• Home
  • Blog
  • Online Scan
  • Update History
  • dialer.exe Binary Code Analysis - File Md5: 6dd1086d8cba48375393a5327ebece91
    File hash value: 6dd1086d8cba48375393a5327ebece91. This is a 32-bit EXE file, and the file size is 600 K. This page is mainly to analyze the binary code of the file, that is, PE file format. To understand the content here, you need to have a certain computer expertise. The content of this page is mainly provided to people who are engaged in the maintenance of computer security in the industry, in the hope of contributing to the cause of computer security.

    If you are a regular computer user, and do not understand the content, you can click on the following file name, to view the solutions for various problems caused by the file.

    You can also download the repair tool directly to fix your operating system.

    File Binary Code Analysis:

    DOS Stub
    ...
    .text SECTION #1
    .data SECTION #2
     SECTION #3
    .rsrc SECTION #4
    DOS Header
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • e_magic
  • 0x00005A4D
  • DOS Sign
  • WORD
  • e_cblp
  • 0x00000090
  • Bytes on last page of file
  • WORD
  • e_cp
  • 0x00000003
  • Pages in file
  • WORD
  • e_crlc
  • 0x00000000
  • Relocations
  • WORD
  • e_cparhdr
  • 0x00000004
  • Size of header in paragraphs
  • WORD
  • e_minalloc
  • 0x00000000
  • Minimum extra paragraphs needed
  • WORD
  • e_maxalloc
  • 0x0000FFFF
  • Maximum extra paragraphs needed
  • WORD
  • e_ss
  • 0x00000000
  • Initial (relative) SS value
  • WORD
  • e_sp
  • 0x000000B8
  • Initial SP value
  • WORD
  • e_csum
  • 0x00000000
  • Checksum
  • WORD
  • e_ip
  • 0x00000000
  • Initial IP value
  • WORD
  • e_cs
  • 0x00000000
  • Initial (relative) CS value
  • WORD
  • e_lfarlc
  • 0x00000040
  • File address of relocation table
  • WORD
  • e_ovno
  • 0x00000000
  • Overlay number
  • WORD
  • e_res[4]
  • [0]=0x00000000
    [1]=0x00000000
    [2]=0x00000000
    [3]=0x00000000
  • Reserved words
  • WORD
  • e_oemid
  • 0x00000000
  • OEM identifier (for e_oeminfo)
  • WORD
  • e_oeminfo
  • 0x00000000
  • OEM information; e_oemid specific
  • WORD
  • e_res2[10]
  • [1]=0x00000000
    [2]=0x00000000
    [3]=0x00000000
    [4]=0x00000000
    [5]=0x00000000
    [6]=0x00000000
    [7]=0x00000000
    [8]=0x00000000
    [9]=0x00000000
    [10]=0x00000000
  • Reserved words
  • WORD
  • e_lfanew
  • 0x000000F0
  • PE File Header address
  • NT HEADER - NT File Signature
  • Type
  • Name
  • Value
  • Memo
  • DWORD
  • Signature
  • 0x00004550
  • PE File Sign: "PE"
  • NT HEADER - FILE HEADER
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • Machine
  • 0x0000014C
  • File Bit (32Bit Or 64 Bit)
  • WORD
  • NumberOfSections
  • 0x00000004
  • Number Of Sections
  • DWORD
  • TimeDateStamp
  • 0x480257ED
  • File Create Time
  • DWORD
  • PointerToSymbolTable
  • 0x00000000
  • Pointer To Symbol Table
  • DWORD
  • NumberOfSymbols
  • 0x00000000
  • Number Of Symbols
  • WORD
  • SizeOfOptionalHeader
  • 0x000000E0
  • Size Of Optional Header
  • WORD
  • Characteristics
  • 0x0000010F
  • File Type: (EXE or DLL)
  • NT HEADER - OPTIONAL HEADER
  • Type
  • Name
  • Value
  • Memo
  • WORD
  • Magic
  • 0x0000010B
  • Magic
  • BYTE
  • MajorLinkerVersion
  • 0x00000007
  • Major Linker Version
  • BYTE
  • MinorLinkerVersion
  • 0x0000000A
  • Minor Linker Version
  • DWORD
  • SizeOfCode
  • 0x00049400
  • Size Of Code
  • DWORD
  • SizeOfInitializedData
  • 0x0005D400
  • Size Of Initialized Data
  • DWORD
  • SizeOfUninitializedData
  • 0x00000000
  • Size Of Uninitialized Data
  • DWORD
  • AddressOfEntryPoint
  • 0x0002EB71
  • Address Of Entry Point
  • DWORD
  • BaseOfCode
  • 0x00001000
  • Base Of Code
  • DWORD
  • BaseOfData
  • 0x0003B000
  • Base Of Data
  • DWORD
  • ImageBase
  • 0x01000000
  • Image Base
  • DWORD
  • SectionAlignment
  • 0x00001000
  • Section Alignment
  • DWORD
  • FileAlignment
  • 0x00000200
  • File Alignment
  • WORD
  • MajorOperatingSystemVersion
  • 0x00000005
  • Major Operating System Version
  • WORD
  • MinorOperatingSystemVersion
  • 0x00000001
  • Minor Operating System Version
  • WORD
  • MajorImageVersion
  • 0x00000005
  • Major Image Version
  • WORD
  • MinorImageVersion
  • 0x00000001
  • Minor Image Version
  • WORD
  • MajorSubsystemVersion
  • 0x00000004
  • Major Sub system Version
  • WORD
  • MinorSubsystemVersion
  • 0x00000000
  • Minor Sub system Version
  • DWORD
  • Win32VersionValue
  • 0x00000000
  • Win32 Version Value
  • DWORD
  • SizeOfImage
  • 0x00099000
  • Size Of Image
  • DWORD
  • SizeOfHeaders
  • 0x00000400
  • Size Of Headers
  • DWORD
  • CheckSum
  • 0x0009BDBB
  • Check Sum
  • WORD
  • Subsystem
  • 0x00000002
  • Sub system
  • WORD
  • DllCharacteristics
  • 0x00008000
  • Dll Char acteristics
  • DWORD
  • SizeOfStackReserve
  • 0x00100000
  • Size Of Stack Reserve
  • DWORD
  • SizeOfStackCommit
  • 0x00001000
  • Size Of Stack Commit
  • DWORD
  • SizeOfHeapReserve
  • 0x00100000
  • Size Of Heap Reserve
  • DWORD
  • SizeOfHeapCommit
  • 0x00001000
  • Size Of Heap Commit
  • DWORD
  • LoaderFlags
  • 0x00000000
  • Loader Flags
  • DWORD
  • NumberOfRvaAndSizes
  • 0x00000010
  • Number Of Rva And Sizes
  • NT HEADER - OPTIONAL HEADER - Data Directory
  • Type
  • Name
  • Value
  • Memo
  • DWORD
  • DataDirectory[1].VirtualAddress
  • 0x00039D70
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[1].Size
  • 0x00000545
  • Data Directory Size
  • DWORD
  • DataDirectory[2].VirtualAddress
  • 0x00037CAC
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[2].Size
  • 0x00000140
  • Data Directory Size
  • DWORD
  • DataDirectory[3].VirtualAddress
  • 0x0004D000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[3].Size
  • 0x0004B238
  • Data Directory Size
  • DWORD
  • DataDirectory[4].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[4].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[5].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[5].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[6].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[6].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[7].VirtualAddress
  • 0x00001C90
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[7].Size
  • 0x0000001C
  • Data Directory Size
  • DWORD
  • DataDirectory[8].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[8].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[9].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[9].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[10].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[10].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[11].VirtualAddress
  • 0x000088E0
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[11].Size
  • 0x00000040
  • Data Directory Size
  • DWORD
  • DataDirectory[12].VirtualAddress
  • 0x00000288
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[12].Size
  • 0x00000140
  • Data Directory Size
  • DWORD
  • DataDirectory[13].VirtualAddress
  • 0x00001000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[13].Size
  • 0x00000C90
  • Data Directory Size
  • DWORD
  • DataDirectory[14].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[14].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[15].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[15].Size
  • 0x00000000
  • Data Directory Size
  • DWORD
  • DataDirectory[16].VirtualAddress
  • 0x00000000
  • Data Directory Virtual Address
  • DWORD
  • DataDirectory[16].Size
  • 0x00000000
  • Data Directory Size
  • SECTION #1
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .text
  • Section Name
  • DWORD
  • VirtualSize
  • 0x000393F3
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x00001000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00039400
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00000400
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0x60000020
  • Section Characteristics
  • SECTION #2
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .data
  • Section Name
  • DWORD
  • VirtualSize
  • 0x00001FBC
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x0003B000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00001400
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x00039800
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0xC0000040
  • Section Characteristics
  • SECTION #3
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • Section Name
  • DWORD
  • VirtualSize
  • 0x0000FE6A
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x0003D000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x00010000
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x0003AC00
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0xE0000060
  • Section Characteristics
  • SECTION #4
  • Type
  • Name
  • Value
  • Memo
  • BYTE
  • Name
  • .rsrc
  • Section Name
  • DWORD
  • VirtualSize
  • 0x0004B238
  • Section Virtual Size
  • DWORD
  • VirtualAddress
  • 0x0004D000
  • Section Virtual Address
  • DWORD
  • SizeOfRawData
  • 0x0004B400
  • Section Size Of Raw Data
  • DWORD
  • PointerToRawData
  • 0x0004AC00
  • Section Pointer To Raw Data
  • DWORD
  • PointerToRelocations
  • 0x00000000
  • Section Pointer To Relocations
  • DWORD
  • PointerToLinenumbers
  • 0x00000000
  • Section Pointer To Linenumbers
  • WORD
  • NumberOfRelocations
  • 0x00000000
  • Section Number Of Relocations
  • WORD
  • NumberOfLinenumbers
  • 0x00000000
  • Section Number Of Linenumbers
  • DWORD
  • Characteristics
  • 0x40000040
  • Section Characteristics

  • Called external files and functions:
    In general, malicious files will call these types of functions: functions to intercept data, network functions, functions to modify the registry information, access to the browser personal privacy Cookie, and directly bypass the system to read hard disk data (Hint: The files below may be called by malicious files, but these files themselves are not necessarily malicious files. They may be some normal system files)
    Import File - MFC42u.DLL
  • Function Address
    0x00000231
  • Function Address
    0x00000A9D
  • Function Address
    0x000014A5
  • Function Address
    0x00001887
  • Function Address
    0x00001886
  • Function Address
    0x0000101C
  • Function Address
    0x000010B0
  • Function Address
    0x00000AC4
  • Function Address
    0x0000093A
  • Function Address
    0x000006E1
  • Function Address
    0x00001260
  • Function Address
    0x000018E3
  • Function Address
    0x00000EE2
  • Function Address
    0x00000B45
  • Function Address
    0x00000451
  • Function Address
    0x00001833
  • Function Address
    0x00000C0F
  • Function Address
    0x000008F6
  • Function Address
    0x00000269
  • Function Address
    0x000014B1
  • Function Address
    0x000018CE
  • Function Address
    0x000018CC
  • Function Address
    0x000007EC
  • Function Address
    0x000003DA
  • Function Address
    0x00000208
  • Function Address
    0x0000103A
  • Function Address
    0x000017E1
  • Function Address
    0x00000A35
  • Function Address
    0x00001458
  • Function Address
    0x00000128
  • Function Address
    0x000003AC
  • Function Address
    0x000003AE
  • Function Address
    0x0000114A
  • Function Address
    0x00000E25
  • Function Address
    0x00000966
  • Function Address
    0x00000DF0
  • Function Address
    0x00000662
  • Function Address
    0x000011E7
  • Function Address
    0x000011E6
  • Function Address
    0x0000131D
  • Function Address
    0x0000110C
  • Function Address
    0x00001316
  • Function Address
    0x000010EF
  • Function Address
    0x000010F7
  • Function Address
    0x00001314
  • Function Address
    0x000011AD
  • Function Address
    0x000011BB
  • Function Address
    0x000011B9
  • Function Address
    0x000011A8
  • Function Address
    0x000011AB
  • Function Address
    0x000011A6
  • Function Address
    0x0000135E
  • Function Address
    0x0000135B
  • Function Address
    0x00001007
  • Function Address
    0x00001474
  • Function Address
    0x00000E9F
  • Function Address
    0x000006B7
  • Function Address
    0x00001488
  • Function Address
    0x000004F0
  • Function Address
    0x0000126D
  • Function Address
    0x00000730
  • Function Address
    0x0000108E
  • Function Address
    0x00001933
  • Function Address
    0x00000B27
  • Function Address
    0x00000A0E
  • Function Address
    0x0000112C
  • Function Address
    0x00000D25
  • Function Address
    0x00000E33
  • Function Address
    0x000002B5
  • Function Address
    0x00000B29
  • Function Address
    0x000002AE
  • Function Address
    0x00000180
  • Function Address
    0x00001818
  • Function Address
    0x000016EF
  • Function Address
    0x00001699
  • Function Address
    0x000002F3
  • Function Address
    0x00000B96
  • Function Address
    0x000001D6
  • Function Address
    0x00000CD8
  • Function Address
    0x00000829
  • Function Address
    0x00000960
  • Function Address
    0x000015F3
  • Function Address
    0x00000CE1
  • Function Address
    0x0000011B
  • Function Address
    0x00000B26
  • Function Address
    0x0000078D
  • Function Address
    0x0000032A
  • Function Address
    0x000010AA
  • Function Address
    0x00000D41
  • Function Address
    0x00000E90
  • Function Address
    0x00000C0C
  • Function Address
    0x00000AC3
  • Function Address
    0x00001077
  • Function Address
    0x00000A10
  • Function Address
    0x00000E41
  • Function Address
    0x0000097E
  • Function Address
    0x00000B2A
  • Function Address
    0x00000665
  • Function Address
    0x000015F0
  • Function Address
    0x00000F97
  • Function Address
    0x0000187A
  • Function Address
    0x0000082C
  • Function Address
    0x000003E5
  • Function Address
    0x000019A7
  • Function Address
    0x00000393
  • Function Address
    0x00000747
  • Function Address
    0x0000105A
  • Function Address
    0x000015D8
  • Function Address
    0x00000190
  • Function Address
    0x000002BE
  • Function Address
    0x000015FE
  • Function Address
    0x00000710
  • Function Address
    0x0000031B
  • Function Address
    0x000003BC
  • Function Address
    0x00000E1E
  • Function Address
    0x00000C3D
  • Function Address
    0x00000D45
  • Function Address
    0x00000E84
  • Function Address
    0x00000305
  • Function Address
    0x000001F5
  • Function Address
    0x00000146
  • Function Address
    0x00000A03
  • Function Address
    0x0000043B
  • Function Address
    0x000015DC
  • Function Address
    0x00001697
  • Function Address
    0x000016ED
  • Function Address
    0x00000DEA
  • Function Address
    0x0000025A
  • Function Address
    0x00000A4A
  • Function Address
    0x00000217
  • Function Address
    0x00000703
  • Function Address
    0x00001081
  • Function Address
    0x00001806
  • Function Address
    0x000009DA
  • Function Address
    0x00001106
  • Function Address
    0x00000FD3
  • Function Address
    0x0000155B
  • Function Address
    0x00001014
  • Function Address
    0x0000094D
  • Function Address
    0x0000146E
  • Function Address
    0x000018DD
  • Function Address
    0x0000149B
  • Function Address
    0x0000147C
  • Function Address
    0x00000984
  • Function Address
    0x0000012A
  • Function Address
    0x0000026C
  • Function Address
    0x00001160
  • Function Address
    0x000018BB
  • Function Address
    0x0000078A
  • Function Address
    0x000010A7
  • Function Address
    0x00000CDA
  • Function Address
    0x00001108
  • Function Address
    0x000006A7
  • Function Address
    0x00000A37
  • Function Address
    0x000013C2
  • Function Address
    0x0000022A
  • Function Address
    0x00000327
  • Function Address
    0x000012C0
  • Function Address
    0x000017AC
  • Function Address
    0x00000DA2
  • Function Address
    0x000017D9
  • Function Address
    0x00000123
  • Function Address
    0x00001925
  • Function Address
    0x000016F8
  • Function Address
    0x00000B64
  • Function Address
    0x000009EA
  • Function Address
    0x000008F5
  • Function Address
    0x00000DFB
  • Function Address
    0x0000021F
  • Function Address
    0x00000323
  • Function Address
    0x00000322
  • Function Address
    0x0000021E
  • Function Address
    0x00000DBD
  • Function Address
    0x000006E4
  • Function Address
    0x000018DA
  • Function Address
    0x00000965
  • Function Address
    0x000007E0
  • Function Address
    0x00001076
  • Function Address
    0x00000A0D
  • Function Address
    0x0000112B
  • Function Address
    0x00000E32
  • Function Address
    0x000002B4
  • Function Address
    0x00000A4D
  • Function Address
    0x00000CD1
  • Function Address
    0x00001AF0
  • Function Address
    0x00000DEE
  • Function Address
    0x00000E67
  • Function Address
    0x000001CB
  • Function Address
    0x00001695
  • Function Address
    0x00000280
  • Function Address
    0x00001809
  • Function Address
    0x00000143
  • Function Address
    0x00000330
  • Function Address
    0x00000232
  • Function Address
    0x0000169B
  • Function Address
    0x000015F1
  • Function Address
    0x000018BA
  • Function Address
    0x00000A2E
  • Function Address
    0x0000043D
  • Function Address
    0x00000219
  • Function Address
    0x000010B1
  • Function Address
    0x000017ED
  • Function Address
    0x00000FEE
  • Function Address
    0x0000036F
  • Function Address
    0x00000372
  • Function Address
    0x00000261
  • Function Address
    0x00000290
  • Function Address
    0x00000A07
  • Function Address
    0x00001126
  • Function Address
    0x00000DF1
  • Function Address
    0x00000E15
  • Function Address
    0x00000ED6
  • Function Address
    0x0000115A
  • Function Address
    0x00001239
  • Function Address
    0x0000123E
  • Function Address
    0x000011E8
  • Function Address
    0x0000072A
  • Function Address
    0x0000108D
  • Function Address
    0x00000D04
  • Function Address
    0x0000183D
  • Function Address
    0x00000F19
  • Function Address
    0x00001480
  • Function Address
    0x00000EDE
  • Function Address
    0x000013A0
  • Function Address
    0x0000118D
  • Function Address
    0x00000A9B
  • Function Address
    0x0000094E
  • Function Address
    0x00000BEE
  • Function Address
    0x000013E6
  • Function Address
    0x000013E9
  • Function Address
    0x0000116D
  • Function Address
    0x000010CA
  • Function Address
    0x00000D11
  • Function Address
    0x0000138E
  • Function Address
    0x0000155C
  • Function Address
    0x00000D46
  • Function Address
    0x00000B3A
  • Function Address
    0x00000B39
  • Function Address
    0x00001032
  • Function Address
    0x00000FE8
  • Function Address
    0x00001471
  • Function Address
    0x0000149E
  • Function Address
    0x00000A51
  • Function Address
    0x0000067A
  • Function Address
    0x0000114E
  • Function Address
    0x00001145
  • Function Address
    0x0000031C
  • Function Address
    0x000002A2
  • Function Address
    0x00000211
  • Function Address
    0x0000016E
  • Function Address
    0x00001137
  • Function Address
    0x0000176C
  • Function Address
    0x0000083D
  • Function Address
    0x000018B5
  • Function Address
    0x00001163
  • Function Address
    0x00000795
  • Function Address
    0x00000495
  • Function Address
    0x000016A9
  • Function Address
    0x00000265
  • Function Address
    0x00000121
  • Function Address
    0x00001250
  • Function Address
    0x000003E6
  • Function Address
    0x00001606
  • Function Address
    0x00000F1B
  • Function Address
    0x0000092E
  • Function Address
    0x00000F99
  • Function Address
    0x00000791
  • Function Address
    0x000010AC
  • Function Address
    0x000013CE
  • Function Address
    0x00000230
  • Function Address
    0x0000032D
  • Function Address
    0x00000BB8
  • Function Address
    0x0000103E
  • Function Address
    0x000016F9
  • Function Address
    0x000017FE
  • Function Address
    0x000010B7
  • Function Address
    0x00000840
  • Function Address
    0x000006FF
  • Function Address
    0x00000D14
  • Function Address
    0x00000266
  • Function Address
    0x000004A7
  • Function Address
    0x00000122
  • Function Address
    0x00000E68
  • Function Address
    0x00001020
  • Function Address
    0x000010C4
  • Function Address
    0x00001698
  • Function Address
    0x000003AD
  • Function Address
    0x00000ABA
  • Function Address
    0x00000DA6
  • Function Address
    0x000009CB
  • Function Address
    0x00000163
  • Function Address
    0x00000DBC
  • Function Address
    0x0000028C
  • Function Address
    0x000002CB
  • Function Address
    0x00001144
  • Function Address
    0x00001209
  • Function Address
    0x0000181B
  • Function Address
    0x000017BC
  • Function Address
    0x00000C79
  • Function Address
    0x00000D79
  • Function Address
    0x0000111D
  • Function Address
    0x00000E95
  • Function Address
    0x00001208
  • Function Address
    0x0000164E
  • Function Address
    0x000014B7
  • Function Address
    0x00000FEA
  • Function Address
    0x000014B2
  • Function Address
    0x000014B0
  • Function Address
    0x00000D0D
  • Function Address
    0x00000954
  • Function Address
    0x00001449
  • Function Address
    0x00000441
  • Function Address
    0x00000F4D
  • Function Address
    0x00000957
  • Function Address
    0x000012F4
  • Function Address
    0x00000621
  • Function Address
    0x00001353
  • Function Address
    0x00001611
  • Function Address
    0x00000C5F
  • Function Address
    0x000015C5
  • Function Address
    0x000006CB
  • Function Address
    0x00001668
  • Function Address
    0x00001477
  • Function Address
    0x000009E6
  • Function Address
    0x000009C6
  • Function Address
    0x000018BC
  • Function Address
    0x00000BF4
  • Function Address
    0x00000BED
  • Function Address
    0x00001252
  • Function Address
    0x000004B3
  • Function Address
    0x0000172A
  • Function Address
    0x0000081E
  • Function Address
    0x00000B5E
  • Function Address
    0x000015C0
  • Function Address
    0x00000478
  • Function Address
    0x00000162
  • Function Address
    0x00000494
  • Function Address
    0x0000021A
  • Function Address
    0x0000039D
  • Function Address
    0x0000039A
  • Function Address
    0x0000145A
  • Function Address
    0x0000048D
  • Function Address
    0x000018FC
  • Function Address
    0x00000AAC
  • Function Address
    0x00000AE9
  • Function Address
    0x0000063A
  • Function Address
    0x000004AC
  • Function Address
    0x000015D9
  • Function Address
    0x000012D1
  • Function Address
    0x00000281
  • Function Address
    0x00000F9E
  • Function Address
    0x000009AE
  • Function Address
    0x00001089
  • Function Address
    0x00000719
  • Function Address
    0x000016DC
  • Function Address
    0x00000AD8
  • Function Address
    0x0000035A
  • Function Address
    0x00000E4A
  • Function Address
    0x00000439
  • Function Address
    0x00000CDB
  • Function Address
    0x0000021C
  • Function Address
    0x0000103B
  • Function Address
    0x00000320
  • Function Address
    0x00000F45
  • Function Address
    0x00000CD2
  • Function Address
    0x00000B2B
  • Function Address
    0x00000337
  • Function Address
    0x00000339
  • Function Address
    0x00000843
  • Function Address
    0x00001142
  • Function Address
    0x0000120D
  • Function Address
    0x00000FEB
  • Function Address
    0x00000C02
  • Function Address
    0x00000EEC
  • Function Address
    0x00000EF2
  • Function Address
    0x00000EF1
  • Function Address
    0x00000B9B
  • Function Address
    0x00000C04
  • Function Address
    0x00000BA4
  • Function Address
    0x00000CB9
  • Function Address
    0x00000C3B
  • Function Address
    0x0000116B
  • Function Address
    0x00000CB6
  • Function Address
    0x00000C46
  • Function Address
    0x00000BA1
  • Function Address
    0x0000165F
  • Function Address
    0x000009C8
  • Function Address
    0x000009F2
  • Function Address
    0x00001180
  • Function Address
    0x00000477
  • Function Address
    0x00000943
  • Function Address
    0x000010C6
  • Function Address
    0x000010AE
  • Function Address
    0x00000332
  • Function Address
    0x00000237
  • Function Address
    0x00000E99
  • Function Address
    0x00001254
  • Function Address
    0x000012EF
  • Function Address
    0x00001085
  • Function Address
    0x00000144
  • Function Address
    0x00000E08
  • Function Address
    0x00001143
  • Function Address
    0x0000149C
  • Function Address
    0x000006E7
  • Function Address
    0x000017A0
  • Function Address
    0x000009CA
  • Function Address
    0x00001380
  • Function Address
    0x00001112
  • Function Address
    0x0000148D
  • Function Address
    0x00000C77
  • Function Address
    0x00000D72
  • Function Address
    0x0000032F
  • Function Address
    0x000002E7
  • Function Address
    0x000010AD
  • Function Address
    0x000011FC
  • Function Address
    0x000011FE
  • Function Address
    0x00000CF1
  • Function Address
    0x00000366
  • Function Address
    0x000003E4
  • Function Address
    0x00000EDD
  • Function Address
    0x00000397
  • Function Address
    0x000003A9
  • Function Address
    0x000003A7
  • Function Address
    0x00001759
  • Function Address
    0x00000B3F
  • Function Address
    0x000015E1
  • Function Address
    0x00000111
  • Function Address
    0x000007A9
  • Function Address
    0x0000025B
  • Function Address
    0x0000113E
  • Function Address
    0x00000F1F
  • Function Address
    0x000019A5
  • Function Address
    0x000018E8
  • Function Address
    0x000018E6
  • Function Address
    0x00001831
  • Function Address
    0x000018E7
  • Function Address
    0x00000ED0
  • Function Address
    0x00001843
  • Function Address
    0x0000143C
  • Function Address
    0x000018ED
  • Function Address
    0x00000AF6
  • Function Address
    0x00000AFA
  • Function Address
    0x000007B3
  • Function Address
    0x00000299
  • Function Address
    0x000018FE
  • Function Address
    0x000004C4
  • Function Address
    0x00000152
  • Function Address
    0x00000661
  • Function Address
    0x0000019F
  • Function Address
    0x00001499
  • Function Address
    0x00000844
  • Function Address
    0x00000986
  • Function Address
    0x00001489
  • Function Address
    0x000006B8
  • Function Address
    0x000013C3
  • Function Address
    0x00000EA0
  • Function Address
    0x000018E4
  • Function Address
    0x000007FF
  • Function Address
    0x00000A50
  • Function Address
    0x00001153
  • Function Address
    0x000012DF
  • Function Address
    0x00000ED1
  • Function Address
    0x000014A6
  • Function Address
    0x000010FB
  • Function Address
    0x000018E2
  • Function Address
    0x00001425
  • Function Address
    0x00000949
  • Function Address
    0x00001475
  • Function Address
    0x00001131
  • Function Address
    0x000006E8
  • Function Address
    0x00000FE9
  • Function Address
    0x000017A3
  • Function Address
    0x000006AC
  • Function Address
    0x0000035D
  •  
  • Import File - msvcrt.dll
  • _onexit
  • ?terminate@@YAXXZ
  • __dllonexit
  • ??1type_info@@UAE@XZ
  • _except_handler3
  • __set_app_type
  • __p__fmode
  • __p__commode
  • _adjust_fdiv
  • __setusermatherr
  • _initterm
  • __wgetmainargs
  • _wcmdln
  • exit
  • _cexit
  • _XcptFilter
  • _exit
  • __CxxFrameHandler
  • wcscmp
  • _controlfp
  • wcscpy
  • _c_exit
  • iswctype
  • _wcsnicmp
  • _itow
  • _ltow
  • memmove
  • wcstoul
  • _wtol
  • _wtoi
  • _wcsicmp
  • towupper
  • _snwprintf
  • wcschr
  • _ftol
  • free
  • _wcsdup
  • _purecall
  • wcsncpy
  • swprintf
  • wcslen
  •  
  •  
  •  
  •  
  • Import File - ATL.DLL
  • Function Address
    0x00000012
  • Function Address
    0x00000020
  • Function Address
    0x00000010
  • Function Address
    0x00000015
  • Function Address
    0x00000017
  • Function Address
    0x00000011
  • Function Address
    0x00000014
  • Function Address
    0x0000000B
  • Function Address
    0x0000000A
  •  
  • Import File - ADVAPI32.dll
  • RegQueryValueExA
  • RegCloseKey
  • RegDeleteKeyW
  • RegDeleteValueW
  • RegSetValueW
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegCreateKeyExW
  • RegSetValueExW
  • RegOpenKeyExA
  • GetUserNameW
  •  
  •  
  •  
  •  
  • Import File - KERNEL32.dll
  • GetModuleHandleA
  • SetUnhandledExceptionFilter
  • UnhandledExceptionFilter
  • TerminateProcess
  • GetSystemTimeAsFileTime
  • GetCurrentProcessId
  • QueryPerformanceCounter
  • GetTempPathW
  • GetTempFileNameW
  • CreateDirectoryW
  • FindResourceW
  • LoadResource
  • LockResource
  • lstrcmpiW
  • GetCurrentThreadId
  • GetModuleHandleW
  • FormatMessageW
  • LoadLibraryA
  • GetCurrentProcess
  • ExpandEnvironmentStringsW
  • ResetEvent
  • WaitForMultipleObjects
  • LoadLibraryW
  • GetProcAddress
  • FreeLibrary
  • lstrcpynW
  • IsBadWritePtr
  • Sleep
  • GlobalHandle
  • CreateFileW
  • WriteFile
  • GlobalAlloc
  • GlobalUnlock
  • GlobalReAlloc
  • GlobalFree
  • GlobalLock
  • lstrcpyW
  • lstrcatW
  • lstrlenW
  • GetLastError
  • GetPrivateProfileStringW
  • CreateThread
  • SetEvent
  • InterlockedDecrement
  • DeleteFileW
  • GetTickCount
  • WaitForSingleObject
  • TerminateThread
  • CloseHandle
  • CreateEventW
  • InterlockedIncrement
  • GetWindowsDirectoryW
  • EnterCriticalSection
  • LeaveCriticalSection
  • DeleteCriticalSection
  • InitializeCriticalSection
  • HeapFree
  • GetProcessHeap
  • FreeConsole
  • OutputDebugStringW
  • SetConsoleScreenBufferSize
  • GetStdHandle
  • AllocConsole
  • GetPrivateProfileIntW
  • HeapAlloc
  • WritePrivateProfileStringW
  • HeapSize
  • HeapReAlloc
  • GetStartupInfoW
  •  
  • Import File - GDI32.dll
  • CreateFontIndirectW
  • GetTextExtentPoint32W
  • CreateSolidBrush
  • GetObjectW
  • DeleteObject
  • PatBlt
  • SelectObject
  • SetBkColor
  • ExtTextOutW
  • StretchBlt
  • GetDIBColorTable
  • CreatePen
  • RealizePalette
  • SelectPalette
  • GetStockObject
  • CreatePalette
  • SetBkMode
  • SetTextColor
  • GetDIBits
  • CreateDCW
  • CreateCompatibleDC
  • DeleteDC
  • GetDeviceCaps
  • CreateCompatibleBitmap
  • CreateHalftonePalette
  • BitBlt
  • GetSystemPaletteEntries
  • Rectangle
  • CreatePolygonRgn
  • PtInRegion
  • SetPixel
  • GetPixel
  • ExtFloodFill
  • CreateBitmap
  • SetMapMode
  • GetMapMode
  • DPtoLP
  • GetTextExtentPointW
  • CreateDIBitmap
  •  
  • Import File - USER32.dll
  • SetActiveWindow
  • SetForegroundWindow
  • EndDeferWindowPos
  • DeferWindowPos
  • BeginDeferWindowPos
  • GetActiveWindow
  • SystemParametersInfoW
  • GetSystemMetrics
  • SetFocus
  • GetFocus
  • GetClientRect
  • GetDesktopWindow
  • FindWindowW
  • GetLastActivePopup
  • LoadCursorW
  • LoadIconW
  • SetWindowPos
  • GetDlgItem
  • WinHelpW
  • RegisterClassExW
  • DefWindowProcW
  • SetClassLongW
  • GetSysColor
  • CopyRect
  • FillRect
  • DrawFocusRect
  • DrawTextW
  • GetParent
  • SetMenuItemInfoW
  • GetMenuState
  • GetMenuItemInfoW
  • GetMenuItemCount
  • ReleaseDC
  • GetDC
  • GetSubMenu
  • LoadMenuW
  • ValidateRect
  • KillTimer
  • IsIconic
  • GetDlgCtrlID
  • CreatePopupMenu
  • AppendMenuW
  • CheckMenuRadioItem
  • GetDCEx
  • SetCapture
  • SetCursor
  • ReleaseCapture
  • ShowWindow
  • IntersectRect
  • GetWindow
  • SetRectEmpty
  • LoadImageW
  • CheckMenuItem
  • EnableMenuItem
  • GetMenuStringW
  • LoadBitmapW
  • DeleteMenu
  • GetMenuItemID
  • InsertMenuW
  • ModifyMenuW
  • RemoveMenu
  • GetMenu
  • TrackPopupMenuEx
  • MapWindowPoints
  • DestroyMenu
  • TrackPopupMenu
  • SetMenuDefaultItem
  • MessageBoxW
  • MessageBeep
  • RegisterWindowMessageW
  • CallWindowProcW
  • InvertRect
  • DestroyWindow
  • SetTimer
  • RedrawWindow
  • IsWindowVisible
  • SetWindowLongW
  • GetWindowRect
  • EqualRect
  • OffsetRect
  • SetRect
  • PtInRect
  • IsRectEmpty
  • IsWindow
  • PostMessageW
  • GetCursorPos
  • SendMessageW
  • EnableWindow
  • InvalidateRect
  • UpdateWindow
  • CharPrevW
  • wvsprintfW
  • GetClassInfoW
  • RegisterClassW
  • CreateWindowExW
  • BeginPaint
  • EndPaint
  • ScreenToClient
  • ClientToScreen
  • GetWindowLongW
  • CharNextW
  •  
  •  
  •  
  •  
  • Import File - COMCTL32.dll
  • ImageList_AddMasked
  • ImageList_LoadImageW
  • ImageList_Destroy
  • CreateToolbarEx
  • ImageList_Draw
  • ImageList_SetOverlayImage
  • ImageList_DrawEx
  • InitCommonControlsEx
  • ImageList_GetImageCount
  •  
  • Import File - NETAPI32.dll
  • NetApiBufferFree
  • DsGetDcNameW
  •  
  •  
  •  
  • Import File - ole32.dll
  • CoTaskMemFree
  • CoInitialize
  • CoInitializeEx
  • CoUninitialize
  • CoCreateInstance
  •  
  •  
  •  
  •  
  •  
  • Import File - OLEAUT32.dll
  • Function Address
    0x00000007
  • Function Address
    0x00000006
  • Function Address
    0x000000A2
  • Function Address
    0x000000C9
  • Function Address
    0x00000002
  •  
  •  
  •  
  •  
  •  
  • Import File - SHELL32.dll
  • SHAppBarMessage
  • Shell_NotifyIconW
  • SHGetSpecialFolderPathW
  • ShellExecuteW
  •  
  • Import File - MSVFW32.dll
  • DrawDibOpen
  • DrawDibDraw
  • DrawDibClose
  •  
  •  
  • Import File - WINMM.dll
  • sndPlaySoundW
  •  
  •  
  •  
  •  
  • Import File - WLDAP32.dll
  • Function Address
    0x00000091
  • Function Address
    0x0000000D
  • Function Address
    0x00000085
  • Function Address
    0x00000093
  • Function Address
    0x00000087
  • Function Address
    0x000000BF
  • Function Address
    0x00000049
  • Function Address
    0x000000D0
  • Function Address
    0x0000001A
  • Function Address
    0x00000024
  • Function Address
    0x0000008C
  • Function Address
    0x0000001B
  • Function Address
    0x00000029
  • Function Address
    0x000000E0
  • Function Address
    0x000000CE
  • Function Address
    0x0000000E
  •  
  •  
  •  
  •  

  • Export function:
    The following function is a function provided by this file. The export function is useful for analyzing the specific behavior of a runtime file, starting from the function entry address, and debugging the code line by line. You can get a lot of data generated by this file.
    Export File - dialer.exe
  • Ordinals
  • Function Name
  • Address
  • 0x0000002F
  • TracePrintf
  • 0x00070A1C
  • 0x00000001
  • _BScrollGetWindowHandle@4
  • 0x0006F009
  • 0x00000002
  • _BScrollInit@44
  • 0x0006F49A
  • 0x00000003
  • _BScrollStart@4
  • 0x0006EF26
  • 0x00000004
  • _BScrollStop@4
  • 0x0006EF9C
  • 0x00000005
  • _BScrollTerm@4
  • 0x0006F265
  • 0x00000006
  • _BScrollWndProc@16
  • 0x0006F30E
  • 0x00000007
  • _CreateDIBPalette@8
  • 0x00070165
  • 0x00000008
  • _GfxBitmapBackfill@12
  • 0x0006F6DC
  • 0x00000009
  • _GfxBitmapDisplay@20
  • 0x0006F961
  • 0x0000000A
  • _GfxBitmapDrawTransparent@24
  • 0x0006FA80
  • 0x0000000B
  • _GfxBitmapScroll@20
  • 0x0006FD12
  • 0x0000000C
  • _GfxDeviceIsMono@4
  • 0x00070462
  • 0x0000000D
  • _GfxHideHourglass@4
  • 0x00070407
  • 0x0000000E
  • _GfxLoadBitmapEx@12
  • 0x000704E2
  • 0x0000000F
  • _GfxShowHourglass@4
  • 0x000703A5
  • 0x00000010
  • _GfxTextExtentTruncate@12
  • 0x000702E0
  • 0x00000011
  • _MemAllocEx@20
  • 0x00070C5C
  • 0x00000012
  • _MemFreeEx@16
  • 0x00070DEA
  • 0x00000013
  • _MemInit@8
  • 0x00070B64
  • 0x00000014
  • _MemReAllocEx@24
  • 0x00070D37
  • 0x00000015
  • _MemSize@8
  • 0x00070CF4
  • 0x00000016
  • _MemTerm@4
  • 0x00070B00
  • 0x00000017
  • _StrAtoI@4
  • 0x00070EF2
  • 0x00000018
  • _StrAtoL@4
  • 0x00070F1B
  • 0x00000019
  • _StrChrCat@8
  • 0x0007118F
  • 0x0000001A
  • _StrChrCatLeft@8
  • 0x000711C3
  • 0x0000001B
  • _StrClean@12
  • 0x0007141E
  • 0x0000001C
  • _StrCpyXChr@12
  • 0x00071281
  • 0x0000001D
  • _StrDup@4
  • 0x00070F44
  • 0x0000001E
  • _StrDupFree@4
  • 0x00070FAB
  • 0x0000001F
  • _StrGetLastChr@4
  • 0x00070FE6
  • 0x00000020
  • _StrGetRow@16
  • 0x00071376
  • 0x00000021
  • _StrGetRowColumnCount@12
  • 0x000712ED
  • 0x00000022
  • _StrInsert@8
  • 0x000711F6
  • 0x00000023
  • _StrItoA@12
  • 0x00070E82
  • 0x00000024
  • _StrLtoA@12
  • 0x00070EBA
  • 0x00000025
  • _StrSetLastChr@8
  • 0x0007100C
  • 0x00000026
  • _StrSetN@12
  • 0x0007123E
  • 0x00000027
  • _StrTrimChr@8
  • 0x00071037
  • 0x00000028
  • _StrTrimChrLeading@8
  • 0x00071072
  • 0x00000029
  • _StrTrimQuotes@4
  • 0x0007116A
  • 0x0000002A
  • _StrTrimWhite@4
  • 0x000710BC
  • 0x0000002B
  • _StrTrimWhiteLeading@4
  • 0x0007110E
  • 0x0000002C
  • _TraceGetLevel@4
  • 0x0007097D
  • 0x0000002D
  • _TraceInit@8
  • 0x0007075C
  • 0x0000002E
  • _TraceOutput@12
  • 0x0007099F
  • 0x00000030
  • _TraceSetLevel@8
  • 0x00070A75
  • 0x00000031
  • _TraceTerm@4
  • 0x00070652

  • This is my analysis results of this malicious file. If you have any questions, or have any problems that cannot be resolved, you can leave a message or email me.

    • You can also use the following online detection function to check the file.
  • • Enter the file name, or file MD5, for the query.
  • • You can also scan a file online. Click the "Upload File" button, and then click the "submit" button, to immediately detect whether the file is a virus. (Tip: The maximum size of the file uploaded cannot exceed 8MB)


  • T21 can detect unknown files online, mainly using "behavior-based" judgment mechanism. It is very simple to use T21.

    1. Click the "Upload File" button, select the file you want to detect, and then click "Submit".
    2. The next step is to wait for the system to check, which may take a little time, so please be patient.
    3. When the T21 scan engine finishes detection, the test results are immediately fed back, as shown below:

    • If you suspect that there are malicious files on your computer, but you cannot find where they are, or if you want to make a thorough check on your computer, you can download the automatic scanning tool.

    If you want to know what kind of T21 system is, you can click here to view the introduction of T21. You can also go to the home page to read the original intention and philosophy of my development of T21 system.

    Other captured malicious files:
    regedit.exe - File Md5: c7ebc242454675b6786883d09cc961cf
    ahui.exe - File Md5: f822a160f7911c5f33dc9961f469c3f7
    clipbrd.exe - File Md5: 449bde1fd7fd474751863a315f277bd7
    eudcedit.exe - File Md5: ea441e92be9ae9bc4bb55c4acbfc20a6
    getmac.exe - File Md5: 84b48c6736a53abe1c5bbe4a3f1ea533
    locator.exe - File Md5: d61fd9abef751b72fff5030a25215651
    ditrace.exe - File Md5: 1acde3571ea0e3b707cb2c9d5c3010c7
    vmicsvc.exe - File Md5: dd5f68349915b88dd0d192750f90e265
    vmicsvc.exe - File Md5: 2ee41423b354802c80f4ea4b182d5f2c
    Copyright statement: The above data is obtained by my analysis, and without authorization, you may not copy or reprint it.
    Leave a Reply

    Your email address will not be published. Required fields are marked *
    If you need help, please leave a message, try to match the picture, and I will reply as soon as possible to each question.

    Name *

    Email

      Comment   Reply To: 
      ToolBar:
    Preview, Read Only, Click here Edit Post.

    User Reply & Help
    »[May 02, 2019]Ahmed Ali Shah say: Cool. Android Fastboot Reset Tool is one of the best way to unlock android devices. I think it is th ......
    Reply: Thank you for your attention. According to the monitoring, this executable file should be infected b …View >>>
    »[April 27, 2019]Sergei Zolotarev say: I am playing CDs on my computer or listening to MP3 music on my hard disk. But when I run Photoshop ......
    Reply: This kind of fault may be caused by the computer configuration being too low. For example, the CPU f …View >>>
    »[April 09, 2019]Guest say: The CPU is a newly purchased boxed Celeron D 2.8GHz. The motherboard is a Mercedes 865PE. The temper ......
    Reply: This happens because the objects detected by the two are different. AID32 and HWiNFO detect the temp …View >>>
    »[April 05, 2019]amlan say: When I played a song on my computer, I sometimes plugged in the earphones and found that the sound o ......
    Reply: This situation can be caused by the following reasons:The impedance of the headset. Normally used he …View >>>
    »[March 26, 2019]Alok say: When the scanner is turned on, the "SCSI card not found" error message appears. What happened?
    Reply: This is because the fuse is set on the SCSI card. When a bad circuit condition (voltage instability  …View >>>
    »[March 06, 2019]utkrasht say: My computer uses the Geforce2 MX400 graphics card, but it is not very smooth when playing some 3D ga ......
    Reply: From the enumerated phenomenon, there may be problems with high-end video memory. In general applica …View >>>
    Copyright © 2016-2019 mygoodtools.com All rights reserved.