gh0strat | 363fb6e30d935bb685433bcf879629dfef5b2d4ce843585eb59c6c7112a8f8a9

Sharing

Copy URL Twitter E-mail

General

Target

363fb6e30d935bb685433bcf879629dfef5b2d4ce843585eb59c6c7112a8f8a9
Size

4.5MB
MD5

516561b319e942fdcd8cea73da7d7172
SHA1

53a94d47a59735629d5f2eab3393fc098aef7068
SHA256

363fb6e30d935bb685433bcf879629dfef5b2d4ce843585eb59c6c7112a8f8a9
SHA512

2110d66b86ef033bad862def70fc9d6a36e1f0f9270c2b44624eb32004e158dd974d2ea87459d896aaa89a71a68ca9a3a4aa53e8469bdc871962542681d752dd
SSDEEP

98304:1CbjYIdM5EUSaMX8O1PaQuqqiZvJRN6W408oBSO3JtwBzV:MP+8BjaKqmXKiYTb

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 3 IoCs

resource	yara_rule
static1/unpack001/StarRat2014/Server/NewServer/Zesr68f4.dll	family_gh0strat
static1/unpack001/StarRat2014/Server/NewServer/Zesr68f4.dllbak	family_gh0strat
static1/unpack001/StarRat2014/bin/Plugins/BAudioListen.dll	family_gh0strat

Gh0strat family
gh0strat

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/StarRat2014/Server/NewServer/upx.exe	upx

Files

363fb6e30d935bb685433bcf879629dfef5b2d4ce843585eb59c6c7112a8f8a9
.zip
StarRat2014/Client/AudioDlg.cpp
StarRat2014/Client/AudioDlg.h
StarRat2014/Client/BmpToAvi.cpp
StarRat2014/Client/BmpToAvi.h
StarRat2014/Client/Build.cpp
.js
StarRat2014/Client/Build.h
StarRat2014/Client/ChangeGroup.cpp
StarRat2014/Client/ChangeGroup.h
StarRat2014/Client/Client.clw
StarRat2014/Client/Client.cpp
StarRat2014/Client/Client.dsp
StarRat2014/Client/Client.h
StarRat2014/Client/Client.plg
.html
StarRat2014/Client/Client.rc
StarRat2014/Client/ClientDOC.cpp
StarRat2014/Client/ClientDOC.h
StarRat2014/Client/ClientView.cpp
.js
StarRat2014/Client/ClientView.h
StarRat2014/Client/DDOSDrDos.cpp
StarRat2014/Client/DDOSDrDos.h
StarRat2014/Client/DDOSFlood.cpp
StarRat2014/Client/DDOSFlood.h
StarRat2014/Client/DDOSFlood1.cpp
StarRat2014/Client/DDOSFlood1.h
StarRat2014/Client/DDOSWeb.cpp
StarRat2014/Client/DDOSWeb.h
StarRat2014/Client/DDOSWeb1.cpp
StarRat2014/Client/DDOSWeb1.h
StarRat2014/Client/DllDlg.cpp
StarRat2014/Client/DllDlg.h
StarRat2014/Client/FileManagerDlg.cpp
StarRat2014/Client/FileManagerDlg.h
StarRat2014/Client/FileTransferModeDlg.cpp
StarRat2014/Client/FileTransferModeDlg.h
StarRat2014/Client/IniFile.cpp
StarRat2014/Client/IniFile.h
StarRat2014/Client/InputDlg.cpp
StarRat2014/Client/InputDlg.h
StarRat2014/Client/KeyBoardDlg.cpp
StarRat2014/Client/KeyBoardDlg.h
StarRat2014/Client/LogView.cpp
StarRat2014/Client/LogView.h
StarRat2014/Client/MD5.h
StarRat2014/Client/MainFrm.cpp
.js
StarRat2014/Client/MainFrm.h
StarRat2014/Client/MemoryModule.c
StarRat2014/Client/MemoryModule.h
StarRat2014/Client/PcView.cpp
.js
StarRat2014/Client/PcView.h
StarRat2014/Client/ReadMe.txt
StarRat2014/Client/RegDataDlg.cpp
StarRat2014/Client/RegDataDlg.h
StarRat2014/Client/RegDlg.cpp
StarRat2014/Client/RegDlg.h
StarRat2014/Client/Release/msxml3.tlh
.js
StarRat2014/Client/Release/msxml3.tli
StarRat2014/Client/Release/shdocvw.tlh
StarRat2014/Client/Release/shdocvw.tli
StarRat2014/Client/SEU_QQwry.cpp
StarRat2014/Client/SEU_QQwry.h
StarRat2014/Client/ScreenSpyDlg.cpp
StarRat2014/Client/ScreenSpyDlg.h
StarRat2014/Client/Setting.cpp
StarRat2014/Client/Setting.h
StarRat2014/Client/ShellDlg.cpp
StarRat2014/Client/ShellDlg.h
StarRat2014/Client/SkinH.h
StarRat2014/Client/SkinH.lib
StarRat2014/Client/StdAfx.cpp
StarRat2014/Client/StdAfx.h
StarRat2014/Client/SysInfo.cpp
StarRat2014/Client/SysInfo.h
StarRat2014/Client/SystemDlg.cpp
StarRat2014/Client/SystemDlg.h
StarRat2014/Client/TrueColorToolBar.cpp
StarRat2014/Client/TrueColorToolBar.h
StarRat2014/Client/UpdateDlg.cpp
.js
StarRat2014/Client/UpdateDlg.h
StarRat2014/Client/Video.cpp
StarRat2014/Client/VideoCap.cpp
.js
StarRat2014/Client/VideoCap.h
StarRat2014/Client/VideoCodec.h
StarRat2014/Client/VideoManager.cpp
StarRat2014/Client/VideoManager.h
StarRat2014/Client/WebCamDlg.cpp
StarRat2014/Client/WebCamDlg.h
StarRat2014/Client/ZXPortMap.cpp
StarRat2014/Client/ZXPortMap.h
StarRat2014/Client/a.bat
StarRat2014/Client/decode.h
StarRat2014/Client/encode.h
StarRat2014/Client/include/Buffer.cpp
StarRat2014/Client/include/Buffer.h
StarRat2014/Client/include/CpuUsage.cpp
StarRat2014/Client/include/CpuUsage.h
StarRat2014/Client/include/IOCPServer.cpp
.js
StarRat2014/Client/include/IOCPServer.h
StarRat2014/Client/include/Mapper.h
StarRat2014/Client/removejunk.bat
StarRat2014/Client/res/1.cur
StarRat2014/Client/res/2.cur
StarRat2014/Client/res/3.cur
StarRat2014/Client/res/4.cur
StarRat2014/Client/res/AppWindows.ico
StarRat2014/Client/res/Bitmap_4.bmp
StarRat2014/Client/res/Bitmap_5.bmp
StarRat2014/Client/res/Client.ico
StarRat2014/Client/res/Client.rc2
StarRat2014/Client/res/DDOS.ico
StarRat2014/Client/res/File.ico
StarRat2014/Client/res/Monolith.ico
StarRat2014/Client/res/Process.ico
StarRat2014/Client/res/SpinTest.Ico
StarRat2014/Client/res/Warning.ico
StarRat2014/Client/res/aa.ico
StarRat2014/Client/res/aero.she
StarRat2014/Client/res/audio.ico
StarRat2014/Client/res/bar.bmp
StarRat2014/Client/res/barnew.bmp
StarRat2014/Client/res/cmdshell.ico
StarRat2014/Client/res/dot.cur
StarRat2014/Client/res/dword.ico
StarRat2014/Client/res/explorer.ico
StarRat2014/Client/res/icos/1-IP.ico
StarRat2014/Client/res/icos/10-Double.ico
StarRat2014/Client/res/icos/2-os.ico
StarRat2014/Client/res/icos/3-CPU.ico
StarRat2014/Client/res/icos/4-Memory.ico
StarRat2014/Client/res/icos/5-disk.ico
StarRat2014/Client/res/icos/6-UserName.ico
StarRat2014/Client/res/icos/7-Active.ico
StarRat2014/Client/res/icos/8-Anti.ico
StarRat2014/Client/res/icos/9-T-Port.ico
StarRat2014/Client/res/keyboard.ico
StarRat2014/Client/res/regedit.ico
StarRat2014/Client/res/regsz.ico
StarRat2014/Client/res/remote.ico
StarRat2014/Client/res/system.ico
StarRat2014/Client/res/toolbar1.bmp
StarRat2014/Client/res/toolbar2.bmp
StarRat2014/Client/res/toolbar4.bmp
StarRat2014/Client/res/webcam.ico
StarRat2014/Client/res/win8.she
StarRat2014/Client/res/xp.xml
StarRat2014/Client/res/ļ1.ico
StarRat2014/Client/resource.h
StarRat2014/FlynnRat.dsw
StarRat2014/Server/API_lib/API_advapi32.cpp
StarRat2014/Server/API_lib/API_advapi32.h
StarRat2014/Server/API_lib/API_avicap32.cpp
StarRat2014/Server/API_lib/API_avicap32.h
StarRat2014/Server/API_lib/API_gdi32.cpp
StarRat2014/Server/API_lib/API_gdi32.h
StarRat2014/Server/API_lib/API_imm32.cpp
StarRat2014/Server/API_lib/API_imm32.h
StarRat2014/Server/API_lib/API_kernel32.cpp
StarRat2014/Server/API_lib/API_kernel32.h
StarRat2014/Server/API_lib/API_lib.lib
StarRat2014/Server/API_lib/API_psapi.cpp
StarRat2014/Server/API_lib/API_psapi.h
StarRat2014/Server/API_lib/API_shell32.cpp
StarRat2014/Server/API_lib/API_shell32.h
StarRat2014/Server/API_lib/API_shlwapi.cpp
StarRat2014/Server/API_lib/API_shlwapi.h
StarRat2014/Server/API_lib/API_user32.cpp
StarRat2014/Server/API_lib/API_user32.h
StarRat2014/Server/API_lib/API_wininet.cpp
StarRat2014/Server/API_lib/API_wininet.h
StarRat2014/Server/API_lib/API_ws2_32.cpp
StarRat2014/Server/API_lib/API_ws2_32.h
StarRat2014/Server/API_lib/API_wtsapi32.cpp
StarRat2014/Server/API_lib/API_wtsapi32.h
StarRat2014/Server/API_lib/GetProcAddressEx.cpp
StarRat2014/Server/API_lib/GetProcAddressEx.h
StarRat2014/Server/API_lib/Include/IPHlpApi.h
StarRat2014/Server/API_lib/Include/Ipifcons.h
StarRat2014/Server/API_lib/Include/Iprtrmib.h
StarRat2014/Server/API_lib/Include/MSTcpIP.h
StarRat2014/Server/API_lib/Include/MSWSock.h
StarRat2014/Server/API_lib/Include/Mprapi.h
StarRat2014/Server/API_lib/Include/ProfInfo.h
StarRat2014/Server/API_lib/Include/Psapi.h
StarRat2014/Server/API_lib/Include/Ras.h
StarRat2014/Server/API_lib/Include/TlHelp32.h
StarRat2014/Server/API_lib/Include/UserEnv.h
StarRat2014/Server/API_lib/Include/WinInet.h
StarRat2014/Server/API_lib/Include/WtsApi32.h
StarRat2014/Server/API_lib/MAKEFILE
StarRat2014/Server/API_lib/SOURCES
StarRat2014/Server/API_lib/objfre_wxp_x86/_objects.mac
StarRat2014/Server/API_lib/objfre_wxp_x86/i386/API_lib.lib
StarRat2014/Server/Dllcomment/Audio.cpp
StarRat2014/Server/Dllcomment/Audio.h
StarRat2014/Server/Dllcomment/Buffer.cpp
StarRat2014/Server/Dllcomment/Buffer.h
StarRat2014/Server/Dllcomment/ClientSocket.cpp
.js
StarRat2014/Server/Dllcomment/ClientSocket.h
StarRat2014/Server/Dllcomment/CursorInfo.h
StarRat2014/Server/Dllcomment/Manager.cpp
.js
StarRat2014/Server/Dllcomment/Manager.h
StarRat2014/Server/Dllcomment/RegEditEx.h
StarRat2014/Server/Dllcomment/VideoCodec.h
StarRat2014/Server/Dllcomment/Wit.h
StarRat2014/Server/Dllcomment/macros.h
StarRat2014/Server/Dllcomment/until.cpp
.js
StarRat2014/Server/Dllcomment/until.h
StarRat2014/Server/Dllcomment/zconf.h
StarRat2014/Server/Dllcomment/zlib.h
StarRat2014/Server/Dllcomment/zlib.lib
StarRat2014/Server/NewServer/128.ico
StarRat2014/Server/NewServer/MemLoadDll.h
StarRat2014/Server/NewServer/NewServer.cpp
StarRat2014/Server/NewServer/NewServer.dsp
StarRat2014/Server/NewServer/NewServer.dsw
StarRat2014/Server/NewServer/NewServer.plg
.html
StarRat2014/Server/NewServer/NewServer.positions
StarRat2014/Server/NewServer/NewServer.rc
StarRat2014/Server/NewServer/ShellCode.h
StarRat2014/Server/NewServer/ShllCodeDec.exe
.exe windows x86

123b929bb701ce7fd31fe8e23377b4e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
ReadFile
VirtualAlloc
GetFileSize
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/Server/NewServer/Zesr68f4.bat
StarRat2014/Server/NewServer/Zesr68f4.dll
.dll windows x86

d241e29d5d4f85699659815efc154908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileExA
GetTempPathA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
OpenEventA
CreateMutexA
InterlockedDecrement
ResumeThread
SetThreadPriority
FindClose
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
SetFileAttributesA
CopyFileA
DefineDosDeviceA
lstrcpyW
GlobalMemoryStatusEx
WinExec
lstrcmpiA
Module32Next
Module32First
CreateRemoteThread
GetModuleHandleA
OpenProcess
GetCurrentThreadId
TerminateThread
DisableThreadLibraryCalls
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetLastError
DeleteFileA
SetFilePointer
WriteFile
LocalSize
LocalFree
GetFileAttributesA
CreateFileA
GetFileSize
ReadFile
LocalReAlloc
LocalAlloc
IsBadReadPtr
VirtualProtect
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
GetPrivateProfileSectionNamesA
lstrlenA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
GetLocalTime
GetStartupInfoA
GetModuleFileNameA
MoveFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FreeLibrary
CreateThread
ExitThread
GetTickCount
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread

user32

keybd_event
MapVirtualKeyA
GetAsyncKeyState
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageA
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
wsprintfA
CharNextA
SystemParametersInfoA
BlockInput
DestroyCursor
GetForegroundWindow
GetWindowTextA
LoadCursorA
EnumWindows
OpenClipboard
GetKeyState
OpenDesktopA
PostMessageA
SetCapture
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
ExitWindowsEx
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
GetCursorInfo
ReleaseDC

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
ChangeServiceConfig2A
StartServiceA
CreateServiceA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
UnlockServiceDatabase
LockServiceDatabase
AbortSystemShutdownA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString
OleRun
CLSIDFromProgID

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString

msvcrt

_strnicmp
_mbscmp
_strupr
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_snprintf
_beginthreadex
atol
_strcmpi
_mbsstr
_CxxThrowException
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncmp
realloc
strncat
exit
_iob
strrchr
_except_handler3
free
malloc
time
srand
strchr
sprintf
strcspn
strncpy
atoi
rand
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
??3@YAXPAX@Z
memmove

ws2_32

accept
getpeername
bind
ntohs
getsockname
listen
inet_ntoa
WSASocketA
htonl
WSAStartup
WSACleanup
recvfrom
ioctlsocket
gethostname
__WSAFDIsSet
sendto
inet_addr
send
closesocket
recv
select
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSAGetLastError

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

urlmon

URLDownloadToFileA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

netapi32

NetUserSetInfo
NetUserDel
NetUserAdd
NetLocalGroupAddMembers
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetUserGetInfo

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSDisconnectSession
WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession

Exports

Exports

PluginMe

Sections

.data
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StarRat2014/Server/NewServer/Zesr68f4.dllbak
.dll windows x86

d241e29d5d4f85699659815efc154908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileExA
GetTempPathA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
OpenEventA
CreateMutexA
InterlockedDecrement
ResumeThread
SetThreadPriority
FindClose
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
SetFileAttributesA
CopyFileA
DefineDosDeviceA
lstrcpyW
GlobalMemoryStatusEx
WinExec
lstrcmpiA
Module32Next
Module32First
CreateRemoteThread
GetModuleHandleA
OpenProcess
GetCurrentThreadId
TerminateThread
DisableThreadLibraryCalls
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetLastError
DeleteFileA
SetFilePointer
WriteFile
LocalSize
LocalFree
GetFileAttributesA
CreateFileA
GetFileSize
ReadFile
LocalReAlloc
LocalAlloc
IsBadReadPtr
VirtualProtect
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
GetPrivateProfileSectionNamesA
lstrlenA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
GetLocalTime
GetStartupInfoA
GetModuleFileNameA
MoveFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FreeLibrary
CreateThread
ExitThread
GetTickCount
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread

user32

keybd_event
MapVirtualKeyA
GetAsyncKeyState
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageA
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
wsprintfA
CharNextA
SystemParametersInfoA
BlockInput
DestroyCursor
GetForegroundWindow
GetWindowTextA
LoadCursorA
EnumWindows
OpenClipboard
GetKeyState
OpenDesktopA
PostMessageA
SetCapture
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
ExitWindowsEx
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
GetCursorInfo
ReleaseDC

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
ChangeServiceConfig2A
StartServiceA
CreateServiceA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
UnlockServiceDatabase
LockServiceDatabase
AbortSystemShutdownA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString
OleRun
CLSIDFromProgID

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString

msvcrt

_strnicmp
_mbscmp
_strupr
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_snprintf
_beginthreadex
atol
_strcmpi
_mbsstr
_CxxThrowException
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncmp
realloc
strncat
exit
_iob
strrchr
_except_handler3
free
malloc
time
srand
strchr
sprintf
strcspn
strncpy
atoi
rand
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
??3@YAXPAX@Z
memmove

ws2_32

accept
getpeername
bind
ntohs
getsockname
listen
inet_ntoa
WSASocketA
htonl
WSAStartup
WSACleanup
recvfrom
ioctlsocket
gethostname
__WSAFDIsSet
sendto
inet_addr
send
closesocket
recv
select
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSAGetLastError

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

urlmon

URLDownloadToFileA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

netapi32

NetUserSetInfo
NetUserDel
NetUserAdd
NetLocalGroupAddMembers
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetUserGetInfo

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSDisconnectSession
WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession

Exports

Exports

PluginMe

Sections

.data
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StarRat2014/Server/NewServer/bitmap1.bmp
StarRat2014/Server/NewServer/bitmap2.bmp
StarRat2014/Server/NewServer/cursor1.cur
StarRat2014/Server/NewServer/cursor2.cur
StarRat2014/Server/NewServer/head.h
StarRat2014/Server/NewServer/html1.htm
StarRat2014/Server/NewServer/html2.htm
StarRat2014/Server/NewServer/icon2.ico
StarRat2014/Server/NewServer/icon3.ico
StarRat2014/Server/NewServer/resource.h
StarRat2014/Server/NewServer/shellcode.exe
.exe windows x86

eaeec2037d260a719b215e1d9c24c272

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord765
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord5731
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6055
ord1576
ord5290
ord3402
ord3698
ord1146
ord1168
ord860
ord540
ord567
ord2294
ord2362
ord2301
ord2289
ord2370
ord2302
ord6199
ord2642
ord3092
ord4160
ord2863
ord2379
ord755
ord470
ord665
ord1979
ord2818
ord3318
ord5186
ord354
ord3499
ord2515
ord355
ord6334
ord6877
ord2915
ord823
ord1200
ord3874
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4837
ord1776

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
_ftol
strrchr
__CxxFrameHandler
_setmbcp

kernel32

CloseHandle
lstrlenA
CreateFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

GetClientRect
GetSystemMetrics
DrawIcon
wsprintfA
EnableWindow
GetSystemMenu
AppendMenuA
SendMessageA
IsIconic
LoadIconA

shell32

DragQueryFileA
DragFinish

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/Server/NewServer/toolbar1.bmp
StarRat2014/Server/NewServer/toolbar2.bmp
StarRat2014/Server/NewServer/upx.bat
StarRat2014/Server/NewServer/upx.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 285KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/Server/RemoteAudio/AudioManager.cpp
StarRat2014/Server/RemoteAudio/AudioManager.h
StarRat2014/Server/RemoteAudio/ReadMe.txt
StarRat2014/Server/RemoteAudio/Release/AudioListen.exp
StarRat2014/Server/RemoteAudio/Release/AudioListen.lib
StarRat2014/Server/RemoteAudio/Release/BAudioListen.exp
StarRat2014/Server/RemoteAudio/Release/BAudioListen.lib
StarRat2014/Server/RemoteAudio/Release/QAudioListen.exp
StarRat2014/Server/RemoteAudio/Release/QAudioListen.lib
StarRat2014/Server/RemoteAudio/RemoteAudio.cpp
StarRat2014/Server/RemoteAudio/RemoteAudio.dsp
StarRat2014/Server/RemoteAudio/RemoteAudio.plg
.html
StarRat2014/Server/RemoteAudio/StdAfx.cpp
StarRat2014/Server/RemoteAudio/StdAfx.h
StarRat2014/Server/ShllCodeDec/ReadMe.txt
StarRat2014/Server/ShllCodeDec/ShllCodeDec.cpp
StarRat2014/Server/ShllCodeDec/ShllCodeDec.dsp
StarRat2014/Server/ShllCodeDec/ShllCodeDec.dsw
StarRat2014/Server/ShllCodeDec/ShllCodeDec.plg
.html
StarRat2014/Server/ShllCodeDec/ShllCodeDec.positions
StarRat2014/Server/ShllCodeDec/StdAfx.cpp
StarRat2014/Server/ShllCodeDec/StdAfx.h
StarRat2014/Server/ShllCodeDec/.bat
StarRat2014/Server/VideoCap/CaptureVideo.cpp
StarRat2014/Server/VideoCap/CaptureVideo.h
StarRat2014/Server/VideoCap/ReadMe.txt
StarRat2014/Server/VideoCap/Release/BWebCam.exp
StarRat2014/Server/VideoCap/Release/BWebCam.lib
StarRat2014/Server/VideoCap/Release/QWebCam.exp
StarRat2014/Server/VideoCap/Release/QWebCam.lib
StarRat2014/Server/VideoCap/Release/WebCam.exp
StarRat2014/Server/VideoCap/Release/WebCam.lib
StarRat2014/Server/VideoCap/STRMBASE.lib
StarRat2014/Server/VideoCap/StdAfx.cpp
StarRat2014/Server/VideoCap/StdAfx.h
StarRat2014/Server/VideoCap/Video.cpp
StarRat2014/Server/VideoCap/Video.dsp
StarRat2014/Server/VideoCap/Video.dsw
StarRat2014/Server/VideoCap/Video.plg
.html
StarRat2014/Server/VideoCap/Video.positions
StarRat2014/Server/VideoCap/VideoCap.cpp
.js
StarRat2014/Server/VideoCap/VideoCap.h
StarRat2014/Server/VideoCap/VideoCodec.h
StarRat2014/Server/VideoCap/VideoManager.cpp
StarRat2014/Server/VideoCap/VideoManager.h
StarRat2014/Server/VideoCap/XvidDec.cpp
StarRat2014/Server/VideoCap/XvidDec.h
StarRat2014/Server/VideoCap/XvidEnc.cpp
StarRat2014/Server/VideoCap/XvidEnc.h
StarRat2014/Server/VideoCap/capture.lib
StarRat2014/Server/VideoCap/libxvidcore.lib
StarRat2014/Server/VideoCap/removejunk.bat
StarRat2014/Server/VideoCap/xvid.h
StarRat2014/Server/remove.bat
StarRat2014/Server/svchost/ClientSocket.cpp
.js
StarRat2014/Server/svchost/ClientSocket.h
StarRat2014/Server/svchost/ReadMe.txt
StarRat2014/Server/svchost/Release/Serdll.exp
StarRat2014/Server/svchost/Release/Serdll.lib
StarRat2014/Server/svchost/Release/Serdll.map
StarRat2014/Server/svchost/Release/Zesr68f4.exp
StarRat2014/Server/svchost/Release/Zesr68f4.lib
StarRat2014/Server/svchost/Release/msxml3.tlh
.js
StarRat2014/Server/svchost/Release/msxml3.tli
StarRat2014/Server/svchost/Release/shdocvw.tlh
StarRat2014/Server/svchost/Release/shdocvw.tli
StarRat2014/Server/svchost/StdAfx.cpp
StarRat2014/Server/svchost/common/Buffer.cpp
StarRat2014/Server/svchost/common/Buffer.h
StarRat2014/Server/svchost/common/Dialupass.cpp
StarRat2014/Server/svchost/common/Dialupass.h
StarRat2014/Server/svchost/common/DllManager.cpp
StarRat2014/Server/svchost/common/DllManager.h
StarRat2014/Server/svchost/common/FileManager.cpp
StarRat2014/Server/svchost/common/KernelManager.cpp
.js
StarRat2014/Server/svchost/common/KernelManager.h
StarRat2014/Server/svchost/common/KeyboardManager.cpp
StarRat2014/Server/svchost/common/KeyboardManager.h
StarRat2014/Server/svchost/common/Manager.cpp
.js
StarRat2014/Server/svchost/common/Manager.h
StarRat2014/Server/svchost/common/MemLoadDll.h
StarRat2014/Server/svchost/common/Proxy.h
StarRat2014/Server/svchost/common/RegEditEx.cpp
StarRat2014/Server/svchost/common/RegEditEx.h
StarRat2014/Server/svchost/common/RegManager.cpp
StarRat2014/Server/svchost/common/RegManager.h
StarRat2014/Server/svchost/common/RegeditOpt.cpp
StarRat2014/Server/svchost/common/RegeditOpt.h
StarRat2014/Server/svchost/common/Registry.cpp
StarRat2014/Server/svchost/common/Registry.h
StarRat2014/Server/svchost/common/ScreenManager.cpp
.js
StarRat2014/Server/svchost/common/ScreenManager.h
StarRat2014/Server/svchost/common/ScreenSpy.cpp
StarRat2014/Server/svchost/common/ScreenSpy.h
StarRat2014/Server/svchost/common/ShellManager.cpp
StarRat2014/Server/svchost/common/ShellManager.h
StarRat2014/Server/svchost/common/SysInfo.cpp
.js
StarRat2014/Server/svchost/common/SysInfo.h
StarRat2014/Server/svchost/common/SystemManager.cpp
.js
StarRat2014/Server/svchost/common/SystemManager.h
StarRat2014/Server/svchost/common/Wit.h
StarRat2014/Server/svchost/common/ZXPortMap.cpp
StarRat2014/Server/svchost/common/ZXPortMap.h
StarRat2014/Server/svchost/common/ddos.cpp
StarRat2014/Server/svchost/common/ddos.h
StarRat2014/Server/svchost/common/decode.h
StarRat2014/Server/svchost/common/encode.h
StarRat2014/Server/svchost/common/filemanager.h
StarRat2014/Server/svchost/common/install.cpp
.js
StarRat2014/Server/svchost/common/install.h
StarRat2014/Server/svchost/common/keylog.h
StarRat2014/Server/svchost/common/login.h
StarRat2014/Server/svchost/common/loop.h
StarRat2014/Server/svchost/common/until.cpp
.js
StarRat2014/Server/svchost/common/until.h
StarRat2014/Server/svchost/head.h
StarRat2014/Server/svchost/hidelibrary.h
StarRat2014/Server/svchost/resource.h
StarRat2014/Server/svchost/svchost.cpp
.vbs
StarRat2014/Server/svchost/svchost.dsp
StarRat2014/Server/svchost/svchost.plg
.html
StarRat2014/Server/svchost/svchost.rc
StarRat2014/bin/Cache/Install.dat
.exe windows x86

ee349f2838eb4a8578b72443c467a36e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetStartupInfoA

msvcrt

exit
_acmdln
__getmainargs
_XcptFilter
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_initterm

Sections

.data
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StarRat2014/bin/Client.exe
.exe windows x86

0c8b7f107f920950ea91ab78e7b4cf78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHAutoComplete

winmm

waveInReset
PlaySoundA
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInUnprepareHeader

kernel32

CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
SetStdHandle
HeapSize
GetACP
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
ExitThread
RaiseException
RtlUnwind
GetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
GetProfileIntA
GetProfileStringA
GetTempPathA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
GetExitCodeThread
ResetEvent
CreateEventA
TlsGetValue
CloseHandle
TerminateThread
WaitForSingleObject
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
MulDiv
SetLastError
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetVolumeInformationA
GetComputerNameA
GetTickCount
DeleteFileA
WriteFile
lstrlenA
SetFilePointer
CreateFileA
EndUpdateResourceA
BeginUpdateResourceA
CopyFileA
ReadFile
GetFileSize
GetFileAttributesA
lstrcatA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
FreeResource
SizeofResource
LoadResource
FindResourceA
lstrcpyA
LocalAlloc
LocalFree
GetDiskFreeSpaceExA
IsBadCodePtr
GetLogicalDriveStringsA
lstrcpynA
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
SetThreadPriority
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
FormatMessageA
MultiByteToWideChar
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
LockResource
lstrcmpA
LocalSize
LocalReAlloc
WideCharToMultiByte
GlobalSize
GlobalFree
FreeLibrary
IsBadReadPtr
VirtualProtect
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
HeapFree
FindClose
InitializeCriticalSection
GetProcessHeap
HeapAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
GetLastError
MoveFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA

user32

GetWindowDC
LoadStringA
IsZoomed
IsRectEmpty
FillRect
FindWindowA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
CharUpperA
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
GetClassNameA
GetDialogBaseUnits
GetSysColorBrush
DestroyIcon
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
LockWindowUpdate
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetMessageA
LoadIconA
SendMessageA
EnableWindow
RegisterWindowMessageA
UpdateWindow
InvalidateRect
SetRect
wsprintfA
MessageBoxA
GetCursorPos
PtInRect
GetSubMenu
LoadMenuA
PostMessageA
GetWindowRect
LoadImageA
LoadCursorA
SetCursor
ReleaseCapture
SetWindowPos
GetDlgCtrlID
CharNextA
DeleteMenu
EnableMenuItem
GetMenuItemCount
GetClientRect
ClientToScreen
ScreenToClient
IsWindowVisible
SetCapture
GetFocus
GetWindow
GetParent
WindowFromPoint
GetSystemMetrics
MessageBeep
RegisterClipboardFormatA
SetParent
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
InvertRect
PostThreadMessageA
CopyRect
InflateRect
OffsetRect
UnregisterClassA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
SendMessageTimeoutA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetDoubleClickTime
SetCursorPos
GetMenuDefaultItem
GetMenuStringW
LookupIconIdFromDirectoryEx
SetWindowRgn
GetCursor
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetWindowRgn
IsMenu
GetMenuItemInfoA
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
InsertMenuA
GetMenuStringA
CreateMenu
GetKeyState
ShowScrollBar
GetSystemMenu
CheckMenuRadioItem
GetMenuState
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
DrawFrameControl
CreatePopupMenu
UnionRect
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
WaitMessage
MapVirtualKeyA
DrawFocusRect
DrawStateA
HideCaret
ShowCaret
DrawEdge
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
RedrawWindow
OpenClipboard
GetDesktopWindow
SetWindowLongA
GetWindowLongA
DestroyCursor
SetClassLongA
ReleaseDC
GetDC
GetIconInfo
IntersectRect
DrawIconEx
DrawTextA
GetClipboardData
AppendMenuA
CheckMenuItem

gdi32

SelectObject
DeleteObject
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
GetClipRgn
CreateRectRgn
ExtSelectClipRgn
CreateDIBSection
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
CreatePatternBrush
CreateCompatibleDC
RectVisible
Escape
CreateFontIndirectA
CopyMetaFileA
GetTextColor
GetBkColor
GetMapMode
SetRectRgn
CombineRgn
StretchDIBits
BitBlt
ExtTextOutA
SetTextColor
SetBkColor
CreateSolidBrush
GetObjectA
TextOutA
SetBkMode
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetClipBox
CreateBitmap
LPtoDP
DPtoLP
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
GetTextMetricsA
DeleteDC
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
SaveDC
RestoreDC
GetStockObject
SetPolyFillMode
Polygon
GetWindowOrgEx
GetTextAlign
Rectangle
SetPixel
GetPixel
GetCurrentObject
StretchBlt
GetDIBits
PtInRegion
EnumFontFamiliesExA
GetBitmapBits
ExtCreateRegion
GetRgnBox
CreatePolygonRgn
RoundRect
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
CreateDIBitmap
PtVisible
PolyBezierTo
SetWindowOrgEx

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
ChooseColorA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegOpenKeyExA
GetFileSecurityA
SetFileSecurityA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
ExtractIconA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ShellExecuteA
ord71
SHGetFileInfoA
SHAppBarMessage

comctl32

_TrackMouseEvent
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw

oledlg

ord1
ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
ReleaseStgMedium
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253

oleaut32

SafeArrayGetElemsize
SafeArrayGetDim
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicturePath
VariantChangeTypeEx
SafeArrayGetUBound

skinh

SkinH_AttachRes
SkinH_AdjustHSV

ws2_32

WSAIoctl
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSASocketA
WSAGetLastError
WSACreateEvent
WSAEventSelect
htons
bind
WSASend
WSACleanup
WSAStartup
gethostname
setsockopt
closesocket
getpeername
inet_ntoa
WSACloseEvent
send
ioctlsocket
recv
__WSAFDIsSet
select
connect
inet_addr
ntohs
getsockname
accept
socket
gethostbyname
WSARecv
listen

pdh

PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

avifil32

AVIFileExit
AVIStreamRelease
AVIFileRelease
AVIStreamSetFormat
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIFileInit

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

wininet

InternetGetLastResponseInfoA
InternetOpenA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/bin/Client.ini
StarRat2014/bin/Plugins/BAudioListen.dll
.dll windows x86

7ed820bb3756b9c9a8519620503beeb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
InterlockedExchange
CloseHandle
Sleep
GetCurrentThreadId
DisableThreadLibraryCalls
SetEvent
WaitForSingleObject
CancelIo
CreateEventA

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetMessageA
TranslateMessage
DispatchMessageA

msvcrt

malloc
_initterm
free
_beginthreadex
_adjust_fdiv
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil
_ftol

winmm

waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutWrite

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
recv
closesocket
send
WSAStartup
WSACleanup

Exports

Exports

Main
Version

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StarRat2014/bin/Plugins/BWebCam.dll
.dll windows x86

d6ede521ad81be0270cd0c0b663b86b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
SetEvent
WideCharToMultiByte
WaitForSingleObject
ResetEvent
InterlockedExchange
CancelIo
Sleep
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
OpenProcess
GetVersionExA
GetCurrentThreadId
GetTickCount
GetSystemInfo
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
DisableThreadLibraryCalls

user32

CloseDesktop
GetUserObjectInformationA
GetThreadDesktop
PostMessageA
OpenInputDesktop
SetThreadDesktop
OpenDesktopA

msvcrt

_strcmpi
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??3@YAXPAX@Z
??1exception@@UAE@XZ
memmove
ceil
_ftol
strlen
strstr
memcmp
__CxxFrameHandler
_purecall
??2@YAPAXI@Z
sprintf
strcpy
memset
_beginthreadex
_except_handler3
malloc
free
vsprintf
__dllonexit
_onexit
_initterm
_adjust_fdiv
??0exception@@QAE@ABQBD@Z
memcpy
??1type_info@@UAE@XZ

advapi32

OpenProcessToken
LookupAccountSidA
GetTokenInformation

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
WSACleanup
recv
select
closesocket
send
WSAStartup
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

Main
Version

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StarRat2014/bin/Plugins/ShllCodeDec.exe
.exe windows x86

123b929bb701ce7fd31fe8e23377b4e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
ReadFile
VirtualAlloc
GetFileSize
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/bin/SkinH.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 95KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StarRat2014/common/Audio.cpp
StarRat2014/common/Audio.h
StarRat2014/common/CursorInfo.h
StarRat2014/common/VideoCodec.h
StarRat2014/common/XvidDec.cpp
StarRat2014/common/XvidDec.h
StarRat2014/common/XvidEnc.cpp
StarRat2014/common/XvidEnc.h
StarRat2014/common/libxvidcore.lib
StarRat2014/common/macros.h
StarRat2014/common/xvid.h
StarRat2014/common/zlib/zconf.h
StarRat2014/common/zlib/zlib.h
StarRat2014/common/zlib/zlib.lib
StarRat2014/remove.bat

Sharing

General

Malware Config

Signatures

Files

123b929bb701ce7fd31fe8e23377b4e3

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 40KB

d241e29d5d4f85699659815efc154908

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

ws2_32

msvcp60

urlmon

wininet

netapi32

psapi

wtsapi32

Exports

Exports

Sections

.data Size: 171KB - Virtual size: 170KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 7KB

d241e29d5d4f85699659815efc154908

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

ws2_32

msvcp60

urlmon

wininet

netapi32

psapi

wtsapi32

Exports

Exports

Sections

.data Size: 171KB - Virtual size: 170KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 7KB

eaeec2037d260a719b215e1d9c24c272

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

shell32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 148KB - Virtual size: 148KB

Headers

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 40KB

.data
Size: 171KB - Virtual size: 170KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 7KB

.data
Size: 171KB - Virtual size: 170KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 148KB - Virtual size: 148KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 285KB - Virtual size: 288KB

.rsrc
Size: 31KB - Virtual size: 32KB

.data
Size: 186KB - Virtual size: 185KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 320KB - Virtual size: 318KB

.data
Size: 188KB - Virtual size: 640KB

.rsrc
Size: 852KB - Virtual size: 852KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 752B

.reloc
Size: 4KB - Virtual size: 1KB