Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Completed Time Severity File Name MD5 File Size Source IP
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 196.44.108.181
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 139.193.73.131
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 191.253.81.10
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 125.212.128.254
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 122.163.71.252
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 171.232.36.51
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 14.230.154.196
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 113.162.238.48
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 37.156.131.88
- 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 62.82.138.210
- 2017-10-04 06:28 High DOC503.js 469D5F99901084CCFBA022064F68D594 13638 41.164.30.202
- 2017-10-04 06:16 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 128.65.254.64
- 2017-10-04 06:17 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 122.164.123.169
- 2017-10-04 06:22 Very High DOC345.js 8E8C7746121B291280370FB4E0E60E01 13895 42.118.197.235
- 2017-10-04 06:22 Very High DOC345.js 8E8C7746121B291280370FB4E0E60E01 13895 27.69.138.227
- 2017-10-04 06:25 Very High DOC264.js 07113A5D0B1461B0A3E98E7984ACA958 13640 116.103.94.248
- 2017-10-04 06:17 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 61.2.37.129
- 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 109.49.54.115
- 2017-10-03 22:30 Very High DOC827.js 91F23B31E9DA6ADDAE8756C5C141FB9B 14120 190.157.164.94
- 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 5.250.5.227
- 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 115.248.107.33
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 41.228.14.215
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 113.161.212.224
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 62.150.168.194
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 189.211.213.221
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 189.193.41.117
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 139.228.206.54
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 167.63.70.243
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 14.234.90.89
- 2017-10-03 23:39 Very High DOC954.js 548F6C5D41C0CB8E7D62A733A88697F5 15104 197.2.79.25
- 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 113.163.187.102
- 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 42.117.70.62
- 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 116.100.40.88
- 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 167.58.201.86
- 2017-10-04 04:07 Very High DOC948.js C584FE8B114DACCF4AFCFF8A2C554B76 13632 113.165.244.219
- 2017-10-04 05:08 Very High PDF204.js 52CCF65163B4298BDA9C9FAA01AA0B2C 14120 182.16.158.18
- 2017-10-04 04:07 Very High DOC948.js C584FE8B114DACCF4AFCFF8A2C554B76 13632 177.232.19.136
- 2017-10-04 04:04 Very High PDF912.js 8F93EBB8495C9227800D8E7EB5949A4C 14869 171.232.166.104
- 2017-10-04 04:05 Very High DOC548.js F5DC6364CDD81CC241EB44F62E576C2F 13656 36.66.39.154
- 2017-10-04 05:10 Very High DOC888.js 79A348807FEB4CFD75C1BF346E4F5528 13907 2.185.178.142
- 2017-10-04 05:10 Very High DOC888.js 79A348807FEB4CFD75C1BF346E4F5528 13907 177.228.71.139
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 201.67.51.117
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 106.219.118.66
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 5.202.84.86
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 78.130.212.76
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 190.204.181.120
- 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 187.3.70.81
- ********************************************************************
- FileAlyzer © 2003-2011 Safer-Networking Ltd. All Rights Reserved.
- ********************************************************************
- File: C:\Users\x\Desktop\ppdf\UDqQmLVi2.exe
- Date: 04-10-2017 09:06:12
- &OpenSBI
- ========================================
- Advanced file parameters
- ----------------------------------------
- &General
- ----------------------------------------
- filename: UDqQmLVi2.exe
- filepath: C:\Users\x\Desktop\ppdf\
- filesize: 588800
- timestamp[file]: 2017-10-04 07:39:34
- timestampraw[file]: 4B443CF1
- age[file]: 0
- attribs: A+D-H-L-R-S-
- attribs: A+
- attribs: D-H-L-R-S-
- filetype: PE
- crc32: B9E39A64
- md5: B75BD60DC3686FE62EB4A4A8372BE966
- sha1: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
- crc32[file]: B9E39A64
- md5[file]: B75BD60DC3686FE62EB4A4A8372BE966
- sha1[file]: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
- MZ Header
- ----------------------------------------
- lastpagesize[mzheader]: 144
- totalpagecount[mzheader]: 3
- relocationitems[mzheader]: 0
- paragraphs[mzheader]: 4
- mininumextraparagraphs[mzdosheader]: 0
- maximumextraparagraphs[mzdosheader]: 65535
- initialstacksegment[mzdosheader]: 0000
- initialstackpointer[mzdosheader]: 00B8
- initialinstructionpointer[mzdosheader]: 0000
- initialcodesegment[mzdosheader]: 0000
- relocationtableoffset[mzdosheader]: 0040
- overlaynumber[mzdosheader]: 0
- peheaderpointer[mzdosheader]: 00000080
- PE Header
- ----------------------------------------
- machine[peheader]: 014C
- sectioncount[peheader]: 4
- symboltablepointer[peheader]: 00000000
- symbolcount[peheader]: 0
- optionalheadersize[peheader]: 224
- characteristics[peheader]: 0313
- timestamp[peheader]: 2016-07-15 19:02:29
- timestampraw[peheader]: 57893345
- entrypoint[peheader]: 00002AFE
- codesize[peheader]: 42496
- initializeddatasize[peheader]: 545280
- uninitializeddatasize[peheader]: 0
- codebase[peheader]: 00001000
- database[peheader]: 0000C000
- checksum[peheader]: 0009BB22
- linkerversion[peheader]: 12.0
- imagebase[peheader]: 00400000
- sectionalignment[peheader]: 00001000
- filealignment[peheader]: 00000200
- osversion[peheader]: 5.1
- imageversion[peheader]: 0.0
- subsystemversion[peheader]: 5.1
- win32version[peheader]: 00000000
- imagesize[peheader]: 602112
- headerssize[peheader]: 1024
- subsystem[peheader]: 0002
- dllcharacteristics[peheader]: 8100
- stackreservesize[peheader]: 1048576
- stackcommitsize[peheader]: 4096
- heapreservesize[peheader]: 1048576
- heapcommitsize[peheader]: 4096
- loaderflags[peheader]: 00000000
- rvaandsizescount[peheader]: 16
- boundimportdiraddress[peheader]: 00000000
- boundimportdirsize[peheader]: 0
- comdescriptordiraddress[peheader]: 00000000
- comdescriptordirsize[peheader]: 0
- coprightdiraddress[peheader]: 00000000
- coprightdirsize[peheader]: 0
- debugdiraddress[peheader]: 00000000
- debugdirsize[peheader]: 0
- delayimportdiraddress[peheader]: 00000000
- delayimportdirsize[peheader]: 0
- exceptiondiraddress[peheader]: 00000000
- exceptiondirsize[peheader]: 0
- exportdiraddress[peheader]: 00000000
- exportdirsize[peheader]: 0
- globalptrdiraddress[peheader]: 00000000
- globalptrdirsize[peheader]: 0
- iatdiraddress[peheader]: 0000B3DC
- iatdirsize[peheader]: 168
- importdiraddress[peheader]: 0000C038
- importdirsize[peheader]: 120
- loadconfigdiraddress[peheader]: 00000000
- loadconfigdirsize[peheader]: 0
- relocationdiraddress[peheader]: 00090018
- relocationdirsize[peheader]: 4452
- resourcediraddress[peheader]: 00092000
- resourcedirsize[peheader]: 3120
- securitydiraddress[peheader]: 00000000
- securitydirsize[peheader]: 0
- tlsdiraddress[peheader]: 00000000
- tlsdirsize[peheader]: 0
- PE Sections
- ----------------------------------------
- size[section]: .text-42496
- size[sectionindex]: 0-42496
- md5[section]: .text-069556B5B990003155495C1A5CAAEB8D
- md5[sectionindex]: 0-069556B5B990003155495C1A5CAAEB8D
- physicaladdress[section]: .text-00000400
- physicalsize[section]: .text-0000A600
- virtualaddress[section]: .text-00001000
- virtualsize[section]: .text-0000A484
- characteristics[section]: .text-60000020
- physicaladdress[sectionindex]: 0-00000400
- physicalsize[sectionindex]: 0-0000A600
- virtualaddress[sectionindex]: 0-00001000
- virtualsize[sectionindex]: 0-0000A484
- characteristics[sectionindex]: 0-60000020
- size[section]: .rdata-4608
- size[sectionindex]: 1-4608
- md5[section]: .rdata-7A8F7FA4988FFE8028B3726676C4084E
- md5[sectionindex]: 1-7A8F7FA4988FFE8028B3726676C4084E
- physicaladdress[section]: .rdata-0000AA00
- physicalsize[section]: .rdata-00001200
- virtualaddress[section]: .rdata-0000C000
- virtualsize[section]: .rdata-00001016
- characteristics[section]: .rdata-40000040
- physicaladdress[sectionindex]: 1-0000AA00
- physicalsize[sectionindex]: 1-00001200
- virtualaddress[sectionindex]: 1-0000C000
- virtualsize[sectionindex]: 1-00001016
- characteristics[sectionindex]: 1-40000040
- size[section]: .data-537088
- size[sectionindex]: 2-537088
- md5[section]: .data-34A9A327DE2337F8CE5F91B435543016
- md5[sectionindex]: 2-34A9A327DE2337F8CE5F91B435543016
- physicaladdress[section]: .data-0000BC00
- physicalsize[section]: .data-00083200
- virtualaddress[section]: .data-0000E000
- virtualsize[section]: .data-0008317C
- characteristics[section]: .data-C0000040
- physicaladdress[sectionindex]: 2-0000BC00
- physicalsize[sectionindex]: 2-00083200
- virtualaddress[sectionindex]: 2-0000E000
- virtualsize[sectionindex]: 2-0008317C
- characteristics[sectionindex]: 2-C0000040
- size[section]: .rsrc-3584
- size[sectionindex]: 3-3584
- md5[section]: .rsrc-1220B27A184FD8B44DE43104D74FE53A
- md5[sectionindex]: 3-1220B27A184FD8B44DE43104D74FE53A
- physicaladdress[section]: .rsrc-0008EE00
- physicalsize[section]: .rsrc-00000E00
- virtualaddress[section]: .rsrc-00092000
- virtualsize[section]: .rsrc-00000C30
- characteristics[section]: .rsrc-40000040
- physicaladdress[sectionindex]: 3-0008EE00
- physicalsize[sectionindex]: 3-00000E00
- virtualaddress[sectionindex]: 3-00092000
- virtualsize[sectionindex]: 3-00000C30
- characteristics[sectionindex]: 3-40000040
- size[sections]: 587776
- md5[sections]: 53410251E93BDA01E990C8F5D45660E0
- crc32[sections]: 490A823C
- PE Exports
- ----------------------------------------
- md5[exports]: D41D8CD98F00B204E9800998ECF8427E
- Streams
- ========================================
- Invalid
- ----------------------------------------
- Standard
- ----------------------------------------
- : 588800
- Extended Attribute
- ----------------------------------------
- Security
- ----------------------------------------
- : 152
- Alternate
- ----------------------------------------
- Hard link
- ----------------------------------------
- Property
- ----------------------------------------
- Object identifier
- ----------------------------------------
- Reparse points
- ----------------------------------------
- Sparse file
- ----------------------------------------
- Security
- ========================================
- SYSTEM (NT AUTHORITY)
- ----------------------------------------
- ACE Type: ACCESS_ALLOWED_ACE_TYPE
- Rights: FILE_ALL_ACCESS
- Administrators (BUILTIN)
- ----------------------------------------
- ACE Type: ACCESS_ALLOWED_ACE_TYPE
- Rights: FILE_ALL_ACCESS
- x (x-PC)
- ----------------------------------------
- ACE Type: ACCESS_ALLOWED_ACE_TYPE
- Rights: FILE_ALL_ACCESS
- Hashes
- ========================================
- Cyclic redundancy check
- ----------------------------------------
- CRC-32: Cyclic redundancy check, 32 bit: B9E39A64
- Message-Digest algorithm
- ----------------------------------------
- MD5: Message-Digest algorithm 5: B75BD60DC3686FE62EB4A4A8372BE966
- US Secure Hash Algorithm
- ----------------------------------------
- SHA-1: US Secure Hash Algorithm 1: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
- RACE Integrity Primitives Evaluation MD
- ----------------------------------------
- HAVAL
- ----------------------------------------
- Sapphire
- ----------------------------------------
- Other
- ----------------------------------------
- Other
- ----------------------------------------
- MZ Header
- ========================================
- MZ header
- ----------------------------------------
- Signature: 5A4D
- Last Page Size: 0090
- Total Pages In File: 0003
- Relocation Items: 0000
- Paragraphs: 0004
- MZ DOS header
- ----------------------------------------
- Min Extra Paragraphs: 0000
- Max Extra Paragraphs: FFFF
- Initial Stack Segment: 0000
- Initial Stack Pointer: 00B8
- Checksum for Header: 0000
- Initial Instruction Pointer: 0000
- Initial Code Segment: 0000
- Relocation Table Offset: 0040
- Overlay Number: 00000
- Reserved #0: 00000000
- Reserved #1: 00000000
- Reserved #2: 00000000
- Reserved #3: 00000000
- Reserved #4: 00000000
- Reserved #5: 00000000
- Reserved #6: 00000000
- Reserved #7: 00000000
- PE Header Pointer: 00000080
- PE Header
- ========================================
- PE header
- ----------------------------------------
- Signature: 00004550
- Machine: 014C, Intel 386
- Number of sections: 0004
- Time/Date stamp (local): 57893345, 2016-07-15 20:02:29
- Time/Date stamp (UTC): 57893345, 2016-07-15 19:02:29
- Pointer to symbol table: 00000000
- Number of symbols: 00000000
- Size of optional header: 00E0
- Characteristics: 0313, Relocs Stripped, Executable, Aggressive Trim, 32bit Machine Expected, Debug Data Stripped
- PE32 optional header
- ----------------------------------------
- Magic: 010B
- Version of Linker (major): 0C
- Version of Linker (minor): 00
- Size of code: 0000A600
- Size of initialized data: 00085200
- Size of uninitialized data: 00000000
- Address of entry point: 00002AFE
- Base of code: 00001000
- Base of data: 0000C000
- Image base: 00400000
- Section alignment: 00001000
- File alignment: 00000200
- OS version (major): 0005, Windows XP
- OS version (minor): 0001
- Image version (major): 0000
- Image version (minor): 0000
- Sub system version (major): 0005
- Sub system version (minor): 0001
- Win32 version: 00000000
- Size of image: 00093000
- Size of headers: 00000400
- Checksum: 0009BB22, does match file contents
- Sub system: 0002, Windows graphical user interface (GUI) subsystem
- DLL characteristics: 8100, NX compatible
- Size of stack reserve: 00100000
- Size of stack commit: 00001000
- Size of heap reserve: 00100000
- Size of heap commit: 00001000
- Loader flags: 00000000
- Number of RVA: 00000010
- PE32+ optional header
- ----------------------------------------
- PE32/PE32+ optional directories
- ----------------------------------------
- Export Directory Address: 00000000
- Export Directory Size: 00000000
- Import Directory Address: 0000C038
- Import Directory Size: 00000078
- Resource Directory Address: 00092000
- Resource Directory Size: 00000C30
- Exception Directory Address: 00000000
- Exception Directory Size: 00000000
- Security Directory Address: 00000000
- Security Directory Size: 00000000
- Relocation Directory Address: 00090018
- Relocation Directory Size: 00001164
- Debug Directory Address: 00000000
- Debug Directory Size: 00000000
- Coypright Directory Address: 00000000
- Coypright Directory Size: 00000000
- Global Ptr Directory Address: 00000000
- Global Ptr Directory Size: 00000000
- Thread L. S. DirectoryAddress: 00000000
- Thread L. S. Directory Size: 00000000
- Load Config Directory Address: 00000000
- Load Config Directory Size: 00000000
- Bound Import Directory Address: 00000000
- Bound Import Directory Size: 00000000
- IAT Directory Address: 0000B3DC
- IAT Directory Size: 000000A8
- Delay Import Address: 00000000
- Delay Import Size: 00000000
- COM Descriptor Address: 00000000
- COM Descriptor Size: 00000000
- PE32 relocation table
- ----------------------------------------
- PE32 thread local storage table
- ----------------------------------------
- PE32+ thread local storage table
- ----------------------------------------
- PE32 load config table
- ----------------------------------------
- PE32+ load config table
- ----------------------------------------
- PE Sections
- ========================================
- PE sections
- ----------------------------------------
- .text: 0000A484, 00001000, 0000A600, 00000400, 60000020, 99F07409, 069556B5B990003155495C1A5CAAEB8D, * Code, Execute Access, Read Access
- .rdata: 00001016, 0000C000, 00001200, 0000AA00, 40000040, 37CB4F89, 7A8F7FA4988FFE8028B3726676C4084E, Initialized Data, Read Access
- .data: 0008317C, 0000E000, 00083200, 0000BC00, C0000040, 7282F1FF, 34A9A327DE2337F8CE5F91B435543016, Initialized Data, Read Access, Write Access
- .rsrc: 00000C30, 00092000, 00000E00, 0008EE00, 40000040, 46EF0194, 1220B27A184FD8B44DE43104D74FE53A, Initialized Data, Read Access
- PE Imports
- ========================================
- azroles.dll (5)
- ----------------------------------------
- AzCloseHandle: 0000C168, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- AzGetProperty: 0000C198, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- AzGroupCreate: 0000C188, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- AzGroupDelete: 0000C178, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- AzFreeMemory: 0000C158, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- cmpbk32.dll (3)
- ----------------------------------------
- PhoneBookEnumNumbers: 0000C1CE, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
- PhoneBookLoad: 0000C1E6, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
- PhoneBookEnumCountries: 0000C1B4, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
- kernel32.dll (15)
- ----------------------------------------
- SetLastError: 0000C2F2, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetFileAttributesW: 0000C2DC, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- LoadLibraryA: 0000C212, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetModuleFileNameA: 0000C302, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetModuleHandleW: 0000C25E, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetLogicalDriveStringsA: 0000C282, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetProcAddress: 0000C2CA, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- CreateMailslotW: 0000C2B8, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetCommandLineW: 0000C238, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- CreateFileA: 0000C2AA, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- MoveFileExW: 0000C29C, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- MapViewOfFile: 0000C202, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetTickCount: 0000C272, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- WaitForSingleObject: 0000C222, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- CreateJobObjectW: 0000C24A, -, -, -, -, -, -, -, +, +, +, +, +, +, +, +
- shimeng.dll (3)
- ----------------------------------------
- SE_InstallBeforeInit: 0000C3D0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- SE_DllLoaded: 0000C3E8, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- SE_ProcessDying: 0000C3F8, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
- user32.dll (11)
- ----------------------------------------
- LoadCursorA: 0000C384, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- PeekMessageA: 0000C3A6, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- LoadIconA: 0000C334, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- CharToOemW: 0000C3B6, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- LoadStringW: 0000C34C, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetClassLongW: 0000C366, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- LoadMenuW: 0000C340, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- IsDialogMessageA: 0000C392, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- LoadBitmapW: 0000C326, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- InsertMenuW: 0000C376, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- GetPropA: 0000C35A, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
- PE Exports
- ========================================
- Header
- ----------------------------------------
- Exports
- ----------------------------------------
- PE Resources
- ========================================
- EFDU
- ----------------------------------------
- 1: 0000
- GERT
- ----------------------------------------
- 1: 0000
- RT_RCDATA
- ----------------------------------------
- 2: 0000
- 3: 0000
- Archive
- ========================================
- NullSoft Installer Setup
- ----------------------------------------
- Compatibility
- ========================================
- Windows Versions we know about
- ----------------------------------------
- Windows 95 OSR 2/2.1 (Build: 1111) B: 4.0.1111
- Windows NT 4.0 (Build: 1381) Service Pack 1: 4.0.1381
- Windows NT 4.0 (Build: 1381) Service Pack 3: 4.0.1381
- Windows NT 4.0 (Build: 1381) Service Pack 4: 4.0.1381
- Windows NT 4.0 (Build: 1381) Service Pack 6: 4.0.1381
- Windows 98 (Build: 2222) A: 4.10.2222
- Windows ME (Build: 3000): 4.90.3000
- Windows 2000 (Build: 2195) Service Pack 1: 5.0.2195
- Windows 2000 (Build: 2195) Service Pack 2: 5.0.2195
- Windows 2000 (Build: 2195) Service Pack 3: 5.0.2195
- Windows 2000 (Build: 2195) Service Pack 4: 5.0.2195
- Windows XP (Build: 2600) Service Pack 1: 5.1.2600
- Windows XP (Build: 2600) Service Pack 2: 5.1.2600
- Windows 2003/XPx64 (Build: 3790) Service Pack 1: 5.2.3790
- Windows 2003/XPx64 (Build: 3790) Service Pack 2: 5.2.3790
- Groups
- ----------------------------------------
- Unsupported on Windows 95 OSR 2/2.1 (Build: 1111) B
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 1
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 3
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 4
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 6
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows 98 (Build: 2222) A
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows ME (Build: 3000)
- ----------------------------------------
- kernel32.dll:CreateJobObjectW:
- Unsupported on Windows 2000 (Build: 2195) Service Pack 1
- ----------------------------------------
- Unsupported on Windows 2000 (Build: 2195) Service Pack 2
- ----------------------------------------
- Unsupported on Windows 2000 (Build: 2195) Service Pack 3
- ----------------------------------------
- Unsupported on Windows 2000 (Build: 2195) Service Pack 4
- ----------------------------------------
- Unsupported on Windows XP (Build: 2600) Service Pack 1
- ----------------------------------------
- Unsupported on Windows XP (Build: 2600) Service Pack 2
- ----------------------------------------
- Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 1
- ----------------------------------------
- Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 2
- ----------------------------------------
- Functions without information available
- ----------------------------------------
- azroles.dll:AzCloseHandle:
- azroles.dll:AzGetProperty:
- azroles.dll:AzGroupCreate:
- azroles.dll:AzGroupDelete:
- azroles.dll:AzFreeMemory:
- shimeng.dll:SE_InstallBeforeInit:
- shimeng.dll:SE_DllLoaded:
- shimeng.dll:SE_ProcessDying:
- Classification Sources
- ========================================
- Whitelists
- ----------------------------------------
- Blacklists
- ----------------------------------------
- Malware Hash Registry (Team Cymru): n/a, n/a
- Mixed lists
- ----------------------------------------
- VirusTotal
- ========================================
- Meta Information
- ----------------------------------------
- Lookup ID (md5): B75BD60DC3686FE62EB4A4A8372BE966
- Results: none
- Results
- ----------------------------------------
Add Comment
Please, Sign In to add comment