20420b57995842a98cf2b31e016316f8c32cd7ba0a990e879f95b4560e6b9af1

Sharing

Copy URL Twitter E-mail

General

Target

20420b57995842a98cf2b31e016316f8c32cd7ba0a990e879f95b4560e6b9af1
Size

1.8MB
MD5

b26988ab441578a0ff8e3c78e679bb68
SHA1

fbe001757ded4461ecc66b32373b2deb39f2afbd
SHA256

20420b57995842a98cf2b31e016316f8c32cd7ba0a990e879f95b4560e6b9af1
SHA512

3762ada3df715431da468748cca367a6e7a8bd67edc156ba9eb9ecb73ff0f10408ace20d2ed6813a9c2cddecd43afe7d555d06049d525e0b3a0bbacb98a1e32f
SSDEEP

49152:4Li9qH8Zyh9IMmEH9KYW7xaHD1Xx6Rd2cPBe5uK6MpjNcm0C:4Li9q2ypBYn70jIdDU5vjSu

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/player_V1.0.0.25_导出/ET199_32.dll
unpack001/player_V1.0.0.25_导出/H264Parser.dll
unpack001/player_V1.0.0.25_导出/HAlgDll.dll
unpack001/player_V1.0.0.25_导出/LimitPlayer.exe
unpack001/player_V1.0.0.25_导出/UAISeal.dll
unpack001/player_V1.0.0.25_导出/UKeyVerify_Cpp.dll
unpack001/player_V1.0.0.25_导出/VideoSecurity.dll
unpack001/player_V1.0.0.25_导出/ffmpegDecoder.dll

Files

20420b57995842a98cf2b31e016316f8c32cd7ba0a990e879f95b4560e6b9af1
.zip
player_V1.0.0.25_导出/ET199_32.dll
.dll windows:4 windows x86 arch:x86

6ee8cdfa2d1ea83bbd207fd7f6770fcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

hid

HidP_GetCaps
HidD_FlushQueue
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetAttributes

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

kernel32

RaiseException
CreateFileA
WaitForSingleObject
GetLastError
CreateMutexA
ReleaseMutex
GetVersionExA
CloseHandle
WriteFile
CreateEventA
ReadFile
GetOverlappedResult
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
FlushFileBuffers
GetVersion
SetEndOfFile

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

DeregisterEventSource
ReportEventA
RegisterEventSourceA

Exports

Exports

ETChangeDir
ETChangePin
ETClose
ETControl
ETCreateDir
ETCreateDirEx
ETCreateFile
ETEnum
ETEraseDir
ETExecute
ETFormatErrorMessage
ETGenRsaKey
ETOpen
ETOpenEx
ETVerifyPin
ETWriteFile
ETWriteFileEx
PETWriteFile
TransmitAPDU

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/H264Parser.dll
.dll windows:5 windows x86 arch:x86

46928db06b3aa41c35ce2e8e7ed29509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
printf
??3@YAXPAX@Z
__clean_type_info_names_internal
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

?H264Parser_Create@@YAPAXXZ
?H264Parser_Destroy@@YAXPAX@Z
?H264Parser_Parse@@YA_NPAXPAEHPAUH264Info@@@Z

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/HAlgDll.dll
.dll windows:5 windows x86 arch:x86

0d3e144cc42bcedad4a47c9eedca7ce2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

EVP_CIPHER_CTX_set_padding
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal_ex
EVP_CIPHER_CTX_cleanup
EVP_EncryptInit_ex
SHA256
MD5
EVP_sha1
EVP_sha256
EVP_md5
HMAC
EVP_CIPHER_CTX_init
EVP_des_ede3_ofb
EVP_des_ede3_cfb64
EVP_des_ede3_cbc
RSA_padding_add_PKCS1_type_1
EVP_des_ede3_ecb
EVP_des_ofb
EVP_des_cfb64
EVP_des_cbc
EVP_des_ecb
RSA_padding_check_PKCS1_type_2
RSA_padding_check_PKCS1_type_1
RSA_padding_add_PKCS1_type_2
SHA1

msvcr90

_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
rand
??3@YAXPAX@Z
memcpy_s
??2@YAPAXI@Z
_time64
srand
memcpy
memset

kernel32

Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Exports

Exports

?AddPadding_1@@YAKKKPBEKPAEPAK@Z
?AddPadding_2@@YAKKKPAEPAKK@Z
?GenRandom@@YAKKPAE@Z
?HMac@@YAKKPBEK0KPAEPAK@Z
?HashCalc@@YAKKPBEKPAEPAK@Z
?Mac@@YAKKPBEK0K0KPAEPAK@Z
?RemovePadding_1@@YAKKKPBEKPAEPAK@Z
?RemovePadding_2@@YAKKKPAEPAK@Z
?Reverse@@YAKPAXPBXK@Z
?SymmetricKeyCalc_1@@YAKHKKKPBEK0K0KPAEPAK@Z
?SymmetricKeyCalc_2@@YAKHKKKPBEK0KPAEPAKK@Z

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/LimitPlayer.exe
.exe windows:5 windows x86 arch:x86

d0a2045dcd39731f46d489e120753071

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

kernel32

GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
GetLocaleInfoA
LCMapStringA
VirtualQuery
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
ReleaseSemaphore
CreateSemaphoreW
InterlockedCompareExchange
ExitProcess
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetSystemInfo
VirtualAlloc
LCMapStringW
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
GlobalFlags
GetModuleHandleA
InterlockedDecrement
WritePrivateProfileStringW
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetLastError
SetLastError
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
OutputDebugStringW
DeleteFileW
CreateFileW
GetFileSizeEx
SetFilePointerEx
ReadFile
CreateFileA
WriteFile
lstrlenA
CreateThread
GetTickCount
GetLocalTime
CreateEventW
SetEvent
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
OutputDebugStringA
GetSystemDefaultLCID
Sleep
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSectionAndSpinCount

user32

MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
ShowWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
CopyRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EnableWindow
GetSystemMetrics
SetWindowLongW
GetWindowLongW
EndDialog
GetSysColor
ReleaseCapture
PtInRect
GetParent
SetCapture
RedrawWindow
GetWindowRgn
SetWindowRgn
SetRect
PostMessageW
IsWindow
MsgWaitForMultipleObjects
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageW
SetCursor
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostThreadMessageW
MessageBoxW
RegisterClipboardFormatW
LoadBitmapW
CreatePopupMenu
AppendMenuW
CheckMenuItem
GetSystemMenu
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
SetTimer
KillTimer
SendMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
LoadCursorW
GetSysColorBrush
WindowFromPoint
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
EqualRect
ValidateRect

gdi32

PtInRegion
GetRgnBox
CreateRectRgn
SelectClipRgn
GetClipBox
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
GetTextExtentPoint32W
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
SetPixel
GetPixel
CreateDIBSection
ExtCreateRegion
CombineRgn
CreateCompatibleBitmap
GetDeviceCaps
GetDIBits
DeleteDC
CreateFontIndirectW
SetBkMode
SetTextColor
CreatePen
SelectObject
DeleteObject
GetStockObject
Rectangle
TextOutW
BeginPath
MoveToEx
LineTo
EndPath
StrokeAndFillPath
BitBlt
CreateCompatibleDC
ExtTextOutW
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoUninitialize
OleIsCurrentClipboard
CoGetClassObject
CoRegisterMessageFilter
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleFlushClipboard
CreateILockBytesOnHGlobal
CoTaskMemFree
OleInitialize
CoRevokeClassObject

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

videosecurity

VS_GenEncKey
VS_GetDevicesInfo
VS_ReadAddressData

winmm

timeSetEvent
timeKillEvent

dsound

ord11

h264parser

?H264Parser_Destroy@@YAXPAX@Z
?H264Parser_Create@@YAPAXXZ
?H264Parser_Parse@@YA_NPAXPAEHPAUH264Info@@@Z

ffmpegdecoder

?ff_Hi264DecCreate@@YAPAXPAUhiH264_DEC_ATTR_S@@@Z
?ff_Hi264DecDestroy@@YAXPAX@Z
?ff_Hi264DecAU@@YAJPAXPAEK_KPAUhiH264_DEC_FRAME_S@@K@Z

Exports

Exports

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_GetVersion
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset
dvxGetPlayerCurPos
dvxPlayerAddExtraInfo
dvxPlayerCreate
dvxPlayerDelExtraInfo
dvxPlayerDestory
dvxPlayerGetCurAudioChnnl
dvxPlayerGetPosition
dvxPlayerGetRate
dvxPlayerGetResolution
dvxPlayerGetVolume
dvxPlayerImageEnhance
dvxPlayerInit
dvxPlayerInputFrame
dvxPlayerPause
dvxPlayerPlay
dvxPlayerRefresh
dvxPlayerReset
dvxPlayerSavePicture
dvxPlayerSavePictureEx
dvxPlayerSelectAudio
dvxPlayerSetDateTimeColor
dvxPlayerSetDateTimeCoordinate
dvxPlayerSetDrawCallback
dvxPlayerSetDrawCallbackEx
dvxPlayerSetExtraInfoColor
dvxPlayerSetExtraInfoCoordinate
dvxPlayerSetFluence
dvxPlayerSetRate
dvxPlayerSetVolume
dvxPlayerShowDateTime
dvxPlayerSound
dvxPlayerStop
dvxPlayerSupportMultiAudio
dvxPlayerWaitForTime
dvxSetAirScapeRect
gst_h265_parser_free
gst_h265_parser_new
gst_h265_parser_sps_info

Sections

.text
Size: 1006KB - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/UAISeal.dll
.dll windows:5 windows x86 arch:x86

83807362533c7e575e355f1541ee3984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
WaitForSingleObject
CloseHandle
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
CreateFileW
CreateDirectoryW
WTSGetActiveConsoleSessionId
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapValidate
IsBadReadPtr
GetModuleFileNameW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteFile
HeapSize
HeapReAlloc
VirtualAlloc
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetLocaleInfoW
SetStdHandle
GetModuleHandleA

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

libeay32

ord1882
ord89
ord57
ord78
ord3823
ord95
ord87
ord67
ord52
ord109
ord1032
ord1031
ord1036
ord1035
ord256
ord2656
ord266
ord3067
ord2660
ord276
ord3019
ord2894
ord961
ord306
ord305
ord304
ord3236
ord310
ord300
ord299
ord301
ord339
ord3654
ord501
ord962
ord323
ord3315
ord333
ord3422
ord3663
ord484
ord120
ord485
ord490
ord110
ord149
ord150
ord111
ord493
ord118
ord486
ord3455
ord3395
ord491
ord492
ord2877
ord123
ord2241
ord2929
ord3682
ord2909
ord2831
ord2701
ord3575
ord3512
ord2724
ord2611
ord2924
ord2885
ord2243
ord2242
ord252
ord3750
ord3459
ord2466
ord3555
ord3494
ord3398
ord2206
ord2693
ord3480
ord165
ord3608
ord129
ord2532
ord2774
ord2985
ord145
ord2824
ord144
ord115
ord166

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

winscard

SCardDisconnect
SCardReconnect
SCardTransmit
SCardFreeMemory
SCardConnectA
SCardGetStatusChangeA
SCardReleaseContext
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardEndTransaction
SCardListReadersA
SCardEstablishContext
SCardBeginTransaction
SCardStatusA

advapi32

RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

Exports

Exports

UAI_CancelDetectDeviceChange
UAI_ChangePIN
UAI_CipherDataDecrypt
UAI_CipherDataEncrypt
UAI_CipherDataMac
UAI_ClearSecureState
UAI_CloseDevice
UAI_DelSessionKey
UAI_DeliveryKey
UAI_DetectDeviceChange
UAI_ExportAppAuthKey
UAI_ExportPublicKey
UAI_ExportSessionKey
UAI_ExternalAuth
UAI_Finalize
UAI_GenKeyPair
UAI_GenRandom
UAI_GenerateSK
UAI_GenerateToken1
UAI_GetAbilityInfo
UAI_GetCardNumber
UAI_GetContainerList
UAI_GetDeviceList
UAI_GetEnDeKeyHandle
UAI_GetSealDeviceAbility
UAI_GetSealPic
UAI_GetSealWaterMarkPic
UAI_GetState
UAI_Hash
UAI_ImportSessionKey
UAI_Initialize
UAI_InternalAuth
UAI_Lock
UAI_OpenDevice
UAI_PrivateKeyCalc
UAI_PublicKeyCalc
UAI_ReadCert
UAI_ReadFile
UAI_ReloadPIN
UAI_Reset
UAI_SealSign
UAI_SealWrite
UAI_SessionKeyDecrypt
UAI_SessionKeyEncrypt
UAI_Transmit
UAI_Unlock
UAI_VerifyCertData
UAI_VerifyPIN
UAI_WriteFile
UAI_WritePrivateKey
UAI_WritePublicKey

Sections

.textbss
Size: - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/UKeyVerify_Cpp.dll
.dll windows:5 windows x86 arch:x86

3a780c0a5227055254203a2158de9601

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

et199_32

ETVerifyPin
ETEnum
ETExecute
ETOpen
ETChangeDir
ETClose

Exports

Exports

areaCodeCompare
areaCodeCompareEX
checkAreaCode
getUkeyAdsInfoByType
getUkeyDevInfoFromString
getUkeyHeaderFromString
getUkeyUserInfoFromString
ukeyEt199ReadAllInfo
ukeyHeaderMarkValid

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/VideoSecurity.dll
.dll windows:5 windows x86 arch:x86

c865becb59127d376f58d794b7984c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
GetVersionExW
WaitForMultipleObjects
CloseHandle
GetCurrentThreadId
GetCurrentDirectoryA
GetFullPathNameA
GetModuleHandleA
FindFirstFileA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
CreateThread
GetPrivateProfileStringA
GetModuleFileNameA
WaitForSingleObject
GetLastError
Sleep
ExpandEnvironmentStringsA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
WriteFile
GetStdHandle
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
PeekNamedPipe
FormatMessageA
SleepEx
InitializeCriticalSection
WTSGetActiveConsoleSessionId
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateDirectoryW
ReadFile
GetProcessHeap
SetEndOfFile

advapi32

StartServiceW
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
QueryServiceStatus
ChangeServiceConfigW
QueryServiceConfigW
CloseServiceHandle
OpenSCManagerW
OpenServiceA

winscard

SCardTransmit
SCardBeginTransaction
SCardEndTransaction
SCardDisconnect
SCardConnectA
SCardFreeMemory
SCardListReadersA
SCardReleaseContext
SCardEstablishContext
SCardReleaseStartedEvent
SCardAccessStartedEvent
SCardReconnect
SCardGetStatusChangeA

shlwapi

PathFileExistsA
PathFileExistsW

wtsapi32

WTSQueryUserToken

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
bind
htons
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
ntohs

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord46
ord41
ord27
ord301
ord33
ord200

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

Exports

Exports

VS_ExportAppAuthKey
VS_GenEncKey
VS_GenInitKeys
VS_GetDevicesInfo
VS_GetVideoAuthData
VS_GetVideoAuthDataByAdminKey
VS_ReadAddressData
VS_Restore
VS_Setup
VS_WriteAddressData
VS_WriteVideoAuthData

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
player_V1.0.0.25_导出/ffmpegDecoder.dll
.dll windows:5 windows x86 arch:x86

317ed4bbf07791a60dfbe0db9ea3052e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateThread
HeapFree
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
Sleep
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentThreadId
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteFile
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreA
CreateEventA
InitializeCriticalSection
GetProcessAffinityMask
GetModuleHandleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
ExitThread
FreeEnvironmentStringsW
OutputDebugStringA
ReadFile
IsDBCSLeadByteEx
SetEndOfFile
GetProcessHeap

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

Exports

Exports

?ff_Hi264DecAU@@YAJPAXPAEK_KPAUhiH264_DEC_FRAME_S@@K@Z
?ff_Hi264DecCreate@@YAPAXPAUhiH264_DEC_ATTR_S@@@Z
?ff_Hi264DecDestroy@@YAXPAX@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drectve
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_i
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ee8cdfa2d1ea83bbd207fd7f6770fcf

Headers

File Characteristics

Imports

hid

setupapi

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 40KB - Virtual size: 92KB

.rsrc Size: 4KB - Virtual size: 808B

.reloc Size: 20KB - Virtual size: 18KB

46928db06b3aa41c35ce2e8e7ed29509

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 474B

0d3e144cc42bcedad4a47c9eedca7ce2

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 868B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 620B

d0a2045dcd39731f46d489e120753071

Headers

DLL Characteristics

File Characteristics

Imports

ddraw

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

videosecurity

winmm

dsound

h264parser

ffmpegdecoder

Exports

Exports

Sections

.text Size: 1006KB - Virtual size: 1006KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 40KB - Virtual size: 92KB

.rsrc
Size: 4KB - Virtual size: 808B

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 474B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 868B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 1006KB - Virtual size: 1006KB

_TEXT64
Size: 1KB - Virtual size: 1KB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 25KB - Virtual size: 133KB

.rodata
Size: 512B - Virtual size: 144B

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 63KB - Virtual size: 62KB

.textbss
Size: - Virtual size: 330KB

.text
Size: 692KB - Virtual size: 692KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 7KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 16KB - Virtual size: 16KB