General

Malware Config

Signatures

Files

• sitef.zip

  .zip
• Makefile
• doexec.c
• generic.h
• getopt.c
• getopt.h
• hobbit.txt
• license.txt
• nc.exe

  .exe windows x86

  98ce7b6533cbd67993e36dafb4e95946

  
  

  Code Sign

  04:00:00:00:00:01:23:9e:0f:ac:b3

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  28-01-1999 13:00

  Not After

  27-01-2017 12:00

  Subject

  CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:20:19:c1:90:66

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  18-03-2009 11:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  01:00:00:00:00:01:25:b0:b4:cc:01

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

  Not Before

  21-12-2009 09:32

  Not After

  22-12-2020 09:32

  Subject

  CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:00:00:00:00:01:30:7a:27:87:2d

  Certificate

  Issuer

  CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

  Not Before

  10-06-2011 14:37

  Not After

  10-06-2012 13:56

  Subject

  CN=Jernej Simoncic,C=SI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:23:9e:0f:af:24

  Certificate

  Issuer

  CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

  Not Before

  22-01-2004 10:00

  Not After

  27-01-2017 10:00

  Subject

  CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:2e:98:a6:da:ba:99:9f:46:ee:8c:e8:21:76:e1:0b:77:b6:0c:87

  Signer

  Actual PE Digest

  61:2e:98:a6:da:ba:99:9f:46:ee:8c:e8:21:76:e1:0b:77:b6:0c:87

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  CloseHandle

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DisconnectNamedPipe

  DuplicateHandle

  EnterCriticalSection

  ExitProcess

  ExitThread

  FreeConsole

  FreeLibrary

  GetCurrentProcess

  GetLastError

  GetModuleHandleA

  GetProcAddress

  GetStdHandle

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  PeekNamedPipe

  ReadFile

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TerminateThread

  TlsGetValue

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WriteFile

  msvcrt

  _close

  _dup

  _itoa

  _kbhit

  _open

  _read

  _strcmpi

  _strnicmp

  _write

  __getmainargs

  __p__environ

  __p__fmode

  __set_app_type

  _cexit

  _errno

  _iob

  _isatty

  _onexit

  _setjmp

  _setmode

  _sleep

  _winmajor

  abort

  atexit

  atoi

  calloc

  exit

  fflush

  fprintf

  fputc

  free

  fwrite

  getenv

  gets

  longjmp

  malloc

  memcmp

  memcpy

  memset

  rand

  signal

  sprintf

  srand

  strcat

  strchr

  strcmp

  strcpy

  strlen

  strncmp

  strncpy

  time

  vfprintf

  wsock32

  WSACleanup

  WSAGetLastError

  WSASetLastError

  WSAStartup

  __WSAFDIsSet

  accept

  bind

  closesocket

  connect

  gethostbyaddr

  gethostbyname

  getservbyname

  getservbyport

  getsockname

  htons

  inet_addr

  inet_ntoa

  listen

  ntohs

  recv

  recvfrom

  select

  send

  setsockopt

  shutdown

  socket

  Sections

  .text

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 92B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 376B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• nc64.exe

  .exe windows x64

  567531f08180ab3963b70889578118a3

  
  

  Code Sign

  04:00:00:00:00:01:23:9e:0f:ac:b3

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  28-01-1999 13:00

  Not After

  27-01-2017 12:00

  Subject

  CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:20:19:c1:90:66

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  18-03-2009 11:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  01:00:00:00:00:01:25:b0:b4:cc:01

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

  Not Before

  21-12-2009 09:32

  Not After

  22-12-2020 09:32

  Subject

  CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:00:00:00:00:01:30:7a:27:87:2d

  Certificate

  Issuer

  CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

  Not Before

  10-06-2011 14:37

  Not After

  10-06-2012 13:56

  Subject

  CN=Jernej Simoncic,C=SI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:23:9e:0f:af:24

  Certificate

  Issuer

  CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

  Not Before

  22-01-2004 10:00

  Not After

  27-01-2017 10:00

  Subject

  CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  37:ea:ae:1a:3b:e8:aa:d0:ff:79:2c:1c:e8:07:d2:0f:92:26:a4:e2

  Signer

  Actual PE Digest

  37:ea:ae:1a:3b:e8:aa:d0:ff:79:2c:1c:e8:07:d2:0f:92:26:a4:e2

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  CloseHandle

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DisconnectNamedPipe

  DuplicateHandle

  EnterCriticalSection

  ExitThread

  FreeConsole

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetModuleHandleA

  GetProcAddress

  GetStartupInfoA

  GetStdHandle

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  PeekNamedPipe

  QueryPerformanceCounter

  ReadFile

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TerminateThread

  TlsGetValue

  UnhandledExceptionFilter

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WriteFile

  msvcrt

  _close

  _dup

  _itoa

  _kbhit

  _open

  _read

  _strcmpi

  _strnicmp

  _write

  __dllonexit

  __getmainargs

  __initenv

  __iob_func

  __lconv_init

  __set_app_type

  __setusermatherr

  _acmdln

  _amsg_exit

  _cexit

  _errno

  _fmode

  _initterm

  _isatty

  _lock

  _onexit

  _setjmp

  _setmode

  _sleep

  _time64

  _unlock

  abort

  atoi

  calloc

  exit

  fflush

  fprintf

  fputc

  free

  fwrite

  getenv

  gets

  longjmp

  malloc

  memcmp

  memcpy

  memset

  rand

  signal

  sprintf

  srand

  strcat

  strchr

  strcmp

  strcpy

  strlen

  strncmp

  strncpy

  vfprintf

  wsock32

  WSACleanup

  WSAGetLastError

  WSASetLastError

  WSAStartup

  __WSAFDIsSet

  accept

  bind

  closesocket

  connect

  gethostbyaddr

  gethostbyname

  getservbyname

  getservbyport

  getsockname

  htons

  inet_addr

  inet_ntoa

  listen

  ntohs

  recv

  recvfrom

  select

  send

  setsockopt

  shutdown

  socket

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 240B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 72B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• netcat.c
• readme.txt
• tvnserver.exe

  .exe windows x64

  a875554f3b44e13e66468cd5bb84f136

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  f6:7f:2c:33:f0:a5:9a:3e:3b:b4:04:82:4b:2a:a8:f0

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  19-07-2016 00:00

  Not After

  19-07-2017 23:59

  Subject

  CN=GlavSoft LLC,O=GlavSoft LLC,POSTALCODE=634021,STREET=ul. Altayskaya 132-82,L=Tomsk,ST=Tomsk,C=RU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  70:e3:4b:db:4b:89:90:fd:19:29:f2:ce:7d:f5:ca:52:5a:da:18:ec

  Signer

  Actual PE Digest

  70:e3:4b:db:4b:89:90:fd:19:29:f2:ce:7d:f5:ca:52:5a:da:18:ec

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  psapi

  GetModuleFileNameExW

  kernel32

  QueryPerformanceCounter

  GlobalUnlock

  SetNamedPipeHandleState

  CreatePipe

  SetHandleInformation

  DeleteFileW

  FindNextFileW

  RemoveDirectoryW

  FindClose

  MoveFileW

  SetFileTime

  CreateDirectoryW

  GetLogicalDriveStringsW

  SetErrorMode

  FindFirstFileW

  GetFileSizeEx

  GetLocalTime

  SystemTimeToFileTime

  FileTimeToSystemTime

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  FlushFileBuffers

  CreateFileA

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  SetFilePointer

  GlobalAlloc

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringA

  InitializeCriticalSectionAndSpinCount

  LoadLibraryA

  HeapReAlloc

  LCMapStringW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  HeapAlloc

  GetTickCount

  HeapCreate

  HeapSetInformation

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetModuleFileNameA

  GetStdHandle

  ExitProcess

  HeapSize

  FlsAlloc

  SetLastError

  FlsFree

  FlsSetValue

  FlsGetValue

  DecodePointer

  EncodePointer

  HeapFree

  GlobalLock

  DisconnectNamedPipe

  LocalAlloc

  ReadFile

  WriteFile

  ConnectNamedPipe

  GetOverlappedResult

  CreateNamedPipeW

  CreateFileMappingW

  UnmapViewOfFile

  MapViewOfFile

  OpenThread

  OpenProcess

  DuplicateHandle

  CreateProcessW

  GetExitCodeProcess

  WaitForMultipleObjects

  TerminateProcess

  GetProcAddress

  LoadLibraryW

  FreeLibrary

  GetModuleFileNameW

  GetVersionExW

  GetComputerNameW

  SetEvent

  CreateEventW

  FormatMessageW

  LocalFree

  CreateThread

  IsDebuggerPresent

  ResumeThread

  CreateMutexW

  GetLastError

  ReleaseMutex

  WaitForSingleObject

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  GetModuleHandleW

  ProcessIdToSessionId

  Sleep

  GetCurrentProcessId

  CloseHandle

  GetCurrentThreadId

  CreateFileW

  GetCurrentProcess

  SetUnhandledExceptionFilter

  FindResourceW

  LoadResource

  LockResource

  FreeResource

  UnhandledExceptionFilter

  GetSystemTimeAsFileTime

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  GetStartupInfoW

  user32

  RegisterWindowMessageW

  GetDlgItem

  VkKeyScanExW

  GetKeyboardLayout

  ToUnicodeEx

  GetKeyState

  MapVirtualKeyW

  LoadIconW

  GetClientRect

  DestroyIcon

  UnregisterClassW

  EnumChildWindows

  MapWindowPoints

  MoveWindow

  KillTimer

  SetTimer

  SendMessageW

  MessageBoxW

  EndDialog

  CreateDialogParamW

  IsWindow

  EnumDisplayMonitors

  GetWindowThreadProcessId

  TrackPopupMenu

  GetSubMenu

  LoadMenuW

  GetCursorPos

  RemoveMenu

  SetMenuDefaultItem

  EnumDisplayDevicesW

  ChangeDisplaySettingsExW

  EnumWindows

  IsWindowVisible

  DrawIconEx

  GetIconInfo

  GetCursorInfo

  GetWindowInfo

  FindWindowExW

  GetClassNameW

  GetDC

  CloseClipboard

  IsClipboardFormatAvailable

  GetClipboardData

  EmptyClipboard

  ChangeClipboardChain

  OpenClipboard

  SetClipboardData

  SetClipboardViewer

  CallNextHookEx

  WaitMessage

  PeekMessageW

  PostThreadMessageW

  SetWindowsHookExW

  UnhookWindowsHookEx

  GetWindowRect

  SendInput

  GetSystemMetrics

  SetClassLongPtrW

  GetWindow

  FindWindowW

  ExitWindowsEx

  LockWorkStation

  OpenWindowStationW

  SetProcessWindowStation

  CloseWindowStation

  SystemParametersInfoW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  IsDialogMessageW

  RegisterClassW

  DefWindowProcW

  PostQuitMessage

  PostMessageW

  CreateWindowExW

  GetThreadDesktop

  GetUserObjectInformationW

  SetThreadDesktop

  CloseDesktop

  OpenDesktopW

  OpenInputDesktop

  SetForegroundWindow

  SetFocus

  GetForegroundWindow

  InvalidateRect

  GetWindowLongW

  GetWindowTextW

  SetWindowLongW

  ShowWindow

  SetWindowTextW

  DestroyWindow

  DialogBoxParamW

  GetWindowLongPtrW

  SetWindowLongPtrW

  gdi32

  GetBitmapBits

  GetObjectW

  BitBlt

  DeleteDC

  CreateDIBSection

  CreateDCW

  CreateCompatibleDC

  DeleteObject

  ExtEscape

  GetDIBits

  SelectObject

  GetCurrentObject

  advapi32

  RegCreateKeyExW

  ConvertStringSidToSidW

  GetTokenInformation

  CopySid

  SetEntriesInAclW

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  ImpersonateNamedPipeClient

  RevertToSelf

  DuplicateToken

  ImpersonateLoggedOnUser

  OpenThreadToken

  OpenProcessToken

  DuplicateTokenEx

  SetTokenInformation

  CreateProcessAsUserW

  RegEnumKeyW

  RegQueryValueExW

  RegSetValueExW

  RegDeleteValueW

  RegDeleteKeyW

  RegOpenKeyW

  RegCreateKeyW

  RegCloseKey

  DeleteService

  ControlService

  OpenServiceW

  StartServiceW

  QueryServiceStatusEx

  CreateServiceW

  ChangeServiceConfig2W

  CloseServiceHandle

  OpenSCManagerW

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerW

  SetServiceStatus

  SetSecurityInfo

  ReportEventW

  DeregisterEventSource

  RegisterEventSourceW

  shell32

  ord680

  SHGetSpecialFolderPathW

  ShellExecuteExW

  ShellExecuteW

  CommandLineToArgvW

  Shell_NotifyIconW

  ws2_32

  WSAGetLastError

  WSAStartup

  WSACleanup

  htonl

  bind

  connect

  setsockopt

  recv

  send

  select

  __WSAFDIsSet

  accept

  closesocket

  getsockname

  getpeername

  listen

  shutdown

  socket

  htons

  ntohl

  ntohs

  gethostname

  gethostbyname

  inet_ntoa

  inet_addr

  comctl32

  InitCommonControlsEx

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 826KB - Virtual size: 825KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 700KB - Virtual size: 700KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 29KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 67KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ