemMetricInteger@@SGHPB_WIH@Z ?ConvertSystemMetricString@CRMSystemMetricString@@SGIPA_WI@Z ?CopyContext@PopupWindow@DirectUI@@UAEJPAVElement@2@0@Z ?Count@CPerfMonitor@@QAEHH@Z ?Create@Animator@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Binding@DirectUI@@SGJHPAPA_WHPAVValue@2@PAPAV12@@Z ?Create@Binding@DirectUI@@SGJHPAPA_WPAVValue@2@PAPAV12@@Z ?Create@BorderLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z ?Create@BorderLayout@DirectUI@@SGJPAPAVLayout@2@@Z ?Create@BorderSplitter@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Button@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@Button@DirectUI@@SGJPAPAVElement@2@@Z ?Create@ButtonAccessible@DirectUI@@SGJPAVElement@2@PAPAVDuiAccessible@2@@Z ?Create@ButtonArrow@DirectUI@@SGJPAPAVElement@2@@Z ?Create@ButtonDropDown@DirectUI@@SGJPAPAVElement@2@@Z ?Create@ButtonIcon@DirectUI@@SGJPAPAVElement@2@@Z ?Create@ButtonList@DirectUI@@SGJPAPAVElement@2@@Z ?Create@ButtonText@DirectUI@@SGJPAPAVElement@2@@Z ?Create@CExpando@@SGJPAPAVElement@DirectUI@@@Z ?Create@CExpandoH@@SGJPAPAVElement@DirectUI@@@Z ?Create@CWebBrowserElement@@SGJIIPAPAVElement@DirectUI@@@Z ?Create@CWebBrowserElement@@SGJPAPAVElement@DirectUI@@@Z ?Create@CWebBrowserHost@@SGJPAUHWND__@@PAUIWebBrowserEvents2@@PAPAV1@@Z ?Create@Checkbox@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@Checkbox@DirectUI@@SGJPAPAVElement@2@@Z ?Create@CheckboxGroup@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Clipper@@SGJPAPAVElement@DirectUI@@@Z ?Create@ClipperH@@SGJPAPAVElement@DirectUI@@@Z ?Create@CmdButton@@SGJPAPAVElement@DirectUI@@@Z ?Create@Combobox@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@Combobox@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Constrainer@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@Constrainer@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Dialog@DirectUI@@SGJPAPAVElement@2@@Z ?Create@DialogHWNDHost@DirectUI@@SGJPAPAV12@@Z ?Create@DialogHost@@SGJIPAPAVElement@DirectUI@@@Z ?Create@DialogHost@@SGJPAPAVElement@DirectUI@@@Z ?Create@DocObjHWNDHost@DirectUI@@SGJIIPAPAVElement@2@@Z ?Create@DocObjHWNDHost@DirectUI@@SGJPAPAVElement@2@@Z ?Create@DocObjHost@DirectUI@@SGJPA_WPAUHWND__@@PAPAV12@@Z ?Create@DropDownButton@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@DropDownButton@DirectUI@@SGJPAPAVElement@2@@Z ?Create@DuiAccessible@DirectUI@@SGJPAVElement@2@PAPAV12@@Z ?Create@Edit@DirectUI@@SGJIPAPAVElement@2@@Z ?Create@Edit@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Element@DirectUI@@SGJIPAPAV12@@Z ?Create@FillLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z ?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z ?Create@FlowLayout@DirectUI@@SGJHIIIPAPAVLayout@2@@Z ?Create@FlowLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z ?Create@FontCache@DirectUI@@SGJIPAPAV12@@Z ?Create@GridLayout@DirectUI@@SGJHHPAPAVLayout@2@@Z ?Create@GridLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z ?Create@HTMLHost@DirectUI@@SGJIIPAPAVElement@2@@Z ?Create@HTMLHost@DirectUI@@SGJPAPAVElement@2@@Z ?Create@HWNDContainer@@SGJPAPAVElement@DirectUI@@@Z ?Create@HWNDContainer@@SGJPAVNativeHWNDHost@DirectUI@@PAUIDropTarget@@PAPAVElement@3@@Z ?Create@HWNDElement@DirectUI@@SGJPAPAVElement@2@@Z ?Create@HWNDElement@DirectUI@@SGJPAUHWND__@@_NI1PAPAVElement@2@@Z ?Create@HWNDElementAccessible@DirectUI@@SGJPAVHWNDElement@2@PAPAVDuiAccessible@2@@Z ?Create@HWNDHost@DirectUI@@SGJIIPAPAVElement@2@@Z ?Create@HWNDHost@DirectUI@@SGJPAPAVElement@2@@Z ?Create@HWNDHostAccessible@DirectUI@@SGJPAVHWNDHost@2@PAPAVDuiAccessible@2@@Z ?Create@Hyperlink@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Label@DirectUI@@SGJPAPAVElement@2@@Z ?Create@Layout@DirectUI@@SGJPAPAV12@@Z ?Create@MenuButton@DirectUI@@SGJPAPAVElement@2@@Z ?Create@MenuItem2@DirectUI@@SGJPAPAVElement@2@@Z ?Create@MenuItem@DirectUI@@SGJPAPAVElement@2@@Z ?Create@MenuItemSeparator@DirectUI@@SGJPAPAVElement@2@@Z ?Create@MenuItemSubMenu@DirectUI@@SGJPAPAVElement@2@@Z ?Create@MenuItemSubMenuAccessible@DirectUI@@SGJPAVElement@2@PAPAVDuiAccessible@2@@Z ?Create@MenuItemText@DirectUI@@SGJPAPAVElement@2@@Z ?Create@NineGridLayout@DirectUI@@SGJHPAHPAPAVValue@2@@Z ?Create@NineGridLayout@DirectUI@@SGJPAPAVLayout@2@@Z • EXPORT FUNCTIONS > 400 |
File Access: |
IMM32.dll gdiplus.dll UxTheme.dll OLEACC.dll MSIMG32.dll COMCTL32.dll WININET.dll urlmon.dll SHLWAPI.dll OLEAUT32.dll ole32.dll GDI32.dll ADVAPI32.dll USER32.dll KERNEL32.dll MSVCR80.dll VERSION.dll RichEd20.dll MSNCore.dll Temp |
File Access (UNICODE): |
MSNCore.dll |
Interest's Words: |
lockbit ToolBar PassWord exec attrib start shutdown perfmon ping expand replace setx |
Interest's Words (UNICODE): |
ToolBar PassWord start pause expand |
Strings/Hex Code Found With The File Rules: |
• Rule Text (Unicode): WinAPI Sockets (bind) • Rule Text (Ascii): WinAPI Sockets (connect) • Rule Text (Ascii): Registry (RegOpenKeyEx) • Rule Text (Ascii): File (GetTempPath) • Rule Text (Ascii): File (CopyFile) • Rule Text (Ascii): File (CreateFile) • Rule Text (Ascii): File (WriteFile) • Rule Text (Ascii): File (ReadFile) • Rule Text (Ascii): Encryption API (CryptAcquireContext) • Rule Text (Ascii): Encryption API (CryptReleaseContext) • Rule Text (Ascii): Anti-Analysis VM (IsDebuggerPresent) • Rule Text (Ascii): Anti-Analysis VM (GetVersion) • Rule Text (Ascii): Stealth (VirtualAlloc) • Rule Text (Ascii): Keyboard Key (Scroll) • Rule Text (Unicode): Keyboard Key (Scroll) • Rule Text (Unicode): Keyboard Key (PageDown) • Rule Text (Unicode): Keyboard Key (PageUp) • Rule Text (Ascii): Software that records user activity (Logger) • Rule Text (Ascii): Unauthorized movement of funds or data (Transfer) • Rule Text (Unicode): Technique used to insert malicious code into legitimate processes (Inject) |
Resources: |
Path | DataRVA | Size | FileOffset | Code | Text |
---|---|---|---|---|---|
\TEXTINCLUDE\1\1033 | ED100 | 16 | EAB00 | 23696E636C756465202277696E7265732E68220D0A00 | include "winres.h"... |
\VERSION\1\1033 | ED118 | 35C | EAB18 | 5C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000500 | \.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
\24\2\1033 | ED474 | 152 | EAE74 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
Intelligent String: |
• LogInterpolation • .tlb • ddraw.dll • USER32.dll • ADVAPI32.dll • msncore.pdb • symbol.ics • canella.dwg |
Extra 4n4lysis: |
Metric | Value | Percentage |
---|---|---|
Ascii Code | 566576 | 56,3439% |
Null Byte Code | 196834 | 19,5744% |
NOP Cave Found | 0x9090909090 | Block Count: 44 | Total: 0,0109% |
© 2025 All rights reserved.