31c0f30ac2b878a3610056f2ed894887432f0381f8e2063a61f800d5a408d3cd

Sharing

Copy URL Twitter E-mail

General

Target

31c0f30ac2b878a3610056f2ed894887432f0381f8e2063a61f800d5a408d3cd
Size

2.6MB
MD5

607ed6a645407b19caeec1f9d50016be
SHA1

e4edcdccc066b7d0daf1c95c73fd29e10a6ce515
SHA256

31c0f30ac2b878a3610056f2ed894887432f0381f8e2063a61f800d5a408d3cd
SHA512

1cbb1cfb9910f12f3a21d2a724933581272e54cf998e75d4cce8dd1cb8189647cfdd177aa034c92644ebdb569ae78972934e671054073466c9313102b150a969
SSDEEP

49152:UFEvAPXTNPC2YTtDW+DPnfN6BVvqZn4qouRoI/8s4/aCC2yroG5:UTB2tD3fkBVvE4qoG38soaClW5

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/X86/1, 0, 0, 1/Decoder.dll	acprotect
static1/unpack001/X86/1, 0, 0, 5/Decoder.dll	acprotect
static1/unpack001/X86/5, 3, 0, 4/Decoder.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/X86/1, 0, 0, 1/Decoder.dll	upx
static1/unpack001/X86/1, 0, 0, 5/Decoder.dll	upx
static1/unpack001/X86/5, 3, 0, 4/Decoder.dll	upx

Files

31c0f30ac2b878a3610056f2ed894887432f0381f8e2063a61f800d5a408d3cd
.rar
DLL下载.url
.url
X86/1, 0, 0, 1/Decoder.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DecoderAUX1Off
DecoderAUX1On
DecoderAUX2Off
DecoderAUX2On
DecoderAUX3Off
DecoderAUX3On
DecoderAUX4Off
DecoderAUX4On
DecoderAutoStart
DecoderAutoStop
DecoderClearAllPreset
DecoderClearPreset
DecoderCloseCom
DecoderDownStart
DecoderDownStop
DecoderFocusFarStart
DecoderFocusFarStop
DecoderFocusNearStart
DecoderFocusNearStop
DecoderGetAlarm
DecoderIrisCloseStart
DecoderIrisCloseStop
DecoderIrisOpenStart
DecoderIrisOpenStop
DecoderLeftStart
DecoderLeftStop
DecoderLocatePreset
DecoderLocateScanPreset
DecoderOpenCom
DecoderReleaseAlarm
DecoderReset
DecoderRightStart
DecoderRightStop
DecoderSearchAlarm
DecoderSetAlarm
DecoderSetLeftLimitPosition
DecoderSetPreset
DecoderSetRightLimitPosition
DecoderSetScanOffPreset
DecoderSetScanOnPreset
DecoderStartPatrol
DecoderStopPatrol
DecoderStopScanPreset
DecoderUpStart
DecoderUpStop
DecoderZoomInStart
DecoderZoomInStop
DecoderZoomOutStart
DecoderZoomOutStop

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/1, 0, 0, 5/Decoder.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DecoderAUX1Off
DecoderAUX1On
DecoderAUX2Off
DecoderAUX2On
DecoderAUX3Off
DecoderAUX3On
DecoderAUX4Off
DecoderAUX4On
DecoderAutoStart
DecoderAutoStop
DecoderClearAllPreset
DecoderClearPreset
DecoderCloseAlarm
DecoderCloseCom
DecoderDownStart
DecoderDownStop
DecoderFocusFarStart
DecoderFocusFarStop
DecoderFocusNearStart
DecoderFocusNearStop
DecoderGetAlarm
DecoderIrisCloseStart
DecoderIrisCloseStop
DecoderIrisOpenStart
DecoderIrisOpenStop
DecoderLeftStart
DecoderLeftStop
DecoderLocatePreset
DecoderLocateScanPreset
DecoderOpenAlarm
DecoderOpenCom
DecoderReleaseAlarm
DecoderReset
DecoderRightStart
DecoderRightStop
DecoderSearchAlarm
DecoderSetAlarm
DecoderSetLeftLimitPosition
DecoderSetPreset
DecoderSetRightLimitPosition
DecoderSetScanOffPreset
DecoderSetScanOnPreset
DecoderStartPatrol
DecoderStopPatrol
DecoderStopScanPreset
DecoderUpStart
DecoderUpStop
DecoderZoomInStart
DecoderZoomInStop
DecoderZoomOutStart
DecoderZoomOutStop

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/1, 0, 0, 8/Decoder.dll
.dll windows x86

261129ddf93144d84070060f39c5a51e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3953
ord2725
ord3147
ord3584
ord543
ord803
ord800
ord2818
ord540
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord6467
ord4274
ord269
ord826
ord600

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
sprintf

kernel32

LocalFree
EscapeCommFunction
ClearCommError
ReadFile
WriteFile
CloseHandle
CreateFileA
SetCommMask
SetupComm
PurgeComm
SetCommTimeouts
GetCommState
SetCommState
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
LocalAlloc

Exports

Exports

DecoderAUX1Off
DecoderAUX1On
DecoderAUX2Off
DecoderAUX2On
DecoderAUX3Off
DecoderAUX3On
DecoderAUX4Off
DecoderAUX4On
DecoderAutoStart
DecoderAutoStop
DecoderClearAllPreset
DecoderClearPreset
DecoderCloseAlarm
DecoderCloseCom
DecoderDownStart
DecoderDownStop
DecoderFocusFarStart
DecoderFocusFarStop
DecoderFocusNearStart
DecoderFocusNearStop
DecoderGetAlarm
DecoderIrisCloseStart
DecoderIrisCloseStop
DecoderIrisOpenStart
DecoderIrisOpenStop
DecoderLeftStart
DecoderLeftStop
DecoderLocatePreset
DecoderLocateScanPreset
DecoderOpenAlarm
DecoderOpenCom
DecoderReleaseAlarm
DecoderReset
DecoderRightStart
DecoderRightStop
DecoderSearchAlarm
DecoderSetAlarm
DecoderSetLeftLimitPosition
DecoderSetPreset
DecoderSetRightLimitPosition
DecoderSetScanOffPreset
DecoderSetScanOnPreset
DecoderStartPatrol
DecoderStopPatrol
DecoderStopScanPreset
DecoderUpStart
DecoderUpStop
DecoderZoomInStart
DecoderZoomInStop
DecoderZoomOutStart
DecoderZoomOutStop

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/1, 0, 5, 407/decoder.dll
.dll windows x86

029bd66ec10cdbe1990e8937aeff268c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
HeapAlloc
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA
LCMapStringW
RtlUnwind
SetStdHandle
SetFilePointer
FlushFileBuffers
CloseHandle

Exports

Exports

decoder
getframe
skipframe
start
stop

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/1, 4, 0, 2816/Decoder.dll
.dll windows x86

8b7854fbc224c769ba2a71652afaa910

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
TlsFree
HeapDestroy
HeapCreate
VirtualFree
WriteFile
Sleep
LCMapStringA
LCMapStringW
CloseHandle
ReadFile
SetFilePointer
VirtualAlloc
IsBadWritePtr
HeapSize
FlushFileBuffers
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetOEMCP
SetStdHandle
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetSystemTimeAsFileTime
RaiseException
GetTimeZoneInformation
DeleteFileA
HeapFree
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetVersion
GetCommandLineA
RtlUnwind
GetSystemTime
FatalAppExitA
LoadLibraryA
GetProcAddress
GetVersionExA
GetACP
GetFullPathNameA
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetEnvironmentStringsW
GetModuleFileNameA

user32

IntersectRect
GetDC
ReleaseDC
FillRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA

gdi32

GetOutlineTextMetricsA
GetCharWidthA
GetRegionData
GetTextFaceA
GetTextMetricsA
GetFontData
CreateFontA
DeleteDC
PolyBezierTo
RestoreDC
SelectClipRgn
SaveDC
CreateRectRgn
DeleteObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BeginPath
SelectClipPath
IntersectClipRect
WidenPath
CreatePen
CreateDCA
CreateFontIndirectA
CloseFigure
EndPath
ExtCreatePen
SetMiterLimit
SetPolyFillMode
StrokeAndFillPath
StrokePath
FillPath
MoveToEx
LineTo
GetClipBox
StretchDIBits
SetDIBitsToDevice
GetClipRgn
SetStretchBltMode
GetObjectType
CreateBitmap
GetDeviceCaps
BitBlt
GetDIBits
GetObjectA
CreateDIBitmap
ExtEscape
GetStockObject
EnumFontFamiliesExA
GetPixel

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

Exports

Exports

FPDFAction_GetDest
FPDFAction_GetFilePath
FPDFAction_GetType
FPDFAction_GetURIPath
FPDFBitmap_Create
FPDFBitmap_CreateEx
FPDFBitmap_Destroy
FPDFBitmap_FillRect
FPDFBitmap_GetBuffer
FPDFBitmap_GetHeight
FPDFBitmap_GetWidth
FPDFBookmark_Find
FPDFBookmark_GetAction
FPDFBookmark_GetColorRef
FPDFBookmark_GetDest
FPDFBookmark_GetFirstChild
FPDFBookmark_GetFontStyle
FPDFBookmark_GetNextSibling
FPDFBookmark_GetTitle
FPDFDest_GetPageIndex
FPDFDest_GetZoomMode
FPDFDest_GetZoomParam
FPDFLink_GetAction
FPDFLink_GetDest
FPDFLink_GetLinkAtPoint
FPDFOBJ_CountElement
FPDFOBJ_GetCatalog
FPDFOBJ_GetElementByIndex
FPDFOBJ_GetElementByName
FPDFOBJ_GetFloat
FPDFOBJ_GetInfo
FPDFOBJ_GetInteger
FPDFOBJ_GetNameByIndex
FPDFOBJ_GetString
FPDFOBJ_GetType
FPDF_AddItemToMRUList
FPDF_AllocMemory
FPDF_ClearMRUList
FPDF_CloseDocument
FPDF_ClosePage
FPDF_DeviceToPage
FPDF_EnumPageSize
FPDF_FreeMemory
FPDF_GetDocPermissions
FPDF_GetLastError
FPDF_GetMetaText
FPDF_GetPageCount
FPDF_GetPageHeight
FPDF_GetPageSizeByIndex
FPDF_GetPageThumbnail
FPDF_GetPageWidth
FPDF_GetPasswordLevel
FPDF_LoadCustomDocument
FPDF_LoadDocument
FPDF_LoadMemDocument
FPDF_LoadPage
FPDF_OutputDecrypted
FPDF_PageToDevice
FPDF_QuickDrawPage
FPDF_RegisterSecurityFilter
FPDF_RenderPage
FPDF_RenderPageBitmap
FPDF_SetErrorHandler
FPDF_SetModulePath
FPDF_Snapshot
FPDF_UnlockDLL
_FPDFBitmap_GetStride@4
_FPDFBookmark_GetPageFirstLine@12

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/5, 3, 0, 4/Decoder.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DecoderAUX1Off
DecoderAUX1On
DecoderAUX2Off
DecoderAUX2On
DecoderAUX3Off
DecoderAUX3On
DecoderAUX4Off
DecoderAUX4On
DecoderAutoStart
DecoderAutoStop
DecoderClearAllPreset
DecoderClearPreset
DecoderCloseCom
DecoderDownStart
DecoderDownStop
DecoderFocusFarStart
DecoderFocusFarStop
DecoderFocusNearStart
DecoderFocusNearStop
DecoderGetAlarm
DecoderIrisCloseStart
DecoderIrisCloseStop
DecoderIrisOpenStart
DecoderIrisOpenStop
DecoderLeftStart
DecoderLeftStop
DecoderLocatePreset
DecoderLocateScanPreset
DecoderOpenCom
DecoderReleaseAlarm
DecoderReset
DecoderRightStart
DecoderRightStop
DecoderSearchAlarm
DecoderSetAlarm
DecoderSetLeftLimitPosition
DecoderSetPreset
DecoderSetRightLimitPosition
DecoderSetScanOffPreset
DecoderSetScanOnPreset
DecoderStartPatrol
DecoderStopPatrol
DecoderStopScanPreset
DecoderUpStart
DecoderUpStop
DecoderZoomInStart
DecoderZoomInStop
DecoderZoomOutStart
DecoderZoomOutStop

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
X86/7, 3, 2, 56/Decoder.dll
.dll windows x86

0748dbb1bada41523a14bfad158eeb6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemTime
GetLocalTime
GetModuleHandleA

Exports

Exports

DECODER_CreateInstance
DECODER_GetUValue
DECODER_GetVValue
DECODER_GetYValue
DECODER_InitInstance
DECODER_OneFrame
DECODER_ReleaseInstance
DECODER_SetDecodePP
DECODER_SetQuality

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/7.6.0.0/Decoder.DLL
.dll windows x86

b9f2e2c325bc485ca470eea3ac7dabf8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathRemoveExtensionA

kernel32

CloseHandle
UnmapViewOfFile
GetCurrentProcessId
MapViewOfFile
GetLastError
CreateFileMappingA
ReadFile
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetFileSize
GetVolumeInformationA
Sleep
DeviceIoControl
CopyFileA
GetSystemTime
MultiByteToWideChar
DeleteFileA
WriteFile
SetFilePointer
FileTimeToSystemTime
GetFileTime
GetDiskFreeSpaceA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
TerminateThread
SuspendThread
ExitThread
CreateThread
ResumeThread
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleA
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

MessageBoxA

Exports

Exports

_KS_ConnectPackage3@4

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/7.7.0.0/Decoder.DLL
.dll windows x86

c46156cc4a45c44bfba41788aa623acf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathRemoveExtensionA

kernel32

InitializeCriticalSection
GetEnvironmentVariableA
CloseHandle
ReadFile
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetFileSize
GetVolumeInformationA
Sleep
DeviceIoControl
CopyFileA
GetSystemTime
MultiByteToWideChar
DeleteFileA
WriteFile
SetFilePointer
FileTimeToSystemTime
GetFileTime
GetDiskFreeSpaceA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
TerminateThread
SuspendThread
ExitThread
CreateThread
ResumeThread
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetModuleHandleA
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

user32

MessageBoxA

Exports

Exports

_KS_ConnectPackage4@4

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/8.0.0.0/decoder.dll
.dll windows x86

f11b7d0611d4ba0edd606f0f6b639674

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA
PathFindExtensionA
PathGetDriveNumberA
PathIsRootA
PathFindFileNameA
PathRemoveExtensionA

kernel32

ReadFile
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetFileSize
GetVolumeInformationA
Sleep
DeviceIoControl
CopyFileA
GetSystemTime
MultiByteToWideChar
DeleteFileA
WriteFile
SetFilePointer
FileTimeToSystemTime
GetFileTime
GetDiskFreeSpaceA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
LeaveCriticalSection
SuspendThread
EnterCriticalSection
GetCurrentThreadId
ExitThread
InitializeCriticalSection
CreateThread
ResumeThread
DeleteCriticalSection
TerminateThread
FindClose
FindNextFileA
GetLastError
FindFirstFileA
SetCurrentDirectoryA
Process32Next
Process32First
CloseHandle
GetVersionExA
GetModuleHandleA
GetProcAddress
LoadLibraryA
MulDiv
VirtualProtect
VirtualAlloc
VirtualFree
GetSystemInfo
VirtualQuery
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
LCMapStringW
GetCPInfo
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
GetStringTypeW
GetEnvironmentVariableA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
CreateToolhelp32Snapshot
InterlockedExchange
GetStringTypeA
HeapCreate
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
WideCharToMultiByte
LCMapStringA
HeapDestroy

user32

GetWindowRect
MessageBoxA
FillRect
DialogBoxParamA
KillTimer
GetDC
DrawTextA
GetWindowLongA
AdjustWindowRect
SetWindowPos
GetDlgItem
ReleaseDC
SetDlgItemTextA
ShowWindow
LoadIconA
SendMessageA
SetWindowTextA
EndDialog
MessageBeep
SetTimer
IsDlgButtonChecked
GetActiveWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
SetBkMode
SetTextColor
GetDIBits
DeleteDC
CreateFontA
SelectObject
DeleteObject
GetDeviceCaps

ole32

CoCreateInstance

Exports

Exports

_KS_ConnectPackage4@4

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/Decoder.dll
.dll windows x86

4c9bb2f8b665059fd4caced20e348be8

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6b:e9:8f:73:7a:9c:11:d6:9c:e0:b3:16:69:6e:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/12/2009, 00:00

Not After

21/12/2012, 23:59

Subject

CN=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,L=beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7f:02:c9:16:7a:93:45:ee:33:c0:30:96:d6:f3:98:27:49:d9:c8:46
Signer

Actual PE Digest

7f:02:c9:16:7a:93:45:ee:33:c0:30:96:d6:f3:98:27:49:d9:c8:46

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Duowan Entertainment Information Technology (Beijing) Co.\, Ltd.,L=beijing,ST=Beijing,C=CN

21/12/2012, 08:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcr90

_encoded_null
_decode_pointer
free
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_malloc_crt
_encode_pointer
??_V@YAXPAX@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_initterm
__CxxFrameHandler3

Exports

Exports

CreateDecoder

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.15 Build 6037/decoder.dll
.dll windows x86

5a7d889a45363bd66f33aa92f1c2596e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_setjmp3
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
mktime
memset
strcpy
__mb_cur_max
strstr
putc
fprintf
fseek
setvbuf
qsort
ungetc
sprintf
rand
strtol
memmove
strchr
__CxxFrameHandler
fread
fputs
toupper
ftell
atol
strncmp
fgets
ctime
bsearch
fwrite
getc
time
strtoul
??2@YAPAXI@Z
fputc
_mbsicmp
getenv
??3@YAXPAX@Z
vsprintf
isspace
_mbscmp
_purecall
sscanf
isgraph
strncpy
strpbrk
_ftol
malloc
_unlink
_itoa
_mkdir
atoi
_access
_findfirst
_getcwd
_chdrive
_chdir
printf
fflush
_errno
_fullpath
_sopen
_mktemp
_getpid
fsetpos
fgetpos
fclose
remove
fopen
free
tolower
memcpy
strcmp
_findclose
_beginthread
_endthread
_putenv
clearerr
__p___mb_cur_max
_isctype
__p__environ
longjmp
calloc
fgetc
_findnext
memcmp
_pctype
_fdopen
_iob
setlocale
abs
strlen
__p__pctype
strcat
_stat
localtime
__p__iob
_exit
_sys_errlist
_sys_nerr
strrchr
srand

mfc42

ord1575
ord1176
ord1168
ord4612
ord4610
ord1577
ord1116
ord4486
ord2554
ord4274
ord5731
ord3922
ord1089
ord2396
ord3346
ord2512
ord5302
ord4079
ord4698
ord5307
ord5289
ord5300
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord2982
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord3079
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2514
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord2515
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3663
ord3571
ord3573
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord5265
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord6828
ord2723
ord2390
ord3059
ord323
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord342
ord1182
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord3763
ord3496
ord1243
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord3402
ord3698
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord940
ord2864
ord5100
ord1908

kernel32

GetCurrentProcess
CreateSemaphoreA
OpenSemaphoreA
SetLastError
ReleaseSemaphore
CreateMutexA
GetLastError
ReleaseMutex
SetHandleInformation
SetErrorMode
GetProcAddress
GetDriveTypeA
GetVolumeInformationA
CreateEventA
ResetEvent
WaitForSingleObject
CloseHandle
GetVersion
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
VirtualAlloc
VirtualFree
GetCurrentThread
CreateFileA
GetModuleHandleA
SetEvent
GetProcessTimes
WinExec
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
LoadResource
LockResource
SizeofResource
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
FindResourceA
GlobalLock

user32

SendMessageA
MessageBoxA
LoadStringA
SetWindowLongA
InvalidateRect
MessageBeep
DdeInitializeA
GetSysColor
DestroyIcon
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
LoadCursorA
wsprintfA
ClientToScreen
EmptyClipboard
SetCursor
OpenClipboard
GetParent
CloseClipboard
SetClipboardData
GetClientRect
GetDC
ReleaseDC
ScreenToClient
GetFocus
LoadMenuA
ModifyMenuA
CheckMenuItem
SetTimer
GetMenuItemID
RemoveMenu
GetMenuItemCount
InsertMenuA
DeleteMenu
GetSubMenu
GetMenuState
GetActiveWindow
MoveWindow
ShowWindow
GetDlgItem
GetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetFocus
SetWindowTextA
GetSystemMetrics
CreateDialogIndirectParamA
DialogBoxIndirectParamA
GetMenuStringA
GetMenu
EnableWindow
GetWindowRect
FillRect
LoadBitmapA
GetCapture
PeekMessageA
LoadIconA
PostQuitMessage

gdi32

GetStockObject
CreateCompatibleDC
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
SelectObject
GetDeviceCaps
BitBlt

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegisterEventSourceA
ReportEventA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
RegEnumKeyExA
GetUserNameA
RegQueryInfoKeyA
RegOpenKeyExA
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
DragFinish
DragQueryFileA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.16 Build 6124/decoder.dll
.dll windows x86

9d43f7154ba5d087c12be52562327436

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_setjmp3
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
mktime
memset
strcpy
__mb_cur_max
strstr
putc
fprintf
fseek
setvbuf
qsort
ungetc
sprintf
rand
strtol
memmove
strchr
__CxxFrameHandler
fread
fputs
toupper
ftell
atol
strncmp
fgets
ctime
bsearch
malloc
free
time
getc
fputc
fwrite
??2@YAPAXI@Z
??3@YAXPAX@Z
strtoul
getenv
_mbscmp
_mbsicmp
isspace
isgraph
vsprintf
sscanf
_ftol
_purecall
strpbrk
_unlink
strncpy
_mkdir
atoi
_access
_findfirst
_getcwd
_chdrive
_chdir
printf
fflush
_errno
_fullpath
_sopen
_mktemp
_getpid
fsetpos
fgetpos
fclose
remove
fopen
tolower
_itoa
memcpy
strcmp
_findclose
_beginthread
_endthread
_putenv
clearerr
__p___mb_cur_max
_isctype
__p__environ
longjmp
calloc
fgetc
_findnext
memcmp
_pctype
_fdopen
_iob
setlocale
abs
strlen
__p__pctype
strcat
_stat
localtime
__p__iob
_exit
_sys_errlist
_sys_nerr
strrchr
srand

mfc42

ord1575
ord1176
ord1168
ord4612
ord4610
ord1577
ord1116
ord4486
ord2554
ord4274
ord5731
ord3922
ord1089
ord2396
ord3346
ord2512
ord5302
ord4079
ord4698
ord5307
ord5289
ord5300
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord2982
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord3079
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2514
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord2515
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3571
ord3573
ord3626
ord3663
ord755
ord2414
ord640
ord5785
ord1640
ord5265
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord6828
ord2723
ord2390
ord3059
ord323
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord342
ord1182
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord3763
ord3496
ord1243
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord3402
ord3698
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord940
ord2864
ord5100
ord1908

kernel32

GetCurrentProcess
CreateSemaphoreA
OpenSemaphoreA
SetLastError
ReleaseSemaphore
CreateMutexA
GetLastError
ReleaseMutex
SetHandleInformation
SetErrorMode
GetProcAddress
GetDriveTypeA
GetVolumeInformationA
CreateEventA
ResetEvent
WaitForSingleObject
CloseHandle
GetVersion
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
VirtualAlloc
VirtualFree
GetCurrentThread
CreateFileA
GetModuleHandleA
SetEvent
GetProcessTimes
WinExec
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
LoadResource
LockResource
SizeofResource
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
FindResourceA
GlobalLock

user32

SendMessageA
MessageBoxA
LoadStringA
SetWindowLongA
InvalidateRect
MessageBeep
DdeInitializeA
GetSysColor
DestroyIcon
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
LoadCursorA
wsprintfA
ClientToScreen
EmptyClipboard
SetCursor
OpenClipboard
GetParent
CloseClipboard
SetClipboardData
GetClientRect
GetDC
ReleaseDC
ScreenToClient
GetFocus
LoadMenuA
ModifyMenuA
CheckMenuItem
SetTimer
GetMenuItemID
RemoveMenu
GetMenuItemCount
InsertMenuA
DeleteMenu
GetSubMenu
GetMenuState
GetActiveWindow
MoveWindow
ShowWindow
GetDlgItem
GetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetFocus
SetWindowTextA
GetSystemMetrics
CreateDialogIndirectParamA
DialogBoxIndirectParamA
GetMenuStringA
GetMenu
EnableWindow
GetWindowRect
FillRect
LoadBitmapA
GetCapture
PeekMessageA
LoadIconA
PostQuitMessage

gdi32

GetStockObject
CreateCompatibleDC
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
SelectObject
GetDeviceCaps
BitBlt

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegisterEventSourceA
ReportEventA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
RegEnumKeyExA
GetUserNameA
RegQueryInfoKeyA
RegOpenKeyExA
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA

shell32

ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
DragFinish
DragQueryFileA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.18 Build 8120/decoder.dll
.dll windows x86

4f8233b7d294792a88697661e8cf573f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
_getcwd
_chdrive
_chdir
printf
_getpid
fflush
_errno
_fullpath
_sopen
_fdopen
fsetpos
fgetpos
fclose
remove
fopen
tolower
_snprintf
_itoa
strpbrk
strncpy
_ftol
sscanf
_purecall
isgraph
isspace
vsprintf
_mbscmp
getenv
_mbsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strtoul
fputc
getc
fwrite
time
ctime
fgets
bsearch
atol
ftell
strncmp
fputs
toupper
strchr
memmove
__CxxFrameHandler
rand
setlocale
ungetc
_unlink
_access
_mkdir
qsort
setvbuf
fseek
fgetc
fprintf
putc
_isctype
strstr
__mb_cur_max
atoi
memcmp
_pctype
strtol
sprintf
malloc
fread
free
_iob
_findfirst
_findnext
_stat
_findclose
_beginthread
_endthread
_putenv
clearerr
__p___mb_cur_max
__p__pctype
__p__environ
longjmp
calloc
abs
srand
strrchr
_setjmp3
memset
strcpy
strlen
memcpy
strcmp
mktime
localtime
__p__iob
_exit
strcat
_sys_errlist
_sys_nerr
_mktemp

mfc42

ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord2514
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2515
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3571
ord3573
ord3626
ord3663
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord6828
ord1243
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord940
ord2864
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord1197
ord3496
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord3402
ord3698
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord2723
ord3763

kernel32

OpenSemaphoreA
CreateEventA
GetProcessTimes
GetCurrentProcess
SetLastError
GetVolumeInformationA
GetDriveTypeA
GlobalFree
VirtualAlloc
VirtualFree
GetCurrentThread
ReleaseSemaphore
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForSingleObject
CloseHandle
GetVersion
CreateMutexA
GetLastError
ReleaseMutex
SetHandleInformation
SetErrorMode
GetProcAddress
GetModuleHandleA
CreateFileA
SetEvent
CreateSemaphoreA
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WinExec
FindResourceA
LoadResource
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
LockResource
SizeofResource

user32

PostQuitMessage
LoadIconA
SendMessageA
PeekMessageA
GetCapture
LoadStringA
MessageBoxA
InvalidateRect
MessageBeep
SetWindowLongA
GetSysColor
DestroyIcon
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
wsprintfA
ClientToScreen
LoadCursorA
SetCursor
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
GetDC
ReleaseDC
GetClientRect
GetFocus
LoadMenuA
ScreenToClient
CheckMenuItem
SetTimer
ModifyMenuA
RemoveMenu
GetMenuItemCount
GetMenuItemID
GetActiveWindow
MoveWindow
ShowWindow
GetDlgItem
GetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetFocus
SetWindowTextA
GetSystemMetrics
CreateDialogIndirectParamA
DialogBoxIndirectParamA
LoadBitmapA
DeleteMenu
GetSubMenu
InsertMenuA
GetMenuState
GetMenuStringA
GetMenu
EnableWindow
GetWindowRect
FillRect

gdi32

SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateCompatibleDC
BitBlt
GetStockObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
RegEnumKeyExA
GetUserNameA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey

shell32

DragQueryFileA
SHGetPathFromIDListA
DragFinish
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 748KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.18 Build 9056/decoder.dll
.dll windows x86

76348ec6435afb8ec5a309d0eba8a344

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
_getcwd
_chdrive
_chdir
printf
_getpid
fflush
_errno
_fullpath
_sopen
_fdopen
fsetpos
fgetpos
fclose
remove
fopen
tolower
_snprintf
_itoa
strpbrk
strncpy
_ftol
sscanf
_purecall
isgraph
isspace
vsprintf
_mbscmp
getenv
_mbsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strtoul
fputc
getc
fwrite
time
ctime
fgets
bsearch
atol
ftell
strncmp
fputs
toupper
strchr
memmove
__CxxFrameHandler
rand
setlocale
ungetc
_unlink
_access
_mkdir
qsort
setvbuf
fseek
fgetc
fprintf
putc
_isctype
strstr
__mb_cur_max
atoi
memcmp
_pctype
strtol
sprintf
malloc
fread
free
_iob
_findfirst
_findnext
_stat
_findclose
_beginthread
_endthread
_putenv
clearerr
__p___mb_cur_max
__p__pctype
__p__environ
longjmp
calloc
abs
srand
strrchr
_setjmp3
memset
strcpy
strlen
memcpy
strcmp
mktime
localtime
__p__iob
_exit
strcat
_sys_errlist
_sys_nerr
_mktemp

mfc42

ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord2514
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2515
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3663
ord3571
ord3573
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord6828
ord1243
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord940
ord2864
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord1197
ord3496
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord3402
ord3698
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord2723
ord3763

kernel32

OpenSemaphoreA
CreateEventA
GetProcessTimes
GetCurrentProcess
SetLastError
GetVolumeInformationA
GetDriveTypeA
GlobalFree
VirtualAlloc
VirtualFree
GetCurrentThread
ReleaseSemaphore
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForSingleObject
CloseHandle
GetVersion
CreateMutexA
GetLastError
ReleaseMutex
SetHandleInformation
SetErrorMode
GetProcAddress
GetModuleHandleA
CreateFileA
SetEvent
CreateSemaphoreA
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WinExec
FindResourceA
LoadResource
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
LockResource
SizeofResource

user32

PostQuitMessage
LoadIconA
SendMessageA
PeekMessageA
GetCapture
LoadStringA
MessageBoxA
InvalidateRect
MessageBeep
SetWindowLongA
GetSysColor
DestroyIcon
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
wsprintfA
ClientToScreen
LoadCursorA
SetCursor
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
GetDC
ReleaseDC
GetClientRect
GetFocus
LoadMenuA
ScreenToClient
CheckMenuItem
SetTimer
ModifyMenuA
RemoveMenu
GetMenuItemCount
GetMenuItemID
GetActiveWindow
MoveWindow
ShowWindow
GetDlgItem
GetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetFocus
SetWindowTextA
GetSystemMetrics
CreateDialogIndirectParamA
DialogBoxIndirectParamA
LoadBitmapA
DeleteMenu
GetSubMenu
InsertMenuA
GetMenuState
GetMenuStringA
GetMenu
EnableWindow
GetWindowRect
FillRect

gdi32

SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateCompatibleDC
BitBlt
GetStockObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
RegEnumKeyExA
GetUserNameA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey

shell32

DragQueryFileA
SHGetPathFromIDListA
DragFinish
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.18 Build 9279/decoder.dll
.dll windows x86

ccd2adbcc77510871ad8eaf9086efb99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
_getcwd
_chdrive
_chdir
printf
fflush
_getpid
_errno
_fullpath
_sopen
_fdopen
fsetpos
fgetpos
fclose
remove
fopen
tolower
_snprintf
_itoa
strpbrk
strncpy
_ftol
sscanf
_purecall
isgraph
isspace
vsprintf
_mbscmp
getenv
_mbsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_EH_prolog
strtoul
fputc
getc
fwrite
time
ctime
fgets
bsearch
atol
ftell
strncmp
fputs
toupper
strchr
memmove
__CxxFrameHandler
rand
setlocale
ungetc
_unlink
_access
_mkdir
qsort
setvbuf
fseek
fgetc
fprintf
putc
_isctype
strstr
__mb_cur_max
atoi
memcmp
_pctype
strtol
sprintf
malloc
fread
free
_iob
_findfirst
_findnext
_stat
_findclose
_beginthread
_endthread
_putenv
clearerr
__p___mb_cur_max
__p__pctype
__p__environ
longjmp
calloc
abs
srand
strrchr
_setjmp3
memset
strcpy
strlen
memcpy
strcmp
mktime
localtime
__p__iob
_exit
strcat
_sys_errlist
_sys_nerr
_mktemp

mfc42

ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord2514
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2515
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3663
ord3571
ord3573
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord1197
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord940
ord2864
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord1570
ord3763
ord3496
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord3402
ord3698
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord6828
ord3329

kernel32

OpenSemaphoreA
CreateEventA
GetProcessTimes
GetCurrentProcess
SetLastError
GetVolumeInformationA
GetDriveTypeA
GlobalFree
VirtualAlloc
VirtualFree
GetCurrentThread
ReleaseSemaphore
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForSingleObject
CloseHandle
GetVersion
CreateMutexA
GetLastError
ReleaseMutex
SetHandleInformation
SetErrorMode
GetProcAddress
GetModuleHandleA
CreateFileA
SetEvent
CreateSemaphoreA
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WinExec
FindResourceA
LoadResource
LockResource
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
SizeofResource
WritePrivateProfileSectionA

user32

PostQuitMessage
LoadIconA
SendMessageA
PeekMessageA
GetCapture
LoadStringA
MessageBoxA
InvalidateRect
MessageBeep
SetWindowLongA
GetSysColor
DestroyIcon
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
wsprintfA
ClientToScreen
LoadCursorA
SetCursor
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
GetDC
ReleaseDC
GetClientRect
GetFocus
LoadMenuA
ScreenToClient
CheckMenuItem
SetTimer
ModifyMenuA
RemoveMenu
GetMenuItemCount
GetMenuItemID
GetActiveWindow
MoveWindow
ShowWindow
GetDlgItem
GetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetFocus
SetWindowTextA
GetSystemMetrics
CreateDialogIndirectParamA
DialogBoxIndirectParamA
LoadBitmapA
DeleteMenu
GetSubMenu
InsertMenuA
GetMenuState
GetMenuStringA
GetMenu
EnableWindow
GetWindowRect
FillRect

gdi32

SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateCompatibleDC
BitBlt
GetStockObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
RegEnumKeyExA
GetUserNameA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey

shell32

DragQueryFileA
SHGetPathFromIDListA
DragFinish
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 764KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/V-5.0.19 Build 10203/decoder.dll
.dll windows x86

51aa9179606926423639f5806075fa48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
_getcwd
_chdrive
_chdir
realloc
printf
_access
_open
_getpid
_strdup
_stricmp
fflush
_errno
_fullpath
_sopen
_fdopen
fsetpos
fgetpos
fclose
remove
fopen
tolower
_snprintf
_itoa
strpbrk
strncpy
_ftol
sscanf
_purecall
isgraph
isspace
vsprintf
_mbscmp
getenv
_mbsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_EH_prolog
strtoul
fputc
getc
fwrite
time
ctime
fgets
bsearch
atol
ftell
strncmp
fputs
toupper
strchr
memmove
__CxxFrameHandler
rand
setlocale
ungetc
qsort
setvbuf
fseek
fgetc
fprintf
putc
_isctype
strstr
__mb_cur_max
_pctype
strtol
sprintf
malloc
fread
free
_iob
getchar
_popen
perror
_wunlink
_wremove
_waccess
_wrename
rename
_wstat
_close
_wopen
_wfreopen
freopen
_wfopen
atoi
_findfirst
_findnext
_stat
_findclose
memcmp
_beginthread
_endthread
_putenv
clearerr
srand
__p__environ
longjmp
abs
calloc
strcat
strrchr
_sys_nerr
_sys_errlist
_exit
localtime
memset
mktime
strcmp
memcpy
strlen
strcpy
_setjmp3
_unlink

mfc42

ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord2514
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2515
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3663
ord3571
ord3573
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord1197
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord940
ord2864
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord3763
ord3496
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord3402
ord3698
ord2585
ord6154
ord1570
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord6828
ord2530

kernel32

SetEvent
GetModuleHandleA
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetErrorMode
CreateEventA
GetProcessTimes
GetCurrentProcess
SetLastError
GetVolumeInformationA
GetDriveTypeA
ResetEvent
VirtualFree
FindFirstFileW
FindNextFileW
CreateFileA
ReadFile
WriteFile
DeviceIoControl
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetLocalTime
GetFileSize
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
VirtualAlloc
GetProcAddress
GetVersion
SetHandleInformation
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WinExec
FindResourceA
LoadResource
LockResource
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
SizeofResource
WritePrivateProfileSectionA

user32

GetMenuStringA
GetMenuState
InsertMenuA
GetSubMenu
DialogBoxIndirectParamA
CreateDialogIndirectParamA
MoveWindow
GetMenu
SetWindowTextA
SetFocus
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
GetWindowLongA
GetDlgItem
EnableWindow
GetWindowRect
FillRect
GetSystemMetrics
GetActiveWindow
LoadBitmapA
GetCapture
PeekMessageA
LoadIconA
SendMessageA
PostQuitMessage
ShowWindow
DeleteMenu
GetMenuItemID
LoadStringA
MessageBoxA
InvalidateRect
MessageBeep
SetWindowLongA
GetSysColor
DestroyIcon
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
wsprintfA
ClientToScreen
LoadCursorA
SetCursor
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
GetDC
ReleaseDC
GetClientRect
GetFocus
LoadMenuA
ScreenToClient
CheckMenuItem
SetTimer
ModifyMenuA
RemoveMenu
GetMenuItemCount

gdi32

BitBlt
GetStockObject
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateCompatibleDC

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA

shell32

DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
DragFinish

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

inet_ntoa
setsockopt
ntohs
WSAGetLastError
ntohl
htonl
gethostname
gethostbyname
gethostbyaddr
inet_addr
ioctlsocket
WSACleanup
send
WSAStartup
getsockname
getsockopt
__WSAFDIsSet
select
connect
socket
htons
getprotobyname
closesocket
recv

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll安装方法.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 9KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 8KB - Virtual size: 6KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 6KB

261129ddf93144d84070060f39c5a51e

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 6KB

029bd66ec10cdbe1990e8937aeff268c

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 48KB

.idata Size: 4KB - Virtual size: 1KB

.rodata Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 8KB - Virtual size: 6KB

8b7854fbc224c769ba2a71652afaa910

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 424KB - Virtual size: 421KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 8KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 48KB

.idata
Size: 4KB - Virtual size: 1KB

.rodata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 424KB - Virtual size: 421KB

.data
Size: 108KB - Virtual size: 189KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 72KB - Virtual size: 70KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 292KB - Virtual size: 288KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 24KB - Virtual size: 450KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 24KB - Virtual size: 199KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 28KB - Virtual size: 200KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 7KB