e6e77e6e7eb11d313c51acfa9ce869dfc53e4705e89273332838a064e6d0cc77

Sharing

Copy URL Twitter E-mail

General

Target

e6e77e6e7eb11d313c51acfa9ce869dfc53e4705e89273332838a064e6d0cc77
Size

1.2MB
MD5

216eb6675820a272553adc3816b032e0
SHA1

33460c083a38abc6795825408c3837aab1b32da9
SHA256

e6e77e6e7eb11d313c51acfa9ce869dfc53e4705e89273332838a064e6d0cc77
SHA512

9dfa685f0c792ae01459a092f44060a34bb5b64693a88995d7647382e9806ce23ba5fc5d3afcffa116c61eeccaec6b8852f6d07ed685fae001d92722da6345a3
SSDEEP

24576:9Xk0liXWkE8WHyRkokhHRQKAWWw97fPJNjxENEgx:Bk0g/E8WH4khHCKlW6HxEzx

Score

N/A

Malware Config

Signatures

Files

e6e77e6e7eb11d313c51acfa9ce869dfc53e4705e89273332838a064e6d0cc77
.rar
Readme-说明.htm
.html
客户端/Barinfo.ini
客户端/Desk.exe
.exe windows x86

f78d991f51464353e35cf01dc5ee2c22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
RemoveDirectoryA
GetFileAttributesA
FindNextFileA
SetFileAttributesA
GetLocalTime
TerminateProcess
OpenProcess
OpenMutexA
ExitThread
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GetCurrentProcess
MoveFileExA
CreateFileA
WaitForSingleObject
lstrlenA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
GetTimeZoneInformation
FindClose
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
FindFirstFileA
TerminateThread
CloseHandle
CopyFileA
CreateThread
ExitProcess
GetProcAddress
FreeLibrary
CreateMutexA
GetLastError
WinExec
LoadLibraryA
GetModuleFileNameA
IsValidLocale
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetConsoleCtrlHandler
HeapCreate
SetEnvironmentVariableA
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
HeapFree
FlushFileBuffers
SetFilePointer
ReadFile
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetVersion
GetCommandLineA
GetStringTypeW
Sleep
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetStartupInfoA

user32

DispatchMessageA
TranslateMessage
GetMessageA
IsWindow
GetDC
GetDesktopWindow
SendMessageTimeoutA
FindWindowExA
FindWindowA
SendMessageA
ReleaseDC
MessageBoxA

gdi32

GetDeviceCaps

advapi32

RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA

shell32

ShellExecuteA

oleaut32

SysFreeString

ws2_32

WSASend
WSAGetLastError
connect
gethostname
gethostbyname
inet_ntoa
socket
htons
WSACleanup
WSAStartup
recv
setsockopt
sendto
htonl
recvfrom
bind
listen
inet_addr
WSARecv
accept
WSASocketA
closesocket
send

netapi32

Netbios

imagehlp

MakeSureDirectoryPathExists

Exports

Exports

??0CHttpSocket@@QAE@ABV0@@Z
??0CHttpSocket@@QAE@XZ
??1CHttpSocket@@UAE@XZ
??4CHttpSocket@@QAEAAV0@ABV0@@Z
??_7CHttpSocket@@6B@
?CloseSocket@CHttpSocket@@QAEHXZ
?Connect@CHttpSocket@@QAEHPADH@Z
?FormatRequestHeader@CHttpSocket@@QAEPBDPAD0AAJ00JJH@Z
?GetField@CHttpSocket@@QAEHPBDPADH@Z
?GetRequestHeader@CHttpSocket@@QBEHPADH@Z
?GetResponseHeader@CHttpSocket@@QAEPBDAAH@Z
?GetResponseLine@CHttpSocket@@QAEHPADH@Z
?GetServerState@CHttpSocket@@QAEHXZ
?Receive@CHttpSocket@@QAEJPADJ@Z
?SendRequest@CHttpSocket@@QAEHPBDJ@Z
?SetTimeout@CHttpSocket@@QAEHHH@Z
?Socket@CHttpSocket@@QAEHXZ

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fhcmyDat
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客户端/Desk60.dll
.dll windows x86

f3b5a169e4dde88771f629ce11b7a854

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
MoveFileExA
ReleaseMutex
OpenMutexA
WaitForSingleObject
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
LocalFree
lstrlenW
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
ReadFile
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetConsoleCtrlHandler
HeapCreate
HeapDestroy
SetFileAttributesA
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
FindNextFileA
GetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindClose
FindFirstFileA
GetModuleHandleA
FreeLibrary
LoadLibraryA
ExitProcess
GetProcAddress
GetCurrentProcess
SetProcessWorkingSetSize
CreateFileA
CreateMutexA
GetModuleFileNameA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
HeapFree
FlushFileBuffers
SetFilePointer
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
CloseHandle
Sleep
TerminateThread
GetCurrentThreadId
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FatalAppExitA
GetVersion
GetCommandLineA
OutputDebugStringA
WriteFile
GetStdHandle
DebugBreak
HeapValidate
IsBadReadPtr
IsBadWritePtr
RaiseException
RtlUnwind
WideCharToMultiByte
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InterlockedExchange
InitializeCriticalSection
CreateThread
GetVersionExA

user32

SendMessageA
SetParent
ShowWindow
GetSystemMetrics
IsWindow
FindWindowExA
FindWindowA
SystemParametersInfoA
ReleaseDC
MessageBoxA
GetDesktopWindow
IsWindowVisible
GetClientRect
MoveWindow
DefWindowProcA
CallWindowProcA
SetWindowLongA
EnumChildWindows
GetClassNameA
SetWindowRgn
GetDC
DispatchMessageA
BeginPaint
LoadBitmapA
GetWindowRect
GetWindow
RegisterHotKey
GetMessageA
TranslateMessage
EndPaint
LoadCursorA
RegisterClassExA
DestroyWindow
PtInRect
CreateWindowExA

gdi32

CreateRoundRectRgn
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateFontIndirectA
SetBkMode
SetTextColor
TextOutA
CreateSolidBrush
GetDeviceCaps

advapi32

RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
StringFromCLSID

oleaut32

CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
VariantInit
SysAllocString
SysFreeString
VariantClear

atl

ord42
ord47

ws2_32

inet_addr
WSASocketA
accept
listen
bind
recvfrom
htonl
inet_ntoa
gethostbyname
gethostname
closesocket
WSAGetLastError
WSASend
send
connect
socket
htons
WSACleanup
WSAStartup
recv
setsockopt
WSARecv
sendto

netapi32

Netbios

imagehlp

MakeSureDirectoryPathExists

Exports

Exports

??0CHttpSocket@@QAE@ABV0@@Z
??0CHttpSocket@@QAE@XZ
??1CHttpSocket@@UAE@XZ
??4CHttpSocket@@QAEAAV0@ABV0@@Z
??_7CHttpSocket@@6B@
?CloseSocket@CHttpSocket@@QAEHXZ
?Connect@CHttpSocket@@QAEHPADH@Z
?FormatRequestHeader@CHttpSocket@@QAEPBDPAD0AAJ00JJH@Z
?GetField@CHttpSocket@@QAEHPBDPADH@Z
?GetRequestHeader@CHttpSocket@@QBEHPADH@Z
?GetResponseHeader@CHttpSocket@@QAEPBDAAH@Z
?GetResponseLine@CHttpSocket@@QAEHPADH@Z
?GetServerState@CHttpSocket@@QAEHXZ
?Receive@CHttpSocket@@QAEJPADJ@Z
?SendRequest@CHttpSocket@@QAEHPBDJ@Z
?SetTimeout@CHttpSocket@@QAEHHH@Z
?Socket@CHttpSocket@@QAEHXZ

Sections

.text
Size: 856KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客户端/DeskExt.dll
.dll windows x86

adfef928f38b641c03231b6ee756f99f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CloseHandle
CreateFileA
GetLocalTime
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateThread
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
FindFirstFileA
FindClose
DeleteFileA
RemoveDirectoryA
GetFileAttributesA
FindNextFileA
SetFileAttributesA
GetLastError
GetQueuedCompletionStatus
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
ReadFile
SetStdHandle
UnhandledExceptionFilter
IsBadCodePtr
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetModuleFileNameA
OpenProcess
IsValidLocale
GetEnvironmentStringsW
CreateIoCompletionPort
TerminateProcess
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentProcess
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
VirtualAlloc
VirtualFree
HeapReAlloc
HeapAlloc
SetUnhandledExceptionFilter
HeapFree
FlushFileBuffers
SetFilePointer
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
ExitProcess
FatalAppExitA
LCMapStringA
LCMapStringW
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetCPInfo
CompareStringA
CompareStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetEnvironmentVariableA

user32

SetProcessWindowStation
OpenWindowStationA
DispatchMessageA
TranslateMessage
GetMessageA
IsWindow
OpenDesktopA
DefWindowProcA
DestroyWindow
RegisterClassExA
LoadCursorA
RegisterHotKey
SetThreadDesktop
CreateWindowExA
MessageBoxA

gdi32

GetStockObject

shell32

ShellExecuteA

imagehlp

MakeSureDirectoryPathExists

ws2_32

WSAGetLastError
WSASend
inet_ntoa
sendto
htonl
htons
setsockopt
socket
recvfrom
recv
send
bind
listen
connect
inet_addr
WSARecv
accept
WSASocketA
closesocket

Sections

.text
Size: 596KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客户端/HopeDeskAds_bak.dat
客户端/Image.dll
.dll windows x86

b7ba7b09efd26333ad5eb0a7c90d8650

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DrawTextA
GetIconInfo
GetDC
ReleaseDC
MessageBoxA
GetSysColor

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcrt

qsort
vfprintf
strtok
abort
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
vsprintf
tmpnam
isprint
printf
strncpy
strstr
strncmp
__CxxLongjmpUnwind
_setjmp3
fabs
sqrt
log
rand
exp
strchr
_CIpow
_CIacos
div
??2@YAPAXI@Z
sprintf
calloc
_mbsnbcpy
ceil
_CxxThrowException
_ftol
floor
realloc
__CxxFrameHandler
malloc
free
getc
fputc
fflush
ftell
fseek
fwrite
fread
fopen
fclose
_purecall
atof
atoi
_iob
memmove
strrchr
fprintf
__mb_cur_max
_isctype
longjmp
_pctype
atan2
_except_handler3
_strlwr
_open
_unlink
_setmode
_read
_write
_lseek
_close
_strdup
gmtime
strtod
exit
sscanf
getenv
strcpy
strlen
memcpy
memset
pow

kernel32

GlobalFree
SizeofResource
LockResource
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
LoadResource

gdi32

SetEnhMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
GetDeviceCaps
DeleteEnhMetaFile
ExtTextOutA
GetEnhMetaFilePaletteEntries
CreatePalette
SelectPalette
PlayEnhMetaFile
CreateRectRgn
CombineRgn
CreateFontIndirectA
GetStockObject
SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
BitBlt
DeleteObject
GetObjectA
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PBDK@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageGIF@@QAE@XZ
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxImageTIF@@QAE@ABV0@@Z
??0CxImageTIF@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageGIF@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxImageTIF@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxImageTIF@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4tagCxTextInfo@@QAEAAU0@ABU0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxImageJPG@@6B@
??_7CxImageTIF@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetBits@CxImage@@QBEPAEXZ
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?CircleTransform@CxImage@@QAE_NHJM@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?Crop@CxImage@@QAE_NJJJJPAV1@@Z
?CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z
?Decode@CxImage@@QAE_NPAEKK@Z
?Decode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Decode@CxImage@@QAE_NPAVCxFile@@K@Z
?Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageTIF@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExtension@CxImageGIF@@IAE_NPAVCxFile@@@Z
?DecreaseBpp@CxImage@@QAE_NK_NPAUtagRGBQUAD@@K@Z
?Destroy@CxImage@@QAE_NXZ
?Dither@CxImage@@QAE_NJ@Z
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@@Z
?Encode@CxImageGIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H_N@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z
?Encode@CxImageTIF@@QAE_NPAVCxFile@@PAPAVCxImage@@H@Z
?Encode@CxImageTIF@@QAE_NPAVCxFile@@_N@Z
?EncodeBody@CxImageGIF@@IAEXPAVCxFile@@_N@Z
?EncodeBody@CxImageTIF@@IAE_NPAUtiff@@_NHH@Z
?EncodeComment@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeHeader@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeLoopExtension@CxImageGIF@@IAEXPAVCxFile@@@Z
?EncodeRGB@CxImageGIF@@IAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Expand@CxImage@@QAE_NJJJJUtagRGBQUAD@@PAV1@@Z
?Expand@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z
?Flip@CxImage@@QAE_NXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QBEKXZ
?GetColorType@CxImage@@QAEEXZ
?GetComment@CxImageGIF@@QAEXPAD@Z
?GetDIB@CxImage@@QBEPAXXZ
?GetDisposalMethod@CxImageGIF@@QAEJXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetLoops@CxImageGIF@@QAEJXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetNumLayers@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetParent@CxImage@@QBEPAV1@XZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?GifMix@CxImageGIF@@IAEXAAVCxImage@@JJ@Z
?GifNextPixel@CxImageGIF@@IAEHXZ
?GrayScale@CxImage@@QAE_NXZ
?IncreaseBpp@CxImage@@QAE_NK@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?Load@CxImage@@QAE_NPBDK@Z
?LoadResource@CxImage@@QAE_NPAUHRSRC__@@KPAUHINSTANCE__@@@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Mirror@CxImage@@QAE_NXZ
?Negative@CxImage@@QAE_NXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?Putword@CxImageGIF@@IAEXHPAVCxFile@@@Z
?RGBQUADtoRGB@CxImage@@QAEKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Resample@CxImage@@QAE_NJJHPAV1@@Z
?Rotate180@CxImage@@QAE_NPAV1@@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SelectionAddColor@CxImage@@QAE_NUtagRGBQUAD@@@Z
?SelectionAddEllipse@CxImage@@QAE_NUtagRECT@@@Z
?SelectionAddPixel@CxImage@@QAE_NHH@Z
?SelectionAddPolygon@CxImage@@QAE_NPAUtagPOINT@@J@Z
?SelectionAddRect@CxImage@@QAE_NUtagRECT@@@Z
?SelectionClear@CxImage@@QAE_NXZ
?SelectionCopy@CxImage@@QAE_NAAV1@@Z
?SelectionCreate@CxImage@@QAE_NXZ
?SelectionDelete@CxImage@@QAE_NXZ
?SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z
?SelectionInvert@CxImage@@QAE_NXZ
?SelectionIsInside@CxImage@@QAE_NJJ@Z
?SelectionIsValid@CxImage@@QAE_NXZ
?SelectionToHRGN@CxImage@@QAE_NAAPAUHRGN__@@@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAEXK@Z
?SetComment@CxImageGIF@@QAEXPBD@Z
?SetDisposalMethod@CxImageGIF@@QAEXH@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetLoops@CxImageGIF@@QAEXH@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Skew@CxImage@@QAE_NMMJJ@Z
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?TIFFCloseEx@CxImageTIF@@QAEXPAUtiff@@@Z
?TIFFOpenEx@CxImageTIF@@QAEPAUtiff@@PAVCxFile@@@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Thumbnail@CxImage@@QAE_NJJUtagRGBQUAD@@PAV1@@Z
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?TileToStrip@CxImageTIF@@IAEXPAE0KKHH@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
?b3spline@CxImage@@IAEMM@Z
?char_out@CxImageGIF@@IAEXH@Z
?cl_hash@CxImageGIF@@IAEXJ@Z
?compressLZW@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressNONE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?compressRLE@CxImageGIF@@IAEXHPAVCxFile@@@Z
?decoder@CxImageGIF@@IAEFPAVCxFile@@PAVCImageIterator@@FAAH@Z
?flush_char@CxImageGIF@@IAEXXZ
?get_byte@CxImageGIF@@IAEHPAVCxFile@@@Z
?get_next_code@CxImageGIF@@IAEFPAVCxFile@@@Z
?get_num_frames@CxImageGIF@@IAEHPAVCxFile@@PAUtag_TabCol@1@@Z
?init_exp@CxImageGIF@@IAEFF@Z
?out_line@CxImageGIF@@IAEHPAVCImageIterator@@PAEH@Z
?output@CxImageGIF@@IAEXF@Z
?rle_block_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_block_out@CxImageGIF@@IAEXEPAUtag_RLE@1@@Z
?rle_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_compute_triangle_count@CxImageGIF@@IAEIII@Z
?rle_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_flush_clearorrep@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_fromclear@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_flush_withtable@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_isqrt@CxImageGIF@@IAEII@Z
?rle_output@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_output_flush@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_output_plain@CxImageGIF@@IAEXHPAUtag_RLE@1@@Z
?rle_reset_out_clear@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
?rle_write_block@CxImageGIF@@IAEXPAUtag_RLE@1@@Z
ToBmp

Sections

.text
Size: 684KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
客户端/ads/百度/123.jpg
.jpg
客户端/ads/百度/123.jpg.bmp
客户端/ads/百度/index.html
客户端/proWatch.dll
.dll windows x86

de3a78561a87201f9f4f9e671e3022ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Sleep
WinExec
OpenMutexA
GetModuleFileNameA
CreateThread
GetLastError
CreateMutexA
CompareStringW
CompareStringA
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
VirtualAlloc
IsBadCodePtr
UnhandledExceptionFilter
SetConsoleCtrlHandler
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

MessageBoxA

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78d991f51464353e35cf01dc5ee2c22

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

ws2_32

netapi32

imagehlp

Exports

Exports

Sections

.text Size: 640KB - Virtual size: 639KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 24KB - Virtual size: 31KB

.idata Size: 8KB - Virtual size: 5KB

fhcmyDat Size: 4KB - Virtual size: 294B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 20KB - Virtual size: 18KB

f3b5a169e4dde88771f629ce11b7a854

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl

ws2_32

netapi32

imagehlp

Exports

Exports

Sections

.text Size: 856KB - Virtual size: 853KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 28KB - Virtual size: 33KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 24KB - Virtual size: 22KB

adfef928f38b641c03231b6ee756f99f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

imagehlp

ws2_32

Sections

.text Size: 596KB - Virtual size: 592KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 24KB - Virtual size: 31KB

.idata Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 17KB

b7ba7b09efd26333ad5eb0a7c90d8650

Headers

File Characteristics

Imports

user32

msvcp60

msvcrt

kernel32

gdi32

Exports

Exports

Sections

.text
Size: 640KB - Virtual size: 639KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 24KB - Virtual size: 31KB

.idata
Size: 8KB - Virtual size: 5KB

fhcmyDat
Size: 4KB - Virtual size: 294B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 856KB - Virtual size: 853KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 28KB - Virtual size: 33KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 596KB - Virtual size: 592KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 24KB - Virtual size: 31KB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 684KB - Virtual size: 680KB

.rdata
Size: 168KB - Virtual size: 166KB

.data
Size: 56KB - Virtual size: 86KB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 26KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB