General

Malware Config

Signatures

Files

• abac9b724c6d13aa90b5484b7c424c1505f9f7d58504954bb3ed9b718a448991

  .7z

  Password: infected

• trojan/1.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 129KB - Virtual size: 4.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  ebut

  Size: 10KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• trojan/10.exe

  .exe windows x86

  8acb34bed3caa60cae3f08f75d53f727

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  oleaut32

  SysFreeString

  SysReAllocStringLen

  SysAllocStringLen

  SafeArrayPtrOfIndex

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayCreate

  VariantChangeType

  VariantCopy

  VariantClear

  VariantInit

  advapi32

  RegQueryValueExA

  RegOpenKeyExA

  RegCloseKey

  RegSetValueExW

  RegSetValueExA

  RegQueryValueExW

  RegQueryValueExA

  RegOpenKeyExW

  RegOpenKeyExA

  RegEnumKeyExA

  RegDeleteValueA

  RegDeleteKeyA

  RegCreateKeyExW

  RegCreateKeyExA

  RegCloseKey

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  user32

  GetKeyboardType

  DestroyWindow

  LoadStringA

  MessageBoxA

  CharNextA

  TranslateMessage

  PeekMessageA

  MsgWaitForMultipleObjects

  MessageBoxA

  LoadStringA

  GetSystemMetrics

  DispatchMessageA

  CharNextW

  CharLowerBuffW

  CharNextA

  CharLowerBuffA

  CharLowerA

  CharUpperA

  CharToOemA

  kernel32

  GetACP

  Sleep

  VirtualFree

  VirtualAlloc

  GetTickCount

  QueryPerformanceCounter

  GetCurrentThreadId

  InterlockedDecrement

  InterlockedIncrement

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenA

  lstrcpynA

  LoadLibraryExA

  GetThreadLocale

  GetStartupInfoA

  GetProcAddress

  GetModuleHandleA

  GetModuleFileNameA

  GetLocaleInfoA

  GetCommandLineA

  FreeLibrary

  FindFirstFileA

  FindClose

  ExitProcess

  ExitThread

  CreateThread

  WriteFile

  UnhandledExceptionFilter

  RtlUnwind

  RaiseException

  GetStdHandle

  TlsSetValue

  TlsGetValue

  LocalAlloc

  GetModuleHandleA

  WriteProcessMemory

  WriteFile

  WaitForSingleObject

  VirtualQuery

  VirtualAllocEx

  TerminateThread

  TerminateProcess

  SetLastError

  SetFileTime

  SetFilePointer

  SetFileAttributesW

  SetEvent

  SetEndOfFile

  ResumeThread

  ResetEvent

  ReadFile

  OpenProcess

  MoveFileW

  LoadLibraryA

  LeaveCriticalSection

  InitializeCriticalSection

  GlobalUnlock

  GlobalReAlloc

  GlobalHandle

  GlobalLock

  GlobalFree

  GlobalAlloc

  GetVersionExA

  GetUserDefaultLangID

  GetTickCount

  GetThreadLocale

  GetStdHandle

  GetProcAddress

  GetModuleHandleA

  GetModuleFileNameW

  GetModuleFileNameA

  GetLocaleInfoA

  GetLocalTime

  GetLastError

  GetFullPathNameA

  GetFileAttributesW

  GetFileAttributesA

  GetExitCodeThread

  GetEnvironmentVariableW

  GetEnvironmentVariableA

  GetDriveTypeA

  GetDiskFreeSpaceA

  GetDateFormatA

  GetCurrentThreadId

  GetCurrentProcess

  GetCommandLineW

  GetCPInfo

  InterlockedIncrement

  InterlockedExchange

  InterlockedDecrement

  FreeLibrary

  FormatMessageA

  FindNextFileW

  FindFirstFileW

  FindClose

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  ExitThread

  ExitProcess

  EnumCalendarInfoA

  EnterCriticalSection

  DuplicateHandle

  DeleteFileW

  DeleteCriticalSection

  CreateThread

  CreateRemoteThread

  CreateProcessW

  CreateProcessA

  CreatePipe

  CreateFileW

  CreateFileA

  CreateEventA

  CreateDirectoryW

  CopyFileW

  CompareStringW

  CompareStringA

  CloseHandle

  Sleep

  mpr

  WNetOpenEnumW

  WNetEnumResourceW

  WNetCloseEnum

  wininet

  InternetReadFile

  InternetOpenUrlA

  InternetOpenA

  InternetConnectA

  InternetCloseHandle

  HttpSendRequestA

  HttpOpenRequestA

  HttpAddRequestHeadersA

  shell32

  ShellExecuteW

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetMalloc

  Sections

  .text

  Size: 184KB - Virtual size: 184KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .itext

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 1.0MB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 12B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size:

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• trojan/2.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  h0qq8wk0

  Size: - Virtual size: 204KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  h0qq8wk1

  Size: 65KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  h0qq8wk2

  Size: 350B - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• trojan/3.exe

  .exe windows x86

  dc5ed6518320616a5bda1f08462ba9b5

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvbvm60

  MethCallEngine

  ord626

  ord598

  ord526

  EVENT_SINK_AddRef

  ord528

  ord529

  DllFunctionCall

  EVENT_SINK_Release

  ord600

  EVENT_SINK_QueryInterface

  __vbaExceptHandler

  ord608

  ord716

  ProcCallEngine

  ord537

  ord645

  ord570

  ord571

  ord576

  ord100

  ord617

  ord619

  Sections

  .text

  Size: 48KB - Virtual size: 47KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 264KB - Virtual size: 368KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• trojan/4.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  UPX0

  Size: - Virtual size: 336KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 52KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• trojan/5.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .Upack

  Size: - Virtual size: 148KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 25KB - Virtual size: 56KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• trojan/6.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 152KB - Virtual size: 152KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .sdata

  Size: 512B - Virtual size: 504B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• trojan/7.exe

  .exe windows x86

  914fcd6a41751e733bd47b99e22b1a84

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileMappingA

  SystemTimeToFileTime

  WriteConsoleA

  QueueUserAPC

  GlobalAlloc

  LockResource

  GetConsoleMode

  VirtualFree

  GetLocalTime

  CreateFileA

  DosDateTimeToFileTime

  SetEvent

  LocalAlloc

  lstrcmpiW

  CompareStringA

  EnumSystemLocalesA

  OpenMutexA

  WaitForSingleObject

  GlobalMemoryStatus

  Sleep

  FatalAppExitA

  SetLastError

  GetFullPathNameA

  UnhandledExceptionFilter

  FoldStringW

  WaitForMultipleObjects

  GetVersion

  TerminateThread

  HeapCreate

  IsDebuggerPresent

  GetOverlappedResult

  WriteProfileStringW

  GetOEMCP

  LocalReAlloc

  LoadLibraryW

  GetStringTypeA

  LCMapStringW

  MultiByteToWideChar

  LCMapStringA

  GetLocaleInfoA

  HeapSize

  RtlUnwind

  HeapReAlloc

  HeapAlloc

  IsValidCodePage

  GetACP

  GetCPInfo

  InitializeCriticalSectionAndSpinCount

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTimeAsFileTime

  GetTickCount

  HeapFree

  InterlockedDecrement

  GetCurrentThreadId

  InterlockedIncrement

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  DeleteCriticalSection

  SetHandleCount

  GetEnvironmentStringsW

  WideCharToMultiByte

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetFileType

  GetConsoleOutputCP

  GetCommandLineW

  QueryPerformanceCounter

  GetCurrentProcessId

  GlobalCompact

  GetDateFormatW

  GetModuleHandleW

  FindResourceA

  LoadLibraryA

  SizeofResource

  VirtualAlloc

  RtlMoveMemory

  GetModuleFileNameA

  GetStdHandle

  GetProcAddress

  GetStringTypeW

  GetLastError

  WriteFile

  ExitProcess

  SetUnhandledExceptionFilter

  GetCommandLineA

  GetStartupInfoA

  TerminateProcess

  GetCurrentProcess

  user32

  GetClipboardData

  SetCapture

  SetDlgItemTextA

  EnableMenuItem

  SetTimer

  LoadCursorW

  LoadStringW

  ReleaseDC

  LoadIconA

  PeekMessageA

  LoadAcceleratorsA

  TranslateAcceleratorA

  DispatchMessageA

  OffsetRect

  IsWindow

  MapWindowPoints

  SendDlgItemMessageA

  DefWindowProcW

  SetMenuItemBitmaps

  ShowWindow

  SetDlgItemInt

  GetDC

  GetMessageA

  GetProcessDefaultLayout

  ScreenToClient

  CharNextW

  SetDlgItemTextW

  IsIconic

  GetWindowPlacement

  PeekMessageW

  GetDlgCtrlID

  ReleaseCapture

  SetWindowTextA

  SetCursor

  HideCaret

  DrawTextExW

  CharLowerW

  GetMenuCheckMarkDimensions

  DispatchMessageW

  InvalidateRgn

  IsDialogMessageA

  IsDlgButtonChecked

  GetForegroundWindow

  DestroyMenu

  AppendMenuA

  gdi32

  DeleteObject

  GetTextMetricsA

  GetObjectA

  GetDeviceCaps

  LPtoDP

  ExtTextOutA

  GetTextExtentPoint32W

  SetWindowExtEx

  StartDocA

  GetTextExtentPoint32A

  StartDocW

  EnumFontsW

  TextOutW

  winspool.drv

  OpenPrinterW

  advapi32

  RegOpenKeyExA

  RegOpenKeyA

  shell32

  DragAcceptFiles

  ShellAboutW

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 77KB - Virtual size: 76KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• trojan/8.exe

  .exe windows x86

  45a75a207c551618feef5aafe5952520

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcmpA

  lstrcatA

  CopyFileA

  lstrcpyA

  SetFileAttributesA

  GetCurrentProcessId

  CreateDirectoryA

  FindClose

  K32GetModuleFileNameExA

  K32GetModuleBaseNameA

  WideCharToMultiByte

  K32EnumProcessModules

  GetTickCount

  SetEndOfFile

  HeapSize

  CreateFileW

  FindNextFileA

  FindFirstFileA

  GetModuleFileNameA

  MultiByteToWideChar

  GetProcessHeap

  GetFileSize

  HeapAlloc

  CloseHandle

  DeleteFileA

  CreateFileA

  WriteFile

  HeapFree

  OpenProcess

  ReadFile

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  FindNextFileW

  GetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  SetLastError

  InitializeCriticalSectionAndSpinCount

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  GetModuleHandleW

  GetProcAddress

  EncodePointer

  DecodePointer

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentThreadId

  InitializeSListHead

  RtlUnwind

  RaiseException

  FreeLibrary

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameW

  GetStdHandle

  GetFileType

  GetFileSizeEx

  SetFilePointerEx

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  WaitForSingleObject

  GetExitCodeProcess

  CreateProcessW

  GetFileAttributesExW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  ReadConsoleW

  HeapReAlloc

  FindFirstFileExW

  WriteConsoleW

  advapi32

  RegCloseKey

  RegQueryValueExA

  GetUserNameA

  RegSetValueExA

  RegOpenKeyExA

  CryptDestroyKey

  CryptAcquireContextA

  CryptEncrypt

  CryptCreateHash

  CryptDeriveKey

  CryptHashData

  CryptDestroyHash

  CryptReleaseContext

  shell32

  ShellExecuteA

  winhttp

  WinHttpCloseHandle

  WinHttpQueryDataAvailable

  WinHttpOpenRequest

  WinHttpReadData

  WinHttpReceiveResponse

  WinHttpSendRequest

  WinHttpOpen

  WinHttpConnect

  Sections

  .text

  Size: 159KB - Virtual size: 158KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 62KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• trojan/9.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Exports

  Exports

  @$xp$13Zfmasks@TMask

  @$xp$16Zipforge@TZipKey

  @$xp$17Zfzlib@EZlibError

  @$xp$17Zipforge@PDirItem

  @$xp$17Zipforge@TDirItem

  @$xp$18Zfconst@ZFConst__1

  @$xp$18Zipforge@PHashItem

  @$xp$18Zipforge@THashItem

  @$xp$18Zipforge@TZFAction

  @$xp$18Zipforge@TZipForge

  @$xp$19Zipforge@PPHashItem

  @$xp$19Zipforge@TZFOptions

  @$xp$19Zipforge@TZip64Mode

  @$xp$20Zipforge@TZFDirArray

  @$xp$20Zipforge@ZipForge__4

  @$xp$20Zipforge@ZipForge__6

  @$xp$20Zipforge@ZipForge__9

  @$xp$21Zfexcept@EZFException

  @$xp$22Zipforge@TZFDirManager

  @$xp$22Zipforge@TZFStringHash

  @$xp$22Zipforge@TZFVolumeSize

  @$xp$22Zipforge@TZipKeyHeader

  @$xp$23Zipforge@TZFArchiveItem

  @$xp$24Zfzlib@ECompressionError

  @$xp$24Zipforge@TZFBaseArchiver

  @$xp$24Zipforge@TZFSpanningMode

  @$xp$25Zffolderdialog@TSHFolders

  @$xp$25Zipforge@TZFFileShareMode

  @$xp$25Zipforge@TZFOverwriteMode

  @$xp$25Zipforge@TZFProgressEvent

  @$xp$25Zipforge@TZFProgressPhase

  @$xp$25Zipforge@TZFStorePathMode

  @$xp$25Zipforge@TZFZipCentralDir

  @$xp$25Zipforge@TZFZipFileHeader

  @$xp$25Zipforge@pZFZipCentralDir

  @$xp$25Zipforge@pZFZipFileHeader

  @$xp$26Zfzlib@EDecompressionError

  @$xp$27Zipforge@TInternalSearchRec

  @$xp$27Zipforge@TZFCryptoAlgorithm

  @$xp$27Zipforge@TZFOnDiskFullEvent

  @$xp$27Zipforge@TZFOnPasswordEvent

  @$xp$27Zipforge@TZFSpanningOptions

  @$xp$28Zipforge@TZFCompressionLevel

  @$xp$28Zipforge@TZFHashedStringList

  @$xp$28Zipforge@TZFOnStoreFileEvent

  @$xp$28Zipforge@TZFProcessOperation

  @$xp$28Zipforge@TZFVolumeNumberInfo

  @$xp$28Zipforge@TZFVolumeNumberKind

  @$xp$28Zipforge@TZFZipCentralDirEnd

  @$xp$28Zipforge@pZFZipCentralDirEnd

  @$xp$29Zipforge@TZFFileProgressEvent

  @$xp$29Zipforge@TZFZip64ExtendedInfo

  @$xp$29Zipforge@TZFZipDataDescriptor

  @$xp$30Zffolderdialog@TPBFolderDialog

  @$xp$30Zipforge@TZFOnExtractFileEvent

  @$xp$30Zipforge@TZFZip64CentralDirEnd

  @$xp$30Zipforge@pZFZip64CentralDirEnd

  @$xp$31Zffolderdialog@TBrowseInfoFlags

  @$xp$31Zipforge@TZFExtraFieldDataBlock

  @$xp$32Zipforge@TZFCompressionAlgorithm

  @$xp$33Zffolderdialog@TBrowseInfoFlagSet

  @$xp$33Zipforge@TZFConfirmOverwriteEvent

  @$xp$35Zipforge@TZFConfirmProcessFileEvent

  @$xp$35Zipforge@TZFProcessFileFailureEvent

  @$xp$36Zipforge@TZFOnRequestLastVolumeEvent

  @$xp$37Zffolderdialog@TSelectionChangedEvent

  @$xp$37Zipforge@TZFCopyTempFileProgressEvent

  @$xp$37Zipforge@TZFOnRequestBlankVolumeEvent

  @$xp$37Zipforge@TZFOnRequestFirstVolumeEvent

  @$xp$37Zipforge@TZFProcessVolumeFailureEvent

  @$xp$37Zipforge@TZFZip64CentralDirEndLocator

  @$xp$37Zipforge@pZFZip64CentralDirEndLocator

  @$xp$38Zipforge@TZFOnRequestMiddleVolumeEvent

  @$xp$39Zffolderdialog@TBrowserInitializedEvent

  @@Main@Finalize

  @@Main@Initialize

  @Zfconst@CRC32_TABLE

  @Zfconst@Finalization$qqrv

  @Zfconst@ZFErrorMessages

  @Zfconst@ZFNativeToErrorCode

  @Zfconst@_SConfirmOverwrite

  @Zfconst@_SOnDiskFull

  @Zfconst@_SOnProcessFileFailure

  @Zfconst@_SOnRequestBlankDisk

  @Zfconst@_SOnRequestFirstDisk

  @Zfconst@_SOnRequestLastDisk

  @Zfconst@_SOnRequestMiddleDisk

  @Zfconst@_SPasswordPrompt

  @Zfconst@_SPasswordTitle

  @Zfconst@_SWrongDiskRequestLastDisk

  @Zfconst@initialization$qqrv

  @Zfconst@internalCurrentVersionText

  @Zfexcept@EZFException@

  @Zfexcept@EZFException@$bctr$qqrip18Classes@TComponent

  @Zfexcept@EZFException@$bctr$qqripx14System@TVarRecxip18Classes@TComponent

  @Zfexcept@Finalization$qqrv

  @Zfexcept@initialization$qqrv

  @Zffolderdialog@Finalization$qqrv

  @Zffolderdialog@TPBFolderDialog@

  @Zffolderdialog@TPBFolderDialog@$bctr$qqrp18Classes@TComponent

  @Zffolderdialog@TPBFolderDialog@$bdtr$qqrv

  @Zffolderdialog@TPBFolderDialog@Dummy$qqr17System@AnsiString

  @Zffolderdialog@TPBFolderDialog@EnableOK$qqrxuixo

  @Zffolderdialog@TPBFolderDialog@Execute$qqrv

  @Zffolderdialog@TPBFolderDialog@GetIDListFromPath$qqr17System@AnsiStringrp11_ITEMIDLIST

  @Zffolderdialog@TPBFolderDialog@LabelCaptionsChange$qqrp14System@TObject

  @Zffolderdialog@TPBFolderDialog@Loaded$qqrv

  @Zffolderdialog@TPBFolderDialog@LocaleText$qqrp19Classes@TStringList

  @Zffolderdialog@TPBFolderDialog@MakeDisplayPath$qqr17System@AnsiStringi

  @Zffolderdialog@TPBFolderDialog@NewFolderCaptionsChange$qqrp14System@TObject

  @Zffolderdialog@TPBFolderDialog@SetFlags$qqr59System@%Set$t31Zffolderdialog@TBrowseInfoFlags$iuc$0$iuc$5%

  @Zffolderdialog@TPBFolderDialog@SetLabelCaptions$qqrp19Classes@TStringList

  @Zffolderdialog@TPBFolderDialog@SetNewFolderCaption$qqr17System@AnsiString

  @Zffolderdialog@TPBFolderDialog@SetNewFolderCaptions$qqrp19Classes@TStringList

  @Zffolderdialog@TPBFolderDialog@SetNewFolderEnabled$qqro

  @Zffolderdialog@TPBFolderDialog@SetNewFolderVisible$qqro

  @Zffolderdialog@TPBFolderDialog@SetNewFolderWidth$qqri

  @Zffolderdialog@TPBFolderDialog@SetSelectedFolder$qqr17System@AnsiString

  @Zffolderdialog@TPBFolderDialog@SetSelectionPIDL$qqrxuipx11_ITEMIDLIST

  @Zffolderdialog@TPBFolderDialog@SetSelectionPath$qqrxuix17System@AnsiString

  @Zffolderdialog@initialization$qqrv

  @Zfmasks@Finalization$qqrv

  @Zfmasks@MatchesMask$qqrx17System@AnsiStringt1

  @Zfmasks@TMask@

  @Zfmasks@TMask@$bctr$qqrx17System@AnsiString

  @Zfmasks@TMask@$bdtr$qqrv

  @Zfmasks@TMask@Matches$qqrx17System@AnsiString

  @Zfmasks@initialization$qqrv

  @Zfstrfunc@Finalization$qqrv

  @Zfstrfunc@IsStrMatchPattern$qqrpct1o

  @Zfstrfunc@Q_AnsiCompStrL$qqrpct1ui

  @Zfstrfunc@Q_AnsiCompTextL$qqrpct1ui

  @Zfstrfunc@Q_AnsiPCompStr$qqrpct1

  @Zfstrfunc@Q_AnsiPCompText$qqrpct1

  @Zfstrfunc@Q_CompStrL$qqrx17System@AnsiStringt1ui

  @Zfstrfunc@Q_CompTextL$qqrx17System@AnsiStringt1ui

  @Zfstrfunc@Q_PCompStr$qqrpct1

  @Zfstrfunc@Q_PCompText$qqrpct1

  @Zfstrfunc@Q_PStrToAnsi$qqrpc

  @Zfstrfunc@Q_PStrToOem$qqrpc

  @Zfstrfunc@ToAnsiChars

  @Zfstrfunc@ToLowerChars

  @Zfstrfunc@ToOemChars

  @Zfstrfunc@ToUpperChars

  @Zfstrfunc@TurkishToAnsiChars

  @Zfstrfunc@TurkishToLowerChars

  @Zfstrfunc@TurkishToUpperChars

  @Zfstrfunc@initialization$qqrv

  @Zfzlib@CCheck$qqri

  @Zfzlib@DCheck$qqri

  @Zfzlib@ECompressionError@

  @Zfzlib@EDecompressionError@

  @Zfzlib@EZlibError@

  @Zfzlib@Finalization$qqrv

  @Zfzlib@ZLIBCompressBuf$qqrpxvirpvriuc

  @Zfzlib@ZLIBDecompressBuf$qqrpxviirpvri

  @Zfzlib@_sInvalidStreamOp

  @Zfzlib@_sTargetBufferTooSmall

  @Zfzlib@adler32$qqruipci

  @Zfzlib@deflate$qqrr18Zfzlib@TZStreamReci

  @Zfzlib@deflateEnd$qqrr18Zfzlib@TZStreamRec

  @Zfzlib@deflateInit2_$qqrr18Zfzlib@TZStreamReciiiiipci

  @Zfzlib@deflateInit_$qqrr18Zfzlib@TZStreamRecipci

  @Zfzlib@inflate$qqrr18Zfzlib@TZStreamReci

  @Zfzlib@inflateEnd$qqrr18Zfzlib@TZStreamRec

  @Zfzlib@inflateInit2_$qqrr18Zfzlib@TZStreamRecipci

  @Zfzlib@inflateInit_$qqrr18Zfzlib@TZStreamRecpci

  @Zfzlib@inflateReset$qqrr18Zfzlib@TZStreamRec

  @Zfzlib@initialization$qqrv

  @Zipforge@DelTreeIfNoFiles$qqrx17System@AnsiString

  @Zipforge@Finalization$qqrv

  @Zipforge@IsFloppyDrive$qqrx17System@AnsiString

  @Zipforge@IsRemovableDrive$qqrx17System@AnsiString

  @Zipforge@PPM_MO

  @Zipforge@PPM_SA

  @Zipforge@ProductName

  @Zipforge@TZFBaseArchiver@

  @Zipforge@TZFBaseArchiver@$bctr$qqrp18Classes@TComponent

  @Zipforge@TZFBaseArchiver@$bdtr$qqrv

  @Zipforge@TZFBaseArchiver@AddFileInit$qqrx17System@AnsiStringt1o

  @Zipforge@TZFBaseArchiver@AddFiles$qqrv

  @Zipforge@TZFBaseArchiver@AddFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@AddFromBuffer$qqrx17System@AnsiStringpxvii16System@TDateTime

  @Zipforge@TZFBaseArchiver@AddFromStream$qqrx17System@AnsiStringp15Classes@TStreamoiii16System@TDateTime

  @Zipforge@TZFBaseArchiver@AddFromString$qqrx17System@AnsiStringt1i16System@TDateTime

  @Zipforge@TZFBaseArchiver@BeginUpdate$qqrv

  @Zipforge@TZFBaseArchiver@CancelUpdate$qqrv

  @Zipforge@TZFBaseArchiver@ChangeFilesAttr$qqrx17System@AnsiStringui

  @Zipforge@TZFBaseArchiver@ChangeFilesComment$qqrx17System@AnsiStringt1

  @Zipforge@TZFBaseArchiver@ChangeFilesIntAttr$qqrx17System@AnsiStringui

  @Zipforge@TZFBaseArchiver@CheckAttributesMatch$qqrii

  @Zipforge@TZFBaseArchiver@CheckInUpdate$qqrv

  @Zipforge@TZFBaseArchiver@CheckInactive$qqrv

  @Zipforge@TZFBaseArchiver@CheckModifySpanning$qqrv

  @Zipforge@TZFBaseArchiver@CloseArchive$qqrv

  @Zipforge@TZFBaseArchiver@DeleteFiles$qqrv

  @Zipforge@TZFBaseArchiver@DeleteFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@DeleteItem$qqri

  @Zipforge@TZFBaseArchiver@DeleteTaggedFile$qqri

  @Zipforge@TZFBaseArchiver@DetectSpanning$qqrv

  @Zipforge@TZFBaseArchiver@DoAfterOpen$qqrv

  @Zipforge@TZFBaseArchiver@DoOnConfirmOverwrite$qqr17System@AnsiStringr17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnConfirmProcessFile$qqrx17System@AnsiString28Zipforge@TZFProcessOperationro

  @Zipforge@TZFBaseArchiver@DoOnCopyTempFileProgress$qqrd25Zipforge@TZFProgressPhasero

  @Zipforge@TZFBaseArchiver@DoOnDiskFull$qqrix17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnExtractFile$qqrr17System@AnsiStringruix17System@AnsiString

  @Zipforge@TZFBaseArchiver@DoOnFileProgress$qqrx17System@AnsiStringd28Zipforge@TZFProcessOperation25Zipforge@TZFProgressPhasero

  @Zipforge@TZFBaseArchiver@DoOnOverallProgress$qqrd28Zipforge@TZFProcessOperation25Zipforge@TZFProgressPhasero

  @Zipforge@TZFBaseArchiver@DoOnPassword$qqrx17System@AnsiStringr17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnProcessFileFailure$qqrx17System@AnsiString28Zipforge@TZFProcessOperationiit1r18Zipforge@TZFAction

  @Zipforge@TZFBaseArchiver@DoOnProcessVolumeFailure$qqr28Zipforge@TZFProcessOperationix17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnRequestBlankVolume$qqrir17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnRequestFirstVolume$qqrr17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnRequestLastVolume$qqrr17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnRequestMiddleVolume$qqrir17System@AnsiStringro

  @Zipforge@TZFBaseArchiver@DoOnStoreFile$qqrr17System@AnsiStringruit1x17System@AnsiString

  @Zipforge@TZFBaseArchiver@EndUpdate$qqrv

  @Zipforge@TZFBaseArchiver@ExtractFiles$qqrv

  @Zipforge@TZFBaseArchiver@ExtractFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@ExtractItem$qqrip15Classes@TStream

  @Zipforge@TZFBaseArchiver@ExtractTaggedFile$qqrix17System@AnsiStringt2

  @Zipforge@TZFBaseArchiver@ExtractToBuffer$qqrx17System@AnsiStringpvi

  @Zipforge@TZFBaseArchiver@ExtractToStream$qqrx17System@AnsiStringp15Classes@TStream

  @Zipforge@TZFBaseArchiver@ExtractToString$qqrx17System@AnsiStringr17System@AnsiString

  @Zipforge@TZFBaseArchiver@FastFileAppend$qqrpx19Classes@TFileStreamt1x17System@AnsiString

  @Zipforge@TZFBaseArchiver@FillDirItem$qqrix17System@AnsiStringo

  @Zipforge@TZFBaseArchiver@FindFirst$qqrr23Zipforge@TZFArchiveItem

  @Zipforge@TZFBaseArchiver@FindFirst$qqrx17System@AnsiStringr23Zipforge@TZFArchiveItemit1

  @Zipforge@TZFBaseArchiver@FindNext$qqrr23Zipforge@TZFArchiveItem

  @Zipforge@TZFBaseArchiver@ForceUpdate$qqrv

  @Zipforge@TZFBaseArchiver@GetArchiveSize$qqrv

  @Zipforge@TZFBaseArchiver@GetCurrentVersionText$qqrv

  @Zipforge@TZFBaseArchiver@GetEncrypted$qqrv

  @Zipforge@TZFBaseArchiver@GetExists$qqrv

  @Zipforge@TZFBaseArchiver@GetFileCendralDirItemNo$qqr17System@AnsiStringri

  @Zipforge@TZFBaseArchiver@GetFileComment$qqrv

  @Zipforge@TZFBaseArchiver@GetFileCount$qqrv

  @Zipforge@TZFBaseArchiver@GetFreeDriveSpace$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@GetFullMask$qqrx17System@AnsiStringt1ro

  @Zipforge@TZFBaseArchiver@GetInUpdate$qqrv

  @Zipforge@TZFBaseArchiver@GetTempFileName$qqrv

  @Zipforge@TZFBaseArchiver@InternalAddFiles$qqrp16Classes@TStringsit1oo

  @Zipforge@TZFBaseArchiver@InternalCompressFile$qqrp15Classes@TStreamt1r17Zipforge@TDirItem

  @Zipforge@TZFBaseArchiver@InternalCreateArchive$qqrv

  @Zipforge@TZFBaseArchiver@InternalDecompressFile$qqrp15Classes@TStreamt1r17Zipforge@TDirItem

  @Zipforge@TZFBaseArchiver@InternalFind$qqrr23Zipforge@TZFArchiveItem

  @Zipforge@TZFBaseArchiver@InternalOpenArchive$qqrv

  @Zipforge@TZFBaseArchiver@InternalOpenNonSFXArchive$qqrv

  @Zipforge@TZFBaseArchiver@InternalOpenSFXArchive$qqrv

  @Zipforge@TZFBaseArchiver@IsExternalFileMatchMask$qqrx17System@AnsiStringt1o

  @Zipforge@TZFBaseArchiver@IsFilePasswordValid$qqrx17System@AnsiStringt1

  @Zipforge@TZFBaseArchiver@IsInternalFileMatchMask$qqrx17System@AnsiStringt1

  @Zipforge@TZFBaseArchiver@IsItemMatches$qqrir23Zipforge@TZFArchiveItem

  @Zipforge@TZFBaseArchiver@IsSFXArchive$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@IsValidArchiveFile$qqrv

  @Zipforge@TZFBaseArchiver@Lock$qqrv

  @Zipforge@TZFBaseArchiver@MakeDefaultVolumeName$qqrr17System@AnsiStringio

  @Zipforge@TZFBaseArchiver@MakeSFX$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@MoveFiles$qqrv

  @Zipforge@TZFBaseArchiver@MoveFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@OpenArchive$qqrp15Classes@TStreamo

  @Zipforge@TZFBaseArchiver@OpenArchive$qqrus

  @Zipforge@TZFBaseArchiver@OpenArchive$qqrv

  @Zipforge@TZFBaseArchiver@OpenVolume$qqrp28Zipforge@TZFVolumeNumberInfo

  @Zipforge@TZFBaseArchiver@ProcessTaggedFiles$qqr28Zipforge@TZFProcessOperation

  @Zipforge@TZFBaseArchiver@RenameFile$qqrx17System@AnsiStringt1

  @Zipforge@TZFBaseArchiver@ReopenFileStream$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@RepairArchive$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@SetActive$qqro

  @Zipforge@TZFBaseArchiver@SetCompMethod$qqrv

  @Zipforge@TZFBaseArchiver@SetCompressionLevel$qqr28Zipforge@TZFCompressionLevel

  @Zipforge@TZFBaseArchiver@SetCompressionMode$qqruc

  @Zipforge@TZFBaseArchiver@SetCurrentVersionText$qqr17System@AnsiString

  @Zipforge@TZFBaseArchiver@SetExclusionMasks$qqrp16Classes@TStrings

  @Zipforge@TZFBaseArchiver@SetFileComment$qqrx17System@AnsiString

  @Zipforge@TZFBaseArchiver@SetFileMasks$qqrp16Classes@TStrings

  @Zipforge@TZFBaseArchiver@SetInMemory$qqro

  @Zipforge@TZFBaseArchiver@SetNoCompressionMasks$qqrp16Classes@TStrings

  @Zipforge@TZFBaseArchiver@SetSpanningMode$qqr24Zipforge@TZFSpanningMode

  @Zipforge@TZFBaseArchiver@ShareModeToInt$qqr25Zipforge@TZFFileShareMode

  @Zipforge@TZFBaseArchiver@TagFiles$qqrv

  @Zipforge@TZFBaseArchiver@TagFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@TestFiles$qqrv

  @Zipforge@TZFBaseArchiver@TestFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@TestTaggedFile$qqrix17System@AnsiString

  @Zipforge@TZFBaseArchiver@Unlock$qqrv

  @Zipforge@TZFBaseArchiver@UpdateFiles$qqrv

  @Zipforge@TZFBaseArchiver@UpdateFiles$qqrx17System@AnsiStringit1

  @Zipforge@TZFBaseArchiver@UpdateItem$qqrix17System@AnsiString

  @Zipforge@TZFBaseArchiver@UpdateTaggedFile$qqrix17System@AnsiStringt2

  @Zipforge@TZFBaseArchiver@WriteBufferToStream$qqrpxvirp15Classes@TStreamp28Zipforge@TZFVolumeNumberInfoip15Classes@TStream

  @Zipforge@TZFBaseArchiver@WriteToStream$qqrp15Classes@TStreamrp15Classes@TStreamp28Zipforge@TZFVolumeNumberInforojit1o

  @Zipforge@TZFBaseArchiver@WriteToStream$qqrpxvirp15Classes@TStreamp28Zipforge@TZFVolumeNumberInfoip15Classes@TStream

  @Zipforge@TZFBaseArchiver@ZipInitPassword$qqrp15Classes@TStreamx17System@AnsiStringususuipj

  @Zipforge@TZFDirArray@

  @Zipforge@TZFDirArray@$bctr$qqrv

  @Zipforge@TZFDirArray@$bdtr$qqrv

  @Zipforge@TZFDirArray@Assign$qqrp20Zipforge@TZFDirArray

  @Zipforge@TZFDirArray@Clear$qqrv

  @Zipforge@TZFDirArray@ClearTags$qqrv

  @Zipforge@TZFDirArray@DeleteItem$qqri

  @Zipforge@TZFDirArray@FileExists$qqrx17System@AnsiStringri

  @Zipforge@TZFDirArray@GetCount$qqrv

  @Zipforge@TZFDirArray@GetItem$qqri

  @Zipforge@TZFDirArray@GetItemPtr$qqri

  @Zipforge@TZFDirArray@SetCount$qqri

  @Zipforge@TZFDirArray@SetItem$qqrirx17Zipforge@TDirItem

  @Zipforge@TZFDirArray@SetItemName$qqrix17System@AnsiString

  @Zipforge@TZFDirManager@

  @Zipforge@TZFDirManager@$bctr$qqrp15Classes@TStreamop24Zipforge@TZFBaseArchiver

  @Zipforge@TZFDirManager@$bdtr$qqrv

  @Zipforge@TZFDirManager@ApplyStubOffset$qqrv

  @Zipforge@TZFDirManager@CalculateStubSize$qqrj

  @Zipforge@TZFDirManager@FindLocalFileHeader$qqrj

  @Zipforge@TZFDirManager@FindSignature$qqrp15Classes@TStreamrjpci

  @Zipforge@TZFDirManager@GetCentralDirEnd$qqrr28Zipforge@TZFZipCentralDirEndrjui

  @Zipforge@TZFDirManager@HasCentralDirEnd$qqrv

  @Zipforge@TZFDirManager@InitCentralDirEnd$qqrv

  @Zipforge@TZFDirManager@IsEncrypted$qqrv

  @Zipforge@TZFDirManager@IsSFXArchive$qqrv

  @Zipforge@TZFDirManager@LoadDir$qqrv

  @Zipforge@TZFDirManager@OpenVolume$qqrp28Zipforge@TZFVolumeNumberInfo

  @Zipforge@TZFDirManager@SaveDir$qqrop15Classes@TStream

  @Zipforge@TZFDirManager@SaveSFXStub$qqrv

  @Zipforge@TZFHashedStringList@

  @Zipforge@TZFHashedStringList@$bctr$qqrv

  @Zipforge@TZFHashedStringList@$bdtr$qqrv

  @Zipforge@TZFHashedStringList@Add$qqrx17System@AnsiString

  @Zipforge@TZFHashedStringList@Clear$qqrv

  @Zipforge@TZFHashedStringList@Delete$qqri

  @Zipforge@TZFHashedStringList@IndexOf$qqrx17System@AnsiString

  @Zipforge@TZFHashedStringList@IndexOfName$qqrx17System@AnsiString

  @Zipforge@TZFHashedStringList@Update$qqrix17System@AnsiString

  @Zipforge@TZFHashedStringList@UpdateNameHash$qqrv

  @Zipforge@TZFHashedStringList@UpdateValueHash$qqrv

  @Zipforge@TZFOptions@

  @Zipforge@TZFOptions@$bctr$qqrv

  @Zipforge@TZFOptions@Assign$qqrp19Classes@TPersistent

  @Zipforge@TZFSpanningOptions@

  @Zipforge@TZFSpanningOptions@$bctr$qqrv

  @Zipforge@TZFSpanningOptions@Assign$qqrp19Classes@TPersistent

  @Zipforge@TZFSpanningOptions@GetVolumeSize$qqrp28Zipforge@TZFVolumeNumberInfo

  @Zipforge@TZFSpanningOptions@SetCustomVolumeSize$qqrj

  @Zipforge@TZFStringHash@

  @Zipforge@TZFStringHash@$bctr$qqrui

  @Zipforge@TZFStringHash@$bdtr$qqrv

  @Zipforge@TZFStringHash@Add$qqrx17System@AnsiStringi

  @Zipforge@TZFStringHash@Clear$qqrv

  @Zipforge@TZFStringHash@Find$qqrx17System@AnsiString

  @Zipforge@TZFStringHash@HashOf$qqrx17System@AnsiString

  @Zipforge@TZFStringHash@Modify$qqrx17System@AnsiStringi

  @Zipforge@TZFStringHash@Remove$qqrx17System@AnsiString

  @Zipforge@TZFStringHash@ValueOf$qqrx17System@AnsiString

  @Zipforge@TZFVolumeNumberInfo@

  @Zipforge@TZFVolumeNumberInfo@$bctr$qqrv

  @Zipforge@TZFVolumeNumberInfo@GetFirstVolume$qqrv

  @Zipforge@TZFVolumeNumberInfo@GetLastVolume$qqrv

  @Zipforge@TZFVolumeNumberInfo@Init$qqrv

  @Zipforge@TZFVolumeNumberInfo@IsEqualTo$qqrp28Zipforge@TZFVolumeNumberInfo

  @Zipforge@TZFVolumeNumberInfo@SetFirstVolume$qqro

  @Zipforge@TZFVolumeNumberInfo@SetLastVolume$qqro

  @Zipforge@TZFVolumeNumberInfo@SetVolumeNumber$qqri

  @Zipforge@TZipForge@

  @Zipforge@TZipForge@$bctr$qqrp18Classes@TComponent

  @Zipforge@TZipForge@$bdtr$qqrv

  @Zipforge@TZipForge@SetCompMethod$qqrv

  @Zipforge@ZipDecryptBuffer$qqrrpcipj

  @Zipforge@ZipEncryptBuffer$qqriirpcpj

  @Zipforge@ZipEncryptByte$qqrrucpj

  @Zipforge@ZipEncryptKeyInit$qqrx17System@AnsiStringpj

  @Zipforge@ZipKeyInit$qqrx17System@AnsiStringpjpuc

  @Zipforge@initialization$qqrv

  __GetExceptDLLinfo

  ___CPPdebugHook

  _fmMain

  Sections

  .text

  Size: 768KB - Virtual size: 772KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 74KB - Virtual size: 96KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 11KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .edata

  Size: 21KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 34KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 45KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ