ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09

Sharing

Copy URL

Twitter E-mail

General

Target

ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09
Size

16.3MB
MD5

e4a268ee35592e3c3c206f019f1ddffe
SHA1

e06f4f4df8675cc91b5eca9cb3ca495b0d31e619
SHA256

ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09
SHA512

ce2af0e951abdc598bab2e1f8a5927ff51161dbe8af4999ce09915c2b457b534367e2aa59bd3506f1ec7d0f1772ec387b79c578f2ffd1dbe830d0d944e0fd5c3
SSDEEP

393216:gORTLIBzreOjni7LFLa3otp5jLPd080bQ65wmDk5NIUT4:pFye1Lxa3kbjLFNCQqowUT4

Score

8^/10

vmprotect aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/1433_hack44.cn/FTP2013.exe	aspack_v212_v242
static1/unpack001/1433_hack44.cn/hfs2_3b285/hfs.exe	aspack_v212_v242

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/1433_hack44.cn/12-18/MD5修改器.exe	vmprotect
static1/unpack001/1433_hack44.cn/NB12-18/MD5修改器.exe	vmprotect

Files

ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09
.rar
1433_hack44.cn/12-18/Gh0st.exe
.exe windows x86

8708200ec6afeb1d763279199b9b5dd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveInGetNumDevs

kernel32

EnumResourceTypesW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetScrollInfo

gdi32

EndPath

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

GetFileSecurityA

shell32

DragQueryFileA

comctl32

ImageList_Destroy

oledlg

ord1

ole32

CoLockObjectExternal

olepro32

ord253

oleaut32

SysAllocStringByteLen

ws2_32

WSAWaitForMultipleEvents

pdh

PdhCollectQueryData

avifil32

AVIStreamSetFormat

msvfw32

ICSeqCompressFrameStart

shlwapi

PathRemoveFileSpecA

wininet

InternetCanonicalizeUrlA

Exports

Exports

$��΄�>��w��&��9��r�ۋqK>[��2�3Ӵk,��x9ꣳ��7�d��p�l�_��-��\�P�+C�ϲ�� 0CЗ�B��F��)�<v�+��@�WwѼ1\7 Հ:̆�C�D��vp�g��W�;�%��$�{q�j%��/T1߶Gg��Qޭ��#��%��Ϟ^"Δ}��qֈ(��W.WY��'�a��֕�^m��Շ��)��e)��QBd��'(��л;��F��z��Tk�S��d�n��k9q�W>Ɣ��a��h��u��6��^��J��~!��)�C�|��:��b�� .�!�A�_DIjy��M�Q�yc��c�>��$2a�_vEB(c�n 5�i�$��{ً]��EZ/��٬��Zn�2U��r��|mf�s�,�@/�g�<��$�-��ֵ^F��c��A~�rpN�~h�#?3��#Kal��=^�?��_��d��9I*7wUO��,��%��*M�0W(-�� i�C>w)�4�E��C��ʉt *+��2�[��*|>c�ߵ>:-O�&��2��&��c�cU��.��[��=��QH�Z �W�c��,._a:�@��F��&E�8 B;"޻ث��rp)��F7�h�j�=1��݀(E�X�$��ӈ\a�.�� '_Л��,��uQ��B��?5ɀh��W�|&�� ?�� b�I��i|��iM{��d ��T��s�ͤ#��'r��?�E �Po��?Z��W��\D@_I�H��x��Cy�)e^�Ĭ��[�v �ۗŸlk��դM� ꅲ��ѐ�VZ�^� %�O�}�V[n��ǋw�@��y H�H#ѷak�\��p��#t��$�JK.��G��k�#|��ي ��;��w�� uP��X��_O��1)�`c &��6=d��"!$�ّ��ܿ��E��Ý%�vT�� Z�uB)��]�t�*��g�U�p1�-�'��PD�<fd�m'~�<��;Q2�7�d��l*��{I��~>=��B�km}"_� ��d��Tfr�ԁ��W��n�}�B`��i�S�xD�!['0~W�Y2aHG�EÇ� p�/��;�d��[��q��1��Mgkte`�(�~_�� q��肅d9£ܪȢZM�}��/��k,,�Ye蓠C��,�� .Lo��5��H\D��_��b�R�Zv��?KF*с�z<�B��'��<�%W �U�343�{�v+�a��'%��&�� &�Z|��C#`G�m��U}`Ǚ��d^;ʸ��ſ(�S��(jP5��&��l� `��|0� L�q�� S]>�j��b��d1�H$?K9��Rr��V�p_Cj=��|� ��i!�; Vڸ|v��ۛ˶��:�u~0��Wu��e&�� ~ �&��Mr_��r�uI��.rB�� k��M��C 嬈��)1i�}��1��{A�$<��V .^��X��t�Eղ��)S֍�(��8�%��8��0L>��TKB�M�b|4�+�Ab�*��?ڮ-��7\��)Ud�Zp��E� �N׀��bg�$M�%26��֚�N��g��1��J�s�)So�p��CP5ճ�x6�W��.*k��,C0q��?�:�o<I\�g��(��Z��M�J�?��b�.��ˡ�9v�� * |��+)^�(�7�IW�.zjY�7��qw�e� 9�}��Bh�<�+:��LqGľ M��d�S ,��A��>�%.��ۡ �iI��X��H)K��b��/W[��1�֕�q-Nܰf0z`�߯JO��7�/O�m�hU��xY�5��mt�v�|8�&K��V�]t��HS��=X̹9C>g�Ե 3&y�P��J�7�OF8(CV��`�:�� o�<ʙG�U��R�G��F��Kkh��6[�_�bx��!��"�Y��7B;��(޺zK�S<܉��=��@��J��J�=��!2�K8k��$d�aqc�:Ra�$��TZ��2�+�*w�]]B��Q��˧��V�e�ޣS��ۘ7�ɇ��) h�V�Id~��[��,�W /@�}�ҽ�,R31yn}�U%��&��:�s|y�-9}�S;��k�y��Է��̭G��7{��6��8�+�n�c2��W�m��6-m�i d@!~�R\ى�8�PQ��K��;?��G��ć��q�q��9�$e��*V`F�to�}�m^֯��#��$��5��5'�:�oSG��6yQ��0�E��{ "L�#z��G�mh�z�;B��5��Okҙ� xOnZ4[c��]��c��l0��An�aHIs]E��&�K X�z�C-�b�#�'X�F\��[��r�U��vI�c� <�rW�|�`�.��%M�m�5�eU!>�y�� 4SvɡW��R��}8�QA�4G�U��4�x:Z6��\��Az�Q��p.>HĮ��Uj�E�f3i�(�c��B�+�~�y[��!�R� H6g_EM�ݑ�.݋]��q_ p�5��<L��m��wT�e�`��d�� &�+.��=p��1r�0i'c��edPn��!L�北��Aa�_K�Ǳ�y� ^KƄ��f�5Q��?#��Zd~�_`�ӷ�$��M)��Wzt ��M��6�r�l�覡��Y��W�՚��X� Ԋ��J�;"��T<��C`3؞0U�`��H,��}�e#��,��ӊ!��/v�@�b��`��L)K1�P��ɲ��oRфE��+�漓yW�{_��l

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��е۹�
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��е۹�
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/12-18/Gh0st.ini
1433_hack44.cn/12-18/MD5修改器.exe
.exe windows x86

cd7e7ade5957d5f9555e1a02d6b21aeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1576

msvcrt

_initterm

kernel32

HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnableWindow

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/12-18/QQWry.Dat
1433_hack44.cn/12-18/Sound/Login.wav
1433_hack44.cn/12-18/Sound/Offline.wav
1433_hack44.cn/12-18/update/23432.png
.png
1433_hack44.cn/12-18/update/Server.dat
.exe windows x86

50ea605b90d9fc8443b10d7992ed6ab4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09-05-2007 00:00

Not After

08-06-2010 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:45:c5:5f:90:79:c0:ad:4f:29:ad:7b:4e:f1:87:b0:82:06:ef:a9
Signer

Actual PE Digest

24:45:c5:5f:90:79:c0:ad:4f:29:ad:7b:4e:f1:87:b0:82:06:ef:a9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

24-10-2008 18:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord2514
ord2621
ord1134
ord641
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord5289
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4407
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
realloc
_CxxThrowException
__CxxFrameHandler
_setmbcp
_stricmp
_except_handler3

kernel32

VirtualAlloc
Sleep
HeapAlloc
GetProcessHeap
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA

user32

DrawIcon
AppendMenuA
GetSystemMetrics
IsIconic
SendMessageA
GetClientRect
GetSystemMenu
EnableWindow
wsprintfA
LoadIconA

Exports

Exports

Ip

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/12-18/update/look me.swf
1433_hack44.cn/12-18/update/read.txt
1433_hack44.cn/12-18/update/skin.url
.url
1433_hack44.cn/12-18/update/使用方法.url
.url
1433_hack44.cn/12-18/update/华中帝国收集整理.url
.url
1433_hack44.cn/FTP2013.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 128KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1433_hack44.cn/NB12-18/2014.dat
.exe windows x86

f12b87b80a5a5defc5aef1e6403d9bce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
MoveFileA
GetCurrentProcess
WinExec
Process32Next
GetPriorityClass
OpenProcess
Module32First
Process32First
CreateToolhelp32Snapshot
TerminateProcess
lstrcpynA
lstrcpyA
DeleteFileA
SetThreadPriority
GetCurrentThread
GetFileSize
CreateFileA
WriteFile
WaitForSingleObject
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
InterlockedExchange
GetCurrentThreadId
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
CreatePipe
CloseHandle
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
Sleep
ReadFile
GetTickCount
GetModuleHandleA

user32

mouse_event
CloseWindowStation
GetDesktopWindow
SetCursorPos
ExitWindowsEx
CreateWindowExA
CloseWindow
SendMessageA
IsWindow
GetSystemMetrics
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
wsprintfA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
CreateDIBitmap
CreateDCA
GetDIBits
DeleteObject

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

ws2_32

WSACleanup
htons
socket
connect
closesocket
shutdown
inet_addr
gethostbyname
recv
send
setsockopt
WSAIoctl
WSAStartup

msvcrt

_exit
free
malloc
exit
_ftol
??3@YAXPAX@Z
__CxxFrameHandler
atoi
??2@YAPAXI@Z
strlen
strcmp
strncpy
sprintf
strcpy
strcat
strncat
memset
memcpy
_acmdln
__getmainargs
_initterm
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_XcptFilter

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/NB12-18/MD5修改器.exe
.exe windows x86

cd7e7ade5957d5f9555e1a02d6b21aeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1576

msvcrt

_initterm

kernel32

HeapCreate
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

EnableWindow

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/NB12-18/NetBot.ini
1433_hack44.cn/NB12-18/NetBot5.5.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

��е۹�
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/NB12-18/SkinH.dll
.dll windows x86

cdbc7681634d924c0385597b9af64cf0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetParent

gdi32

CombineRgn

winmm

midiStreamOpen

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CLSIDFromString

oleaut32

RegisterTypeLi

mfc42

ord293

msvcrt

atoi

ws2_32

recvfrom

Exports

Exports

Hello
Mei��%�ˡ��%3��̕�+\nVN{��S8��P�7G͆�Y��ᅫ�:�VS�F=*��@5A�8��n�<̛��W8��d��QЋZ��'u��kG��5�_k�މ638|N�`�=~��@��u�T/�[�̅e�0r��)�^G+��?h��Vy2��/��)'�#l�5��&��\��@�Q�̠>�j��!3`�r��]Po,̰�=�A�1�C1m��XFY��f�!v�k��7i��E��f�� Y��\Hz��4b��~pG��䫼��u:w��(��P�ZLw8ţ�ѿMYﻮ�oʝ�ʇ�� z �F�t/AyF@��3�D�d�V�#�P�Y@�$o0��2��k�(6�NL�WԨO݆1�s��_��uӓG�_��Ռӆ{_�|og��mf�W��_S$2�e6��[�z��;��<��~��dӐ&��n��=)֙�먰HiVY�m}�D,#kֿ��Yw�-��+kv�lEB`�� D��٠�6-V��Q��HW,F��s�p��x��'�rd��o�U�b��ZY��[�v[W� ��,GDbmN�� qy�� Pv>��&"N >�� <S��8��i�d�<z�;4kj7�6�"�2��t硯ޘ�A%Hn��ldHP��мA�0��ƹI�?��MKN�W.��;e��$�E��Zm؍�e��0��N�F`8 {��.mj!�`%��h�]��۞�Ъ��p�#x՟͸H�N@/[�o�uf��I'��?$4�2�"��`�`vc�� ? �tV#�D([�ne �� kİ�*�0T�l��n�0_G��tB�9�"�QBQ/��~lj��[^�[]�{'�iU)�+"x��ޘR�2ځ��GW��$.5��ƭ�&�WZq�Je �e�h�_j2��cDg�g~�֌�4�-'��k+�D/h�V�4H��Z^wIW ��n.�gLgk��Ps��L�bH��.p�Xڷ!ĥ�As��_*b&ХE勗(�6g�X��7�&}�Z? U�<W[��Y��J��K�~-�q��p� x�-��@B 7O��e.Z.��ܛ��H��ŲT(鶣-?��E4O;�2w|�_7%ׅ��)�Tq] .��<O n_��s�O�8Q�I[�I=��F��^��l9��.R�k��C� �!�!�6��\��P�3�n��X��2�W,$\��[[��;)��{��`�/?�1,sb wЮ�Tr�߁ ��1��C*�+b��⒴�z� ��"�v� !,��+��#{q�K��L�{f�^5��宖�[��.fTik��N�c��H�3jT:��a��];�zR��H�X�[_�ƮrC� �C��^�i��~Lo��tӯ0��÷q�j��\a��σz�n1��<}j�E�B�O!Ԩ:��@�,�HlJ�>�T��y#H��OI=�l�^?^�Z�0kE�a?��}��P�\96-3G�N{�*��;9e��јH%��'{,��H�Rt��N��-mX߉�9;��Q�.�rJ�8��O�3��EV�ݒɊ��:ئ��%�zہ-=T��7��`Sc ppBa�f��ub��=�ЯO8�-��z��p>@Ŧ%n�7�=:^�A �{��Vn ;��t�� ]҆\A�H?��\��TZ��@&"|*w��4@�l\��M�"k��I�cM�Z�ͽP�v/ug�h.��J�5�]I�JJy�Q0=�l"��a�YHR��h��n�_�:��G�,��>ش�L�zX��J�ߐ,��ZN2�k��(6��&\�\��=S�k�+��ˀCE�2kd�� W%v��k�v}��"4;�h�jQ7l�܋E S"M>[�O�~=�6��U$��K%"�5,��G�]�-/�J�m|�C��"5]��' � <0Y�Xt��͉DaK��0�<7�L��[��a��a�� G5�:R�C�@�{V��Ȝ�rK�#�w��amn��m�]� �^"�G�䋟�R�e�h,��J;[��R�l�]��g�,��#-�]��w&.��:�*�Ɩ2W�'�g�;��,��W�n��' <��7b noFB�uk+��܃�N�w��n�U/h��9U��[��aif��6\�|R��U�DE�s��iוWӭ^S��A��0��"�J#q��%H.�BҘUK�@�➄�Y1X��"�]��7� ��r��V��Y��^��ͷru��E]��Z*�� Sfv�aHB/��Y�w��*�sn� ��yA�ojR�L�n��N=�$�CP��0��EPLL7�.(��LKH��z��aE).m�Y��+$�s�K��I�60��+�me7ϟyj^��∌��S�wV+��N�3�y��-D|.�)�#X/a��7��ӑ�_E� kýW��%��U\J4��r2�`�ݨt��a�|я�L��OY�B�C,_�o0��[��n��^��q76��=E�ds��އ\��2��t��x�P��0A��ts��m�M:tr$��2dߴ�8�,l`)��S��h�'�G��:��TvS�ܹ��V�pM=�P�6��)*d�*��{�� p Fg�j��<D�kAFҬSŅ�ݑ{3��=a�/@��<�(��O�c�� 5��;��헭�d'�^,`J}�� 7��^�1oy��{I��x��E�E��'�HW��鿩��a�9��]��0I�A_Byh��ݝ_Jp�� tv?XEh��BkH�=�م=��`��r�2�5ٝv��0

Sections

w%T+*]Xo
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/gEM"Gb4
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

EZ,Ubc^t
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��е۹�
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��е۹�
Size: 652KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

L#YkQ!qo
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fDuxa+,x
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/NB12-18/下载后不免杀请看.txt
1433_hack44.cn/NB12-18/免杀审核.exe
.exe windows x86

75b138ec13121d15e5765e10b945ff23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemInfo
GetTempPathA
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
OpenEventA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17
ImageList_DrawEx

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
ExcludeClipRect
ExtTextOutA
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StretchBlt
UnrealizeObject

msacm32

acmDriverClose
acmDriverDetailsA
acmDriverEnum
acmDriverOpen
acmFormatDetailsA
acmFormatEnumA
acmFormatTagDetailsA
acmMetrics
acmStreamClose
acmStreamConvert
acmStreamOpen
acmStreamPrepareHeader
acmStreamSize
acmStreamUnprepareHeader

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSystemMenu

winmm

mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeKillEvent
timeSetEvent

ole32

IsEqualGUID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
_ControlForm
_JdForm
_MmForm
_PlayForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 522KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/hfs2_3b285/hfs.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 500KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JCLDEBUG
Size: 137KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1433_hack44.cn/hfs2_3b285/hfs.ini
1433_hack44.cn/☆中国之利刃收集☆-1433极品扫描IP字典打包 (1)-（来源于网络）.rar
.rar
1433_hack44.cn/乌龙寺1433/FTPHEX/Hex.hta
.hta .html .vbs
1433_hack44.cn/乌龙寺1433/FTPHEX/KSD.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/乌龙寺1433/FTPHEX/UpSql.bat
1433_hack44.cn/乌龙寺1433/FTPHEX/Upsql.dll
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1433_hack44.cn/乌龙寺1433/FTPHEX/set.txt
1433_hack44.cn/乌龙寺1433/Result.txt
1433_hack44.cn/乌龙寺1433/SCAN.BAT
1433_hack44.cn/乌龙寺1433/XEHTE/HXSD.dll
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/乌龙寺1433/XEHTE/JF2013.dll
1433_hack44.cn/乌龙寺1433/XEHTE/PASSWORD.DIC
1433_hack44.cn/乌龙寺1433/XEHTE/PiSTOl.EXE
.exe windows x86

81c876dae5a6ebd7ae2832dd37d75f8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
socket
ioctlsocket
bind
send
recv
setsockopt
shutdown
closesocket
htons
connect
select
__WSAFDIsSet
getsockopt
WSAGetLastError
WSAStartup
WSACleanup
inet_addr

kernel32

GetCurrentProcessId
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
SetEndOfFile
GetTimeZoneInformation
GetOEMCP
GetACP
RtlUnwind
GetLocaleInfoA
TerminateThread
SetThreadPriority
CreateThread
GetLastError
CloseHandle
WaitForSingleObject
Sleep
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
HeapFree
SetFilePointer
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
SetEnvironmentVariableA
GetModuleFileNameA
TlsFree
SetLastError
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
SetStdHandle
ReadFile
HeapSize
CreateFileA
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1433_hack44.cn/乌龙寺1433/XEHTE/QL.BAT
1433_hack44.cn/乌龙寺1433/XEHTE/SF.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/乌龙寺1433/XEHTE/s.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

code
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrc
Size: 204B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1433_hack44.cn/乌龙寺1433/ZZDS2013.bat
.bat .vbs
1433_hack44.cn/乌龙寺1433/ZZDS2014.bat
.bat .vbs
1433_hack44.cn/乌龙寺1433/aTTACK.BAT
1433_hack44.cn/乌龙寺1433/attack.txt
1433_hack44.cn/乌龙寺1433/ip.txt
1433_hack44.cn/乌龙寺1433/乌龙寺汉化基地.url
.url
1433_hack44.cn/乌龙寺1433/开扫.bat
1433_hack44.cn/乌龙寺1433/痕迹清理.exe
.exe windows x86

77abcad8d2a58839860bba9dc40f29e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharPrevA
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
SizeofResource
SetFileAttributesA
SetEnvironmentVariableA
LockResource
LoadResource
GetWindowsDirectoryA
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetFullPathNameA
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetCurrentProcessId
GetCommandLineA
GetCPInfo
FreeResource
FreeLibrary
FindResourceA
EnumCalendarInfoA
DeleteFileA
CreateProcessA
CreateFileA
CloseHandle

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1433_hack44.cn/乌龙寺1433/程序说明.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/全国电信.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/全国网通.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/全国铁通.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/内地肉鸡段1.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/内地肉鸡段2.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/上海.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/云南.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/内蒙古.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/北京.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/台湾.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/吉林.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/四川.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/天津.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/宁夏.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/安徽.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/山东.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/山西.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/广东.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/广西.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/新疆.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/江苏.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/江西.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/河北.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/河南.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/浙江.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/海南.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/湖北.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/湖南.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/甘肃.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/福建.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/西藏.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/贵州.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/辽宁.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/重庆.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/陕西.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/青海.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/香港.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国内/黑龙江.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/俄罗斯.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/加拿大.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/南非.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/印度.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/新加坡.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/新西兰.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/日本.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/法国.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/澳大利亚.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/美国.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/英国.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/国外/韩国.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡135.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡1433.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡3389.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡445.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡4899.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡5900.txt
1433_hack44.cn/最新整理活跃IP段。国内国外都有/特殊段子/肉鸡8080.txt
1433_hack44.cn/活跃IP段.txt

Sharing

General

Malware Config

Signatures

Files

8708200ec6afeb1d763279199b9b5dd8

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

shlwapi

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 266KB

.data Size: - Virtual size: 121KB

���е۹� Size: - Virtual size: 1.5MB

.tls Size: 4KB - Virtual size: 24B

���е۹� Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 532KB - Virtual size: 530KB

cd7e7ade5957d5f9555e1a02d6b21aeb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 540B

.vmp0 Size: 172KB - Virtual size: 176KB

.vmp1 Size: - Virtual size: 408KB

.vmp2 Size: 424KB - Virtual size: 420KB

.rsrc Size: 172KB - Virtual size: 171KB

50ea605b90d9fc8443b10d7992ed6ab4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:eaCertificate

Extended Key Usages

Key Usages

24:45:c5:5f:90:79:c0:ad:4f:29:ad:7b:4e:f1:87:b0:82:06:ef:a9Signer

Signature Validations

Verification

24-10-2008 18:50 Valid: false

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 266KB

.data
Size: - Virtual size: 121KB

��е۹�
Size: - Virtual size: 1.5MB

.tls
Size: 4KB - Virtual size: 24B

��е۹�
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 532KB - Virtual size: 530KB

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 540B

.vmp0
Size: 172KB - Virtual size: 176KB

.vmp1
Size: - Virtual size: 408KB

.vmp2
Size: 424KB - Virtual size: 420KB

.rsrc
Size: 172KB - Virtual size: 171KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

24:45:c5:5f:90:79:c0:ad:4f:29:ad:7b:4e:f1:87:b0:82:06:ef:a9
Signer

24-10-2008 18:50
Valid: false

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 108KB - Virtual size: 106KB

.rsrc
Size: 288KB - Virtual size: 288KB

.text
Size: 128KB - Virtual size: 292KB

.rdata
Size: 21KB - Virtual size: 76KB

.data
Size: 3KB - Virtual size: 28KB

.rsrc
Size: 8KB - Virtual size: 124KB

.aspack
Size: 108KB - Virtual size: 108KB

.adata
Size: - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 16B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 540B

.vmp0
Size: 172KB - Virtual size: 176KB

.vmp1
Size: - Virtual size: 408KB

.vmp2
Size: 424KB - Virtual size: 420KB

.rsrc
Size: 172KB - Virtual size: 171KB

��е۹�
Size: - Virtual size: 500KB