81875de3c39494dd80aad309e154aa0d0eb2e0c2525e7b11827f88c29b4ab5e8

Sharing

Copy URL Twitter E-mail

General

Target

81875de3c39494dd80aad309e154aa0d0eb2e0c2525e7b11827f88c29b4ab5e8
Size

10.3MB
MD5

e5482670e290851d5029329f952cdae1
SHA1

80c3b7f21505480736bd2e8515064f8f77f59f1c
SHA256

81875de3c39494dd80aad309e154aa0d0eb2e0c2525e7b11827f88c29b4ab5e8
SHA512

f202161fd74fae6cbb121522618dc35f1f81f3c2abfd30ae8217e78ae6da2970abb71044ff3d3c118a7a1481fdf91d7a77b9c85eb78805ce1827bbf487844ed7
SSDEEP

196608:xmCWoaZ+Lc3+A+/BXPQAjbENgMuVGk6S9UXxBPo4w5yzNbIomX6YuoF2LS4ZAG5k:4bkLc3d+/r/PdGkXKxBwgzds6i2LSD+k

Score

8^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 8 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/DBServer.exe	aspack_v212_v242
static1/unpack001/GameCenter.exe	aspack_v212_v242
static1/unpack001/LogDataServer.exe	aspack_v212_v242
static1/unpack001/LoginSrv.exe	aspack_v212_v242
static1/unpack001/RunGate.exe	aspack_v212_v242
static1/unpack001/SelGate.exe	aspack_v212_v242
static1/unpack001/StditemConvert.exe	aspack_v212_v242
static1/unpack001/½(WZ-0108).exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/mSystemModule.dll	upx

Files

81875de3c39494dd80aad309e154aa0d0eb2e0c2525e7b11827f88c29b4ab5e8
.zip
DBServer.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

30b1hZyK
Size: 381KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

)GaAvl>X
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

T1#nqEq#
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[?>:m*I>
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NZYUc,1m
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PtnZw:fj
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Fgm]AQtC
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GF%F/l[N
Size: 53KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Qx_,!;qW
Size: 27KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

l!UC#Sq!
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mEBe#`"8
Size: 37KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.blue
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Data( 2.0).mdb
DataTool(2.0).exe
.exe windows x86

5d0e8c26df4850bb3e025969794ec6bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysStringLen
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SearchPathA
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsDBCSLeadByte
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
FatalAppExitA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateMutexA
CreateFileA
CreateEventA
CopyFileA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoGetMalloc
CoUninitialize
CoInitializeEx
CoInitialize
CLSIDFromString

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA

comdlg32

GetOpenFileNameA

Sections

,gI.LZ=o
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

%^4<]sg]
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/>0mZ "H
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Y#pda<S-
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wlrE;J?y
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

^i+Ia v?
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xRZ@99`P
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

R3Aj:p)@
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FTs#6.nO
Size: 7KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

l_@\t/[i
Size: 670KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DataTool.exe
.exe windows x86

99a15fcba84826394936b402648f349f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SafeArrayCreate

advapi32

RegCloseKey

user32

IsIconic
MessageBoxA

kernel32

InterlockedExchange
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

gdi32

MoveToEx

version

VerQueryValueA

ole32

CoInitialize

comctl32

ImageList_Replace

shell32

SHGetPathFromIDListA

comdlg32

GetOpenFileNameA

Exports

Exports

�LT��C|$��IN��)�㚞��n_͊��&"�!si��sG��&o��o�Q]c��H�U�^ɏ��z��̱��e�A��f��nb�e�9��"H�IH��F'͕�-�"��8��"Xf`�w��E��}��Kp��c˳~\�'��J�i�s;)�UJ�:T��Y��z��0��0�e�`%��5T�K��O��s��Oy�R&6e@�W=}��xy�S��j�Eݴ]�Ρ��XE-�'"'��.�H��h-t�T��ѭN�s`n215n{��g*C�RlŊ?�L��j ~_@H��@�g(ZƑJ�<L]bF|oSM�*!1�lU'��۝8:��Y>b(t�Ƃ�Ze�y"��[��.O7�� 9��s�&��9U^�l�.gR�G5w��-BAиp}��ʸ�L�aF�� z��c�� z}b�y,~�PV`N��'�\y��>��-�t��{�Խ�jV�5lC<��Vw�78�:yM�΁ ^F�-��V]�l�T��2��%�R�%��m�"�4��~�JD�S��%0vp{fm�n��i��OI��DES�5�{��S��uJ�g�TUi�Z��z|�w��f�AGv�M)i��R]�&Ȣ��f>W�Ʀ@*-�h�N>ł�n�gf�s�i�5,�k֟�I�D:��Y��o�>J� .�<U\�߱�� #e��'��u��Uѵ��?�$z�D#o@o5�k7��b��;��|8{}��E~\��[�+��J�ظh L`Dsu�� =jj��Q�I7�>�k��l�`�%Sk�DG��c�u 30�c'ik ��硫��͛�<$��9�4�z�z{�/#d��<�'�r`uB��J�CĦy� �r)�z@�>��,?'"� ;��'�,q��r ��:��◤�g:6��X��)�6I?�/�#�?Vl)Y��c��4)�[k�10��c� oT��ܓ��`�Ht� /#EH��=�=�:Ɓ?m�{{�� T��|)��)Q+<C��a��0-�wN[H�G�t��jh�~��].ͬ��қ��W��! ��Ы��OJw^�2K��`h�jB�o�]#�G]� �� l��?! � ~t�+ƒK��s��2�^�#Kg��J�ȶ{�4��Ê� �3S@�6U�$D�y#*M}�a{��>�9�i?��ޕ4!�f��| �݈Xeח��x��r��J��K�^��>;��K��㖬q��5U�pVi*o.֔��J�@X=N˽1JHs"�Xg��)6�X�vP ^��L�%�mi)��r'�5ۨ��I5 Sԭ�)&�jӦ�=��W�)��e �%ƕ��ƹ/ѹ�i��\��i�x^��ď�9l��@��/ �Z_.`z�:�_p��nn�.o��@s+�d (��1/h�� 3��<��jBICw�5��l;��?��U I(\�vj"��1 }�;�_��;��l<�ke��T6#��o9��F|�_I�x��$��r,��|4�E�c�]M��2�[ � y3:ƕ�<�vJh��UrE=�n��HF݁�8��Փ#�\�^_��*n�yo�C��:�.�>��{�X�p��Q��33��CW��J��m��t�.Lj��w��q\ ��Z��~�*�q��Z��A�6� f�$L��6��\KfX��1�W�P.Ԙ�B0Ci�(��{x�m0�,^��հ�7��a��O|$��6�.��ń�Gە��(�m��/�'� �� >��G�}�5D:<��/{;��`��e��U��d��jv�2�&B�4c��U��kA �J0"�Bk��Ӽ�� zb#vLJ�a��j��;�*~�,>��qz��[��nI��_��?�J#v�X��p�.�U;s�V�5,�P�̱�qt�Κ�ş�k�Ii�oG3\7��B�q1��=2��$ �� ,��*R��>A��\z惰� �2`HfZ��i�� L��U�@�)��j@��8p�@[q��kTȼ��3}�u�<�T�Sg��KI�#�&c��Aܸ��?��Qʯ�O�=�`Ar1@a &]��b8��y� %):Yf��rY ;~r��Հ�n4�P��%V��<3=�P1u��G��L�H1鐛��a�,ש��3Y0��qH�z��?�bQ��_�\�y��Be�.�I��Ŝ>��J�m3$��Θ��sQh?$��]�3��I��\�{=Bt��c�i�|Əo��8C�� M>&�g�6G��K ��@�B.��FL�T��fv��N�S�&��O��r0��/Z�$�d��w��.�CY�j<�9��F��m"�\��h�JEk�~��Q��%�(Ė��sz,j�ݛ��:�S|��ާl 5��ěř�oa_n l��J��xӵ�M.�HO��mzz0~RN�͎��}�,�ln��[E��c�D��~n;��,��{`9�,�n" H��59�p�U!�0��{��?��,�G�ѻMz^d��*^�H@Wl/�gPh��})��J��cl�#Kq�\��y�� ½�}�� I�w��[��ў��)�?B ��Xnm��&S�M��.��)�ѨRM��h��=��Jra ��aj4��/��nd"��k�l��PW_ɷ1p�C`��iGׄ��:r�a� `kDv��L�`��O��Y�yq#Ģ�h��yI�b��s�F2Rя%��פ�h��O�П� ��k�ӧ'�N�Q�!lOUP��_W�i�rV��g�E:��G(�g�7C�:�S�ۤ8$��Z��"K�nO̧P3Z�t�=0-o}/<Ɏ.��h��rR�AMr;E0s��7�

Sections

l?/ie-e:
Size: - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

]cq;Y?^c
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

%vpZL`-(
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

64P5UECq
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Nm`S$]Y
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

J+3?R=\u
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5xyfrVxD
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1kK(J/g?
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

O4^.@EN6
Size: 7KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

28@?EbF8
Size: - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

r5lJ):S+
Size: 952KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GameCenter.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 281KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mp0
Size: 45KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mp1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.blue
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LogDataServer.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 155KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LoginSrv.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 237KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
M2Server.exe
.exe windows x86

c81e23c6e9a0a4243e33bdafafd74502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
GetErrorInfo
SafeArrayPtrOfIndex

advapi32

RegQueryValueExA
RegQueryValueExA

user32

GetKeyboardType
CreateWindowExA

kernel32

GetACP
TlsSetValue
lstrcpyA
Sleep
MulDiv

gdi32

UnrealizeObject

version

VerQueryValueA

mpr

WNetGetConnectionA

ole32

CoTaskMemFree
CLSIDFromString

comctl32

_TrackMouseEvent

shell32

ShellExecuteA

comdlg32

ChooseColorA

wsock32

WSACleanup

iphlpapi

GetAdaptersInfo

msvcrt

malloc

psapi

GetMappedFileNameW

Exports

Exports

AddGameDataLogAPI
EDcode_DeCodeString
EDcode_Decode6BitBuf
EDcode_DecodeBuffer
EDcode_EnCodeString
EDcode_Encode6BitBuf
EDcode_EncodeBuffer
EDcode_SetDecode
EDcode_SetEncode
GetGameGoldName
M2Share_GetNoClearMonList
MainOutMessageAPI
TBaseObject_Ability
TBaseObject_AddCustomData
TBaseObject_AddItemToBag
TBaseObject_AddItemToStorage
TBaseObject_ClearBagItem
TBaseObject_ClearStorageItem
TBaseObject_Create
TBaseObject_DeleteBagItem
TBaseObject_ExpHitter
TBaseObject_FeatureChanged
TBaseObject_Free
TBaseObject_GameGoldChanged
TBaseObject_GetAttackPower
TBaseObject_GetCharColor
TBaseObject_GetCustomData
TBaseObject_GetFeature
TBaseObject_GetFeatureToLong
TBaseObject_GetFrontPosition
TBaseObject_GetNamecolor
TBaseObject_GetPoseCreate
TBaseObject_GetRecallXY
TBaseObject_GoldChanged
TBaseObject_GroupMembersList
TBaseObject_GroupOwner
TBaseObject_IsAttackTarget
TBaseObject_IsProperFriend
TBaseObject_IsProperTarget
TBaseObject_IsProtectTarget
TBaseObject_ItemList
TBaseObject_LastHiter
TBaseObject_MagCanHitTarget
TBaseObject_MagicList
TBaseObject_MakeGhost
TBaseObject_MakeSlave
TBaseObject_Master
TBaseObject_MyGuild
TBaseObject_PEnvir
TBaseObject_RefNameColor
TBaseObject_SendMsg
TBaseObject_SendRefMsg
TBaseObject_SetHookChangeCurrMap
TBaseObject_SetHookEnterAnotherMap
TBaseObject_SetHookGetFeature
TBaseObject_SetHookObjectDie
TBaseObject_SpaceMove
TBaseObject_StatusChanged
TBaseObject_SysMsg
TBaseObject_TargetCret
TBaseObject_TrainSkillPoint
TBaseObject_UseItems
TBaseObject_WAbil_HP
TBaseObject_WAbility
TBaseObject_boAllowDeal
TBaseObject_boAllowGroup
TBaseObject_boAllowGroupReCall
TBaseObject_boAllowGuild
TBaseObject_boAllowGuildReCall
TBaseObject_boBanGuildChat
TBaseObject_boBanShout
TBaseObject_boDeath
TBaseObject_boGhost
TBaseObject_boHearWhisper
TBaseObject_boNoItem
TBaseObject_boOnHorse
TBaseObject_boRecallSuite
TBaseObject_btAntiPoison
TBaseObject_btAttatckMode
TBaseObject_btDirection
TBaseObject_btDressEffType
TBaseObject_btGender
TBaseObject_btGreenPoisoningPoint
TBaseObject_btHair
TBaseObject_btHitPoint
TBaseObject_btHorseType
TBaseObject_btJob
TBaseObject_btLifeAttrib
TBaseObject_btMonsterWeapon
TBaseObject_btPermission
TBaseObject_btRaceImg
TBaseObject_btRaceServer
TBaseObject_btSpeedPoint
TBaseObject_duBodyLuck
TBaseObject_dwFightExp
TBaseObject_nAntiMagic
TBaseObject_nBodyLuckLevel
TBaseObject_nBonusPoint
TBaseObject_nCharStatus
TBaseObject_nCharStatusEx
TBaseObject_nCurrX
TBaseObject_nCurrY
TBaseObject_nFightZoneDieCount
TBaseObject_nGold
TBaseObject_nGoldMax
TBaseObject_nHealthRecover
TBaseObject_nHitDouble
TBaseObject_nHitPlus
TBaseObject_nHitSpeed
TBaseObject_nHomeX
TBaseObject_nHomeY
TBaseObject_nHungerStatus
TBaseObject_nLight
TBaseObject_nLuck
TBaseObject_nNameColor
TBaseObject_nPerHealing
TBaseObject_nPerHealth
TBaseObject_nPerSpell
TBaseObject_nPkPoint
TBaseObject_nPoisonRecover
TBaseObject_nSpellRecover
TBaseObject_nViewRange
TBaseObject_sCharName
TBaseObject_sCharNameA
TBaseObject_sHomeMap
TBaseObject_sMapFileName
TBaseObject_sMapName
TBaseObject_sMapNameA
TBaseObject_wAppr
TBaseObject_wGroupRcallTime
TConfig_sEnvirDir
TEnvirnoment_GetRangeBaseObject
TEnvirnoment_boCANBAT
TEnvirnoment_boCANRIDE
TGuild_RankList
TItemUnit_GetItemAddValue
TList_Add
TList_Count
TList_Create
TList_Delete
TList_Delete
TList_Delete
TList_Free
TList_Get
TList_Insert
TList_Put
TMagicManager_DoSpell
TMagicManager_GetMagicManager
TMagicManager_GetPower
TMagicManager_GetPower13
TMagicManager_GetRPow
TMagicManager_IsWarrSkill
TMagicManager_MPow
TMagicManager_MabMabe
TMagicManager_MagBigExplosion
TMagicManager_MagBigHealing
TMagicManager_MagElecBlizzard
TMagicManager_MagGroupAmyounsul
TMagicManager_MagGroupDeDing
TMagicManager_MagGroupLightening
TMagicManager_MagGroupMb
TMagicManager_MagHbFireBall
TMagicManager_MagLightening
TMagicManager_MagMakeFireCross
TMagicManager_MagMakeGroupTransparent
TMagicManager_MagMakeHolyCurtain
TMagicManager_MagMakeSinSuSlave
TMagicManager_MagMakeSlave
TMagicManager_MagPushArround
TMagicManager_MagPushArroundTaos
TMagicManager_MagSaceMove
TMagicManager_MagTamming
TMagicManager_MagTurnUndead
TMagicManager_MagWindTebo
TMagicManager_SetHookDoSpell
TMapManager_FindMap
TMemoryManager_AllocMemCount
TMemoryManager_AllocMemSize
TMemoryManager_Get
TMerchant_GetItemPrice
TMerchant_GetUserPrice
TMerchant_GetUserPrice
TMerchant_GoodsList
TMerchant_SetHookClientGetDetailGoodsList
TNormNpc_GetFunctionNpc
TNormNpc_GetLineVariableText
TNormNpc_GetManageNpc
TNormNpc_GetScriptAction
TNormNpc_GetScriptActionCmd
TNormNpc_GetScriptCondition
TNormNpc_GetScriptConditionCmd
TNormNpc_GotoLable
TNormNpc_SetScriptAction
TNormNpc_SetScriptActionCmd
TNormNpc_SetScriptCondition
TNormNpc_SetScriptConditionCmd
TNormNpc_sFilePath
TNormNpc_sPath
TPlayObject_Create
TPlayObject_DecGameGold
TPlayObject_Free
TPlayObject_GetHookCreate
TPlayObject_GetHookDestroy
TPlayObject_GetHookPlayOperateMessage
TPlayObject_GetHookUserCmd
TPlayObject_GetPlayObjectTick
TPlayObject_IsEnoughBag
TPlayObject_SendAddItem
TPlayObject_SendDefMessage
TPlayObject_SendDelItem
TPlayObject_SendSocket
TPlayObject_SetBankPassword
TPlayObject_SetCheckClientDealItem
TPlayObject_SetCheckClientDropItem
TPlayObject_SetCheckClientRepairItem
TPlayObject_SetCheckClientStorageItem
TPlayObject_SetHookCheckUserItems
TPlayObject_SetHookClientQueryBagItems
TPlayObject_SetHookClientQueryUserState
TPlayObject_SetHookCreate
TPlayObject_SetHookDestroy
TPlayObject_SetHookFilterMsg
TPlayObject_SetHookPlayOperateMessage
TPlayObject_SetHookRun
TPlayObject_SetHookSendActionFail
TPlayObject_SetHookSendActionGood
TPlayObject_SetHookSendAliveMsg
TPlayObject_SetHookSendChangeFaceMsg
TPlayObject_SetHookSendDeathMsg
TPlayObject_SetHookSendGoodsList
TPlayObject_SetHookSendHorseRunMsg
TPlayObject_SetHookSendRunMsg
TPlayObject_SetHookSendSkeletonMsg
TPlayObject_SetHookSendSocket
TPlayObject_SetHookSendSpaceMoveMsg
TPlayObject_SetHookSendUseMagicMsg
TPlayObject_SetHookSendUseitemsMsg
TPlayObject_SetHookSendUserAbilieyMsg
TPlayObject_SetHookSendUserLevelUpMsg
TPlayObject_SetHookSendUserStatusMsg
TPlayObject_SetHookSendUserStruckMsg
TPlayObject_SetHookSendWalkMsg
TPlayObject_SetHookUserCmd
TPlayObject_SetHookUserLogin1
TPlayObject_SetHookUserLogin2
TPlayObject_SetHookUserLogin3
TPlayObject_SetHookUserLogin4
TPlayObject_SetPlayObjectTick
TPlayObject_TargetInNearXY
TPlayObject_dLogonTime
TPlayObject_dwClientTick
TPlayObject_dwLogonTick
TPlayObject_nBankGold
TPlayObject_nClientFlag
TPlayObject_nClientFlagMode
TPlayObject_nGameGold
TPlayObject_nGamePoint
TPlayObject_nMemberLevel
TPlayObject_nMemberType
TPlayObject_nPayMentPoint
TPlayObject_nSelectID
TPlayObject_nSoftVersionDate
TPlayObject_nSoftVersionDateEx
TPlayObject_sBankPassword
TPlayObject_wClientType
TRunSocket_CloseUser
TRunSocket_SetHookExecGateMsgClose
TRunSocket_SetHookExecGateMsgData
TRunSocket_SetHookExecGateMsgEeceiveOK
TRunSocket_SetHookExecGateMsgOpen
TStringList_Add
TStringList_AddObject
TStringList_Clear
TStringList_Count
TStringList_Create
TStringList_Delete
TStringList_Exchange
TStringList_Exchange
TStringList_Exchange
TStringList_Free
TStringList_Get
TStringList_GetObject
TStringList_Insert
TStringList_Put
TStringList_PutObject
TUserEngine_CopyToUserItemFromName
TUserEngine_Create
TUserEngine_Free
TUserEngine_GetHookRun
TUserEngine_GetLoadPlayCount
TUserEngine_GetLoadPlayList
TUserEngine_GetMapMonster
TUserEngine_GetPlayObject
TUserEngine_GetPlayObjectCount
TUserEngine_GetStdItemByIndex
TUserEngine_GetStdItemByName
TUserEngine_GetStdItemList
TUserEngine_GetUserEngine
TUserEngine_SetHookClientUserMessage
TUserEngine_SetHookRun

Sections

.text
Size: 2.5MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mirs
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mirs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RunGate.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

mi2c j6i
Size: 234KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

#IVutG8<
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sF,I4NN@
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

*;7y$-.W
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

\u_g YPb
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

'-#]jL&:
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

#FRC^NY:
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vpMcPn,7
Size: 37KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

E,U0">Hn
Size: 15KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

;0isEK[-
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lQYf8%W7
Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SelGate.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 202KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bp0
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StditemConvert.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 251KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asp
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mSystemModule.dll
.dll windows x86

c9c0a5947defba611ca145b96e21067a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenProcess
MulDiv
MapViewOfFile
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileMappingA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
socket
send
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
getpeername
connect
closesocket
bind

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Exports

Exports

GetFunAddr
Init
UnInit

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 111B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ʹñؿ.txt
ֱο.txt
ɾĴ.url
.url
½(WZ-0108).exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 200KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ms0
Size: 23KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dsjkhk
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
־.txt
⴫2.0ƷͼDB.rar
.rar

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

30b1hZyK Size: 381KB - Virtual size: 1004KB

)GaAvl>X Size: 2KB - Virtual size: 4KB

T1#nqEq# Size: 9KB - Virtual size: 24KB

[?>:m*I> Size: - Virtual size: 33KB

NZYUc,1m Size: 4KB - Virtual size: 16KB

PtnZw:fj Size: - Virtual size: 64B

Fgm]AQtC Size: 512B - Virtual size: 4KB

GF%F/l[N Size: 53KB - Virtual size: 76KB

Qx_,!;qW Size: 27KB - Virtual size: 108KB

l!UC#Sq! Size: 13KB - Virtual size: 20KB

mEBe#`"8 Size: 37KB - Virtual size: 80KB

.blue Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

5d0e8c26df4850bb3e025969794ec6bd

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

shell32

comdlg32

Sections

,gI.LZ=o Size: - Virtual size: 932KB

%^4<]sg] Size: - Virtual size: 2KB

/>0mZ "H Size: - Virtual size: 16KB

Y#pda<S- Size: - Virtual size: 19KB

wlrE;J?y Size: - Virtual size: 11KB

^i+Ia v? Size: - Virtual size: 56B

xRZ@99`P Size: - Virtual size: 24B

R3Aj:p)@ Size: - Virtual size: 68KB

FTs#6.nO Size: 7KB - Virtual size: 601KB

l_@\t/[i Size: 670KB - Virtual size: 670KB

99a15fcba84826394936b402648f349f

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

shell32

comdlg32

Exports

Exports

Sections

l?/ie-e: Size: - Virtual size: 933KB

]cq;Y?^c Size: - Virtual size: 2KB

%vpZL`-( Size: - Virtual size: 16KB

64P5UECq Size: - Virtual size: 19KB

.Nm`S$]Y Size: - Virtual size: 11KB

J+3?R=\u Size: - Virtual size: 56B

5xyfrVxD Size: - Virtual size: 24B

1kK(J/g? Size: - Virtual size: 68KB

O4^.@EN6 Size: 7KB - Virtual size: 600KB

28@?EbF8 Size: - Virtual size: 319KB

r5lJ):S+ Size: 952KB - Virtual size: 952KB

Headers

File Characteristics

Sections

.text Size: 281KB - Virtual size: 728KB

.itext Size: 1KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 16KB

30b1hZyK
Size: 381KB - Virtual size: 1004KB

)GaAvl>X
Size: 2KB - Virtual size: 4KB

T1#nqEq#
Size: 9KB - Virtual size: 24KB

[?>:m*I>
Size: - Virtual size: 33KB

NZYUc,1m
Size: 4KB - Virtual size: 16KB

PtnZw:fj
Size: - Virtual size: 64B

Fgm]AQtC
Size: 512B - Virtual size: 4KB

GF%F/l[N
Size: 53KB - Virtual size: 76KB

Qx_,!;qW
Size: 27KB - Virtual size: 108KB

l!UC#Sq!
Size: 13KB - Virtual size: 20KB

mEBe#`"8
Size: 37KB - Virtual size: 80KB

.blue
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

,gI.LZ=o
Size: - Virtual size: 932KB

%^4<]sg]
Size: - Virtual size: 2KB

/>0mZ "H
Size: - Virtual size: 16KB

Y#pda<S-
Size: - Virtual size: 19KB

wlrE;J?y
Size: - Virtual size: 11KB

^i+Ia v?
Size: - Virtual size: 56B

xRZ@99`P
Size: - Virtual size: 24B

R3Aj:p)@
Size: - Virtual size: 68KB

FTs#6.nO
Size: 7KB - Virtual size: 601KB

l_@\t/[i
Size: 670KB - Virtual size: 670KB

l?/ie-e:
Size: - Virtual size: 933KB

]cq;Y?^c
Size: - Virtual size: 2KB

%vpZL`-(
Size: - Virtual size: 16KB

64P5UECq
Size: - Virtual size: 19KB

.Nm`S$]Y
Size: - Virtual size: 11KB

J+3?R=\u
Size: - Virtual size: 56B

5xyfrVxD
Size: - Virtual size: 24B

1kK(J/g?
Size: - Virtual size: 68KB

O4^.@EN6
Size: 7KB - Virtual size: 600KB

28@?EbF8
Size: - Virtual size: 319KB

r5lJ):S+
Size: 952KB - Virtual size: 952KB

.text
Size: 281KB - Virtual size: 728KB

.itext
Size: 1KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 16KB

.bss
Size: - Virtual size: 30KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 4KB

.mp0
Size: 45KB - Virtual size: 52KB

.rsrc
Size: 75KB - Virtual size: 648KB

.mp1
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 52KB

.blue
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 155KB - Virtual size: 368KB

.itext
Size: 1KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 12KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 16KB

.asp
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 237KB - Virtual size: 608KB

.itext
Size: 1KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 20KB

.bss
Size: - Virtual size: 32KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 44KB

.rsrc
Size: 14KB - Virtual size: 48KB

.asp
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 2.5MB - Virtual size: 5.2MB

.mirs
Size: 1.8MB - Virtual size: 1.8MB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB

.mirs
Size: 4KB - Virtual size: 4KB