f449a6511f00876ee82c50cb4a1b1840446987ab25c78de4f93c999f415cf11f

Sharing

Copy URL

Twitter E-mail

General

Target

f449a6511f00876ee82c50cb4a1b1840446987ab25c78de4f93c999f415cf11f
Size

2.1MB
MD5

5a97d19c6250cb56ce684b7dcaa86957
SHA1

ccdf1edabbaf473375015ac79e4059a536634a24
SHA256

f449a6511f00876ee82c50cb4a1b1840446987ab25c78de4f93c999f415cf11f
SHA512

91d1c81e3fdd43111893c1aec19f5118130807c5e634229fb74acbee0e4bf7d57125b2c0ba28c1eb6cef00ce7484027627dfaad524bc5eb41b39023ec6e9d3ea
SSDEEP

49152:+/b2OjNrff4rmr+ebtt9fhXOrTstOQfUyNuPWp87g5gj2mt/kS:0xZCmr+ebtt9fhXkstPMyMPWmPrtz

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/恒有QQ申请器（永久免费）/恒有QQ申请器.exe	vmprotect

Files

f449a6511f00876ee82c50cb4a1b1840446987ab25c78de4f93c999f415cf11f
.zip
恒有QQ申请器（永久免费）/QQ/IP.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

vmp0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vmp1
Size: 421KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
恒有QQ申请器（永久免费）/QQ/IP.txt
恒有QQ申请器（永久免费）/QQ/dc.dll
.dll windows x86

8f44d7882c9933a2a203e607aedb0523

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord858
ord5731
ord5683
ord1199
ord1247
ord2725
ord6385
ord6283
ord6282
ord6930
ord6928
ord941
ord2827
ord939
ord3337
ord3811
ord1601
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord1116
ord269
ord2512
ord2554
ord4486
ord6375
ord4274
ord922
ord4202
ord537
ord540
ord2818
ord535
ord860
ord924
ord800
ord354
ord5186
ord3318
ord5442
ord1979
ord665
ord803
ord823
ord825
ord543
ord4278
ord3584

msvcrt

memmove
free
wcscmp
malloc
srand
_CxxThrowException
wcscpy
__dllonexit
rand
strstr
_ftol
atol
sprintf
__CxxFrameHandler
time
_onexit
??1type_info@@UAE@XZ
_initterm
calloc
_adjust_fdiv
_mbscmp

kernel32

lstrlenA
DeleteFileA
GetPrivateProfileStringA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetDiskFreeSpaceExA
GetSystemInfo
GetVersionExA
GetSystemDirectoryA
GetTickCount
WritePrivateProfileStringA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSection
Sleep
WideCharToMultiByte
lstrlenW
LocalFree
LocalAlloc
MultiByteToWideChar

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

wsock32

ntohs
WSAStartup
socket
WSAGetLastError
inet_ntoa
ioctlsocket
htons
connect
select
__WSAFDIsSet
send
recv
closesocket
gethostbyname
inet_addr
getsockname

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

DC_Check
DC_CheckUpdate
DC_GetCJ
DC_GetImg
DC_GetInfo
DC_GetLastError
DC_Init
DC_Init2
DC_Notify
DC_NotifyFail
DC_RecogImg
DC_Reg
DC_Reg2
DC_RegPayUser
DC_SetResult
DC_Uninit
GetUserInfo
GetUserInfo_A
RecByte
RecByte_A
RecYZM
RecYZM_A
Reglz
ReportError
ReportError_A
VBYB_GetResult
VBYB_Init
VBYB_PutImg
VBYB_ReportError
VBYB_Uninit
VB_GetUserInfo
VB_RecByte
VB_RecFile
VB_ReportError
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
恒有QQ申请器（永久免费）/QQ/sq.dll
.exe windows x86

8c397b5877a2330398335f4435b33f60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32 iphlpapi

GetSaveFileNameA 4�%

Sections

CODE
Size: 764KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
恒有QQ申请器（永久免费）/dc.dll
.dll windows x86

8f44d7882c9933a2a203e607aedb0523

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord858
ord5731
ord5683
ord1199
ord1247
ord2725
ord6385
ord6283
ord6282
ord6930
ord6928
ord941
ord2827
ord939
ord3337
ord3811
ord1601
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord1116
ord269
ord2512
ord2554
ord4486
ord6375
ord4274
ord922
ord4202
ord537
ord540
ord2818
ord535
ord860
ord924
ord800
ord354
ord5186
ord3318
ord5442
ord1979
ord665
ord803
ord823
ord825
ord543
ord4278
ord3584

msvcrt

memmove
free
wcscmp
malloc
srand
_CxxThrowException
wcscpy
__dllonexit
rand
strstr
_ftol
atol
sprintf
__CxxFrameHandler
time
_onexit
??1type_info@@UAE@XZ
_initterm
calloc
_adjust_fdiv
_mbscmp

kernel32

lstrlenA
DeleteFileA
GetPrivateProfileStringA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
GetComputerNameA
GetDiskFreeSpaceExA
GetSystemInfo
GetVersionExA
GetSystemDirectoryA
GetTickCount
WritePrivateProfileStringA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetPrivateProfileIntA
DeleteCriticalSection
InitializeCriticalSection
Sleep
WideCharToMultiByte
lstrlenW
LocalFree
LocalAlloc
MultiByteToWideChar

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

wsock32

ntohs
WSAStartup
socket
WSAGetLastError
inet_ntoa
ioctlsocket
htons
connect
select
__WSAFDIsSet
send
recv
closesocket
gethostbyname
inet_addr
getsockname

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

DC_Check
DC_CheckUpdate
DC_GetCJ
DC_GetImg
DC_GetInfo
DC_GetLastError
DC_Init
DC_Init2
DC_Notify
DC_NotifyFail
DC_RecogImg
DC_Reg
DC_Reg2
DC_RegPayUser
DC_SetResult
DC_Uninit
GetUserInfo
GetUserInfo_A
RecByte
RecByte_A
RecYZM
RecYZM_A
Reglz
ReportError
ReportError_A
VBYB_GetResult
VBYB_Init
VBYB_PutImg
VBYB_ReportError
VBYB_Uninit
VB_GetUserInfo
VB_RecByte
VB_RecFile
VB_ReportError
uu_getScoreA
uu_getScoreW
uu_loginA
uu_loginW
uu_recognizeByCodeTypeAndBytesA
uu_recognizeByCodeTypeAndBytesW
uu_recognizeByCodeTypeAndPathA
uu_recognizeByCodeTypeAndPathW
uu_reportError
uu_setSoftInfoA
uu_setSoftInfoW
uu_setTimeOut

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
恒有QQ申请器（永久免费）/使用前必看说明.txt
恒有QQ申请器（永久免费）/恒有QQ申请器.exe
.exe windows x86

f4887909c79cc868495bb4eefde7899f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIatan

kernel32

GetStringTypeW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Exports

Exports

o?&R }��@֙1m��At��Qɕ`�7�2�pN�� 9��06�-F'!q��N�"+��z��U�l�0&$��q)�MW�R�� L��Z�.^9��'r��Y�u�7�%3��]��:.I��R��Yi>N��~��xqtP)�P��M�h|��^n}ו�A�R7��{�]�K��z��k�+��^죘R�<,�eY�-3yJ�xIX��y�jk�, �q��C_�quN�f4����[ΔE��j��Q�bF;d��tk��M�ԋ""Q q�;{�{K��/��h�f�]/0��u��Y%5�h�w ��g�&+�?��ʑ�H�%��7;�U�l��l��Y\��;i��?qq�q��=Q��?��{��6:x_e��3��c�� (.��ƅ�󓵦��^��x7>�c�: �(D��l�F?0� �K�E2�W��K��k鴽bN�g@s��yK��]Db&��7�}��x~��H��S7�pU�bA��XS��ͽ�{8ndK9�iy�ώ��tS�� U��6KZ��t�t��n��>JJ8�?��徶�,�N�kq%}�x��`�;�"(��C/�S�m�:H<M)I��ī9#<Xv��c`�9�M h3adL��{b*��pl��j��y��]��K�ʂ� q`?ً�)�Ar�m�4�P��t݈$��ÿ�ZW\�ȟ� @'Ys��enf��+Q��5��FO��lǯ֜,�P%u�H�{yW��BPqx޲_�9<��G\��Z5��[^�~-��_�b��o�]��a��bDj��^� �n٤\:��h�� ˇ��k�m9��a�O��8��&e3�#?��lݎS�S_�F�=?O��D0QS`QL��>;\��A��2�lLT{�Ώ��gz�?s?%��ǋ��5ԝ�3Ɏ%b��w��|6l��h��7/7�'�uɋW�艰\�q��T�Y9�j;�A��Ì�8�&�1;�>p`��S��FX��Y�A�%�� >��J�NHY�ޓH/:ȃ�h vh ��L�K��4��1�Wf��H��f@+�ؕ� $�t�=�ιB.��̊Ø�� jk��*Yt��1�5WV�]5l��(n��ݡ�DMp� vwȂ��-��}a!y�{Tpg�9�ڮh;f��g��- ��qN�Ex�6��60�F%ܾ>5g��x�X͚H86�1��WtBU�W( �"�^t��!{U絞�9�{�.({��7>[��S5ٌ��Q1,8�(q��q4c�n�6E��_��u4K�;��D�Lw��H��$)g$T��E��ע#��r�X��+��e��Rae�|�̏獷�f�N��x��$��[C��${� Le�3:��P^B�sl1f��Ú��F*�_p�� t��our�/�|�H�q�g��d��)�-��2m��$>��R��"7��:#�� ;n$-h��}+��m�힞v��Ň��x[ Hw�jD�R�XG0"�kFSAG��V/�v�bh��-Ws�g�zK$�ݭ��zR�s<ӵR��=pB��C��Y�L n��\��Sַ�/2#_�5f.�?B�ϟD��=Lh&%��on�`��r�rҜ*�!7�$^mh��O7-��L�s��u]�� W�C��#F��?�=��:��1Sꫲ�~ ��X�� #�%��m��̷ԗ<��Β� �i�&��\��T��4��L"�/S8iJ��P�+\�{q��zN��L��ËI��O�v#N�r9/�#��W�\�D��>��wW��&�J�==>Mܬ7(H9�V0d�C��,?J��f4�c�2�ٝp& tQC��gI�+�d��ʖYѫ/ o�C��"gXH�9�+��n�$��V|��ά��&./y=�@ނ`к��`�jmef��\ "�v�sqBR��T|<�)�� l��q�Z�9�B� |-��0�Ԫw.��&��(�C��(~W��E"��(�Ck�R �*B7�W�|��vn��E5b�M�at\!0�eS�h/=8l��=A%@�i1i�y�]�f�x,��P��}�v�\��;��7��)�0��VH �$&�3"G�{9:ܪ452��,��3�r%e��A��,��1�M��A�XF�SsV��M�iF��O-w~�t�4�.��)��y��%��_=%f�ǩ�r�H3��'�2D�ؕ9;Wƥ <@U�U2�viT��O�@_�4_D�x�|��"�� c��v�'B�i��L��Taa.}�?D�- �X�|��E�Kǀ��Q��쑩B&�K�K,?9 �%�E��|�Ɲ��w�"�?)(O�G��(l��/�3sB��0��=�Y�8�v�g��X��Fs��bsc��O2W�A>6-2e-�9|C��>�:\�޲��`>*_���-g|��-S�vB�)9��H%r��񷴗��[��g芌��@�(1�H Dρ��(�jњL�1Uq�!��ZR}R>�CT��a��j�ɣ�A�s��f��t@G�t2ӇC-;<�qO9hB��dcn|�Y=i��Ww�+æTF�SӔ�U��PǦ^{��Ɣ#i�!մ��*��CK�ՁIn�<X�K�07�IH�:� k�s�zh�}�TR��?��k�m�Ǖ�q��ж��~�LN��W��љ�Z�z��X'��m�̀��&�2��a_+W�# �R��.��0� ��V��-��e�� p)'��v,�_Q6�b��7K@O� -�]S�rB��ˇ�%��>��4��vD�Np*��_%v��7;`�,F�h��0ʖ<��μ�D�?��!�L��[�Y��^��i

Sections

.text
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

vmp0 Size: - Virtual size: 416KB

vmp1 Size: 421KB - Virtual size: 424KB

.rsrc Size: 13KB - Virtual size: 16KB

.vmp Size: 512B - Virtual size: 511B

8f44d7882c9933a2a203e607aedb0523

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

gdiplus

wsock32

msvcp60

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 948B

.reloc Size: 4KB - Virtual size: 3KB

8c397b5877a2330398335f4435b33f60

Headers

File Characteristics

Imports

comdlg32 iphlpapi

Sections

CODE Size: 764KB - Virtual size: 2.0MB

SE Size: 396KB - Virtual size: 396KB

SE Size: 24KB - Virtual size: 24KB

SE Size: 12KB - Virtual size: 12KB

SE Size: 4KB - Virtual size: 4KB

8f44d7882c9933a2a203e607aedb0523

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

gdiplus

wsock32

msvcp60

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 948B

.reloc Size: 4KB - Virtual size: 3KB

f4887909c79cc868495bb4eefde7899f

Headers

File Characteristics

Imports

msvbvm60

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 60KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 605KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 644KB - Virtual size: 643KB

.rsrc Size: 20KB - Virtual size: 19KB

vmp0
Size: - Virtual size: 416KB

vmp1
Size: 421KB - Virtual size: 424KB

.rsrc
Size: 13KB - Virtual size: 16KB

.vmp
Size: 512B - Virtual size: 511B

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 948B

.reloc
Size: 4KB - Virtual size: 3KB

CODE
Size: 764KB - Virtual size: 2.0MB

SE
Size: 396KB - Virtual size: 396KB

SE
Size: 24KB - Virtual size: 24KB

SE
Size: 12KB - Virtual size: 12KB

SE
Size: 4KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 948B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 60KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 605KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 644KB - Virtual size: 643KB

.rsrc
Size: 20KB - Virtual size: 19KB