SideLoader[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SideLoader.zip
Size

7.8MB
MD5

f801ea21bc207934dd601ff668addc3d
SHA1

74df6b1cc5ff92f1cef23589cc201ce640456851
SHA256

1f4e11fde2397a35b2c3ec9a8a195b09116c0c458e649c3e9c7468bf70d87899
SHA512

de47244649b03525b67e0fae6e3ca3fbb5d6695b275a2460284d8cebfa39d3ff357b55bbee6510a87db8c61de1dee966b69cbab2776593243ebc84460e201241
SSDEEP

196608:iYXQaFihNJ+EvzdK9WCnhnnZMdZTKTQkbv3wTzK1:Ith7+EB5YRnZMdZeTHfwS1

Score

7^/10

upx vmprotect

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/乾坤袋/SkinH_EL.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/乾坤袋/SkinH_EL.dll	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/乾坤袋/乾坤袋.exe	vmprotect

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/乾坤袋/FastVerCode.dll
unpack001/乾坤袋/SkinH_EL.dll
unpack001/乾坤袋/lw.ime
unpack001/乾坤袋/乾坤袋.exe

Files

SideLoader.zip
.zip

Password: infected
乾坤袋/FastVerCode.dll
.dll windows:4 windows x86 arch:x86

c9b20a00ce9db63c65f3eee3cf3cd1cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

Netbios

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord540
ord858
ord939
ord2915
ord3584
ord543
ord803
ord3663
ord3922
ord541
ord941
ord4129
ord6876
ord2764
ord860
ord2393
ord690
ord1988
ord5808
ord1074
ord1075
ord1116
ord3229
ord389
ord665
ord1979
ord5186
ord354
ord6663
ord5710
ord5683
ord4278
ord823
ord5442
ord3318
ord6283
ord6282
ord2614
ord4202
ord6662
ord6874
ord5207
ord1158
ord5440
ord6383
ord5450
ord6394
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord535
ord940
ord825
ord800
ord537
ord1176
ord801
ord5204

msvcrt

_adjust_fdiv
__CxxFrameHandler
_CxxThrowException
_mbscmp
rand
srand
time
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
malloc

kernel32

LocalFree
WideCharToMultiByte
GetComputerNameA
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
MultiByteToWideChar

shlwapi

StrToIntA

wininet

InternetSetOptionA

Exports

Exports

GetUserInfo
GetUserInfo_A
LzGetVcodeResult
LzPutVCodeByteToServer
LzPutVCodePathToServer
RecByte
RecByte_2
RecByte_A
RecByte_A_2
RecYZM
RecYZM_2
RecYZM_A
RecYZM_A_2
Reglz
ReportError

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
乾坤袋/SkinH_EL.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
乾坤袋/lw.ime
.dll windows:4 windows x86 arch:x86

e37571c9327c51a033ee4c57f903f06d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmUnlockIMC
ImmLockIMC

user32

IsWindow
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CallWindowProcA
MessageBoxA
wsprintfA

kernel32

LCMapStringA
LoadLibraryA
FreeLibrary
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleFileNameA
ReadProcessMemory
RtlMoveMemory
WriteProcessMemory
GetProcAddress
GetSystemInfo
WideCharToMultiByte
GetProcessHeap
GetModuleHandleA

shlwapi

PathFindFileNameA

msvcrt

_ftol
memmove
??3@YAXPAX@Z
__CxxFrameHandler
malloc
free
modf
strchr
_CIfmod
strncmp
sprintf
atoi
_strnicmp
strncpy

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
Init
NotifyIME

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
乾坤袋/tp/0次.bmp
乾坤袋/tp/1.mp3
乾坤袋/tp/10金.bmp
乾坤袋/tp/11层.bmp
乾坤袋/tp/2.mp3
乾坤袋/tp/21层.bmp
乾坤袋/tp/3.mp3
乾坤袋/tp/4.bmp
乾坤袋/tp/VIP.bmp
乾坤袋/tp/qiang.bmp
乾坤袋/tp/qiang1.bmp
乾坤袋/tp/qiang2.bmp
乾坤袋/tp/ziku.txt
乾坤袋/tp/ziku2.txt
乾坤袋/tp/三星奖励.bmp
乾坤袋/tp/上限.bmp
乾坤袋/tp/不.bmp
乾坤袋/tp/不对.bmp
乾坤袋/tp/不足.bmp
乾坤袋/tp/专用.bmp
乾坤袋/tp/世界地图.bmp
乾坤袋/tp/中伤.bmp
乾坤袋/tp/九头蛟.bmp
乾坤袋/tp/买卖.bmp
乾坤袋/tp/云朵提示.bmp
乾坤袋/tp/五.bmp
乾坤袋/tp/京城广场.bmp
乾坤袋/tp/任务感叹号1.bmp
乾坤袋/tp/任务问号1.bmp
乾坤袋/tp/传.bmp
乾坤袋/tp/传送.bmp
乾坤袋/tp/传送阵.bmp
乾坤袋/tp/侍宠.bmp
乾坤袋/tp/侧边栏往右.bmp
乾坤袋/tp/借用渔船.bmp
乾坤袋/tp/兑换.bmp
乾坤袋/tp/农政仙书.bmp
乾坤袋/tp/出发.bmp
乾坤袋/tp/到达目地点.bmp
乾坤袋/tp/副本传送.bmp
乾坤袋/tp/化身.bmp
乾坤袋/tp/卖货道童.bmp
乾坤袋/tp/南天门.bmp
乾坤袋/tp/发信人.bmp
乾坤袋/tp/发红包按钮.bmp
乾坤袋/tp/合成.bmp
乾坤袋/tp/喂.bmp
乾坤袋/tp/坐骑.bmp
乾坤袋/tp/士.bmp
乾坤袋/tp/大拇指.bmp
乾坤袋/tp/天.bmp
乾坤袋/tp/天将.bmp
乾坤袋/tp/天尊使者.bmp
乾坤袋/tp/委托买入.bmp
乾坤袋/tp/安全保护.bmp
乾坤袋/tp/完成.bmp
乾坤袋/tp/完成1.bmp
乾坤袋/tp/家园.bmp
乾坤袋/tp/寻路.bmp
乾坤袋/tp/小喇叭.bmp
乾坤袋/tp/小桑村.bmp
乾坤袋/tp/已满.bmp
乾坤袋/tp/已满1.bmp
乾坤袋/tp/开启.bmp
乾坤袋/tp/强.bmp
乾坤袋/tp/归墟天堑入口.bmp
乾坤袋/tp/形神.bmp
乾坤袋/tp/形神竞技.bmp
乾坤袋/tp/心魔砺炼.bmp
乾坤袋/tp/成功.bmp
乾坤袋/tp/执事.bmp
乾坤袋/tp/扩展按键.bmp
乾坤袋/tp/扫荡副本.bmp
乾坤袋/tp/技能栏叁.bmp
乾坤袋/tp/技能栏壹.bmp
乾坤袋/tp/技能栏贰.bmp
乾坤袋/tp/挖穿山.bmp
乾坤袋/tp/接受.bmp
乾坤袋/tp/接引.bmp
乾坤袋/tp/摆摊.bmp
乾坤袋/tp/无法.bmp
乾坤袋/tp/月VIP.bmp
乾坤袋/tp/未.bmp
乾坤袋/tp/桃源村.bmp
乾坤袋/tp/每日矿.bmp
乾坤袋/tp/治疗.bmp
乾坤袋/tp/治疗NPC.bmp
乾坤袋/tp/洞庭龙女.bmp
乾坤袋/tp/海波集.bmp
乾坤袋/tp/淬骨通神丹.bmp
乾坤袋/tp/物品.bmp
乾坤袋/tp/玩家名.bmp
乾坤袋/tp/白素素.bmp
乾坤袋/tp/白色滢灵玉.bmp
乾坤袋/tp/砖.bmp
乾坤袋/tp/砖1.bmp
乾坤袋/tp/确定.bmp
乾坤袋/tp/礼.bmp
乾坤袋/tp/离开.bmp
乾坤袋/tp/立即离开.bmp
乾坤袋/tp/立即返回.bmp
乾坤袋/tp/符纸二.bmp
乾坤袋/tp/管理.bmp
乾坤袋/tp/紫岚涧.bmp
乾坤袋/tp/组队.bmp
乾坤袋/tp/绿色大问号.bmp
乾坤袋/tp/缺少.bmp
乾坤袋/tp/角色密码.bmp
乾坤袋/tp/请.bmp
乾坤袋/tp/货.bmp
乾坤袋/tp/跨线交易区.bmp
乾坤袋/tp/返魂仙丹.bmp
乾坤袋/tp/进.bmp
乾坤袋/tp/进入.bmp
乾坤袋/tp/进行治疗.bmp
乾坤袋/tp/道人.bmp
乾坤袋/tp/邓天元.bmp
乾坤袋/tp/重伤1.bmp
乾坤袋/tp/重伤2.bmp
乾坤袋/tp/重新登录.bmp
乾坤袋/tp/重试.bmp
乾坤袋/tp/金.bmp
乾坤袋/tp/金币集市.bmp
乾坤袋/tp/门派广场.bmp
乾坤袋/tp/闲.bmp
乾坤袋/tp/队伍.bmp
乾坤袋/tp/队伍字眼.bmp
乾坤袋/tp/队伍转换.bmp
乾坤袋/tp/隐藏任务追踪1.bmp
乾坤袋/tp/隐藏任务追踪2.bmp
乾坤袋/tp/领取.bmp
乾坤袋/tp/领取1.bmp
乾坤袋/tp/领取2.bmp
乾坤袋/tp/领取道具.bmp
乾坤袋/tp/领红包.bmp
乾坤袋/tp/飞越宁海.bmp
乾坤袋/tp/龟.bmp
乾坤袋/tp/龟管家.bmp
乾坤袋/乾坤袋.exe
.exe windows:5 windows x86 arch:x86

cd0d5d06657e6676f84534542816d9cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

winmm

midiStreamOut

ws2_32

setsockopt

rasapi32

RasHangUpA

kernel32

GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetFocus
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

ExcludeClipRect

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

OleRun

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Add

wsock32

ntohs

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

nU�/��͘��#{��6��O�W��~��ف"�_O9�%R��<��(��+�"�Ƚ��z�zyLMO.S��kbo/��U��o��Ļ�F��6�&��F@5;�'>��C�� LpO��Y)Q��q��R%�5��!��'��/w�_Q�f��>]y��Y�gaS�fL�� ܸg�!F��eLn��~��q�xV�:�џ�7Q��0P��S��&��0�G�� @L( �MW'X��V�u.��N��m�hn|�ߥ��4��/��Su��5��=��E��Inʃ��^.�]��@M��l�%GY�şwW��#��*��9�v4�K�V\�� wD�ߍ��"��O��l��7��WQ4%��TgY��!ٱKe�eҜ=��P��h�<�k�?q��B�̖� dƕ9�rә� q4I0$5?��7��jq��_G�[E'ӥ��2�Y`Q%A:l8;��j�G��;M� 3#P]Q&@�mY��g?(�d�| G�^�)��~? Nȡ�`��i��}�DR�݀�<�Ls.3�YV��Il'0�\P�O�;��b�7��v��ampr�s�΄��V7(��_��"�ay��4�3�Yd�E��ϼ��yr��LM�(7̯%�N��r��H��q�Z�_��k��X��Qj�Qt�w�z%ݢz��W��[Z�A:�MD�/a`�Nu3J!ي{�V�qpfh�C�tXZ�FmJ'M�#��Au� i�ޖ˽��%_�ṫJ-E��vKX��*�R��0W��"\��~�o�.-e�S-�rF;�S��Z�̈�V��y�x`�dY��ڏ�n6��S��>�iX�C!��i�a�Y�xs��A[h��Zj��,#�[�e��8��9oc8�,��j��!R�/�er��<:$q�Q�J2cyO<�|K��M�f$�X�u�Hɸ%Bމ&q c�2�~�PǱN��ғTG�̇�!:�29��u'��4�]��K�lP&�i�L�!㱞!��K��c�]��B�lS|78�I�Y>�Q�gP��I3HG/� ǀ�᧪�N)�0�6�(�#��7OJ��8�ks ��zUj^1��u��F:9 , �� bI#��h��Tʎ..��Z/~�z��4�1��L��F��Y;��/ �F��Y�9\D�}m��C�e�!U�bF��+�\�` �m�O�p�ʩ��Y��Q�Xb��g�Od��5�v��t9#�v\��3ڣ��ɥ�@I�8�l��,~��3&�u\��O�Wo�WgA˭�-h*��d��~�<��O��ʧ[��N|��\.��5k̕ЌCnb��bG�9^R��}a�1� �2��e�%�w��KH@�9O��U��{��3>6aAj �"v{��a��23�0��Fe�.��Gj��^��I�m5��b��I� �OW��&[��g��_�Ӏ`��9=�0,v_ 𠍂�Urd��2*��Rʷq/�3�k��/�;FT\6��gUy��T��5˥��|R��:��,X{3.�'�]$�lI3��]��>'�0�a�Cw�'#S�γ�x��"n.껒Z��nRt��L�ς�bN�=c��:q�q19�(�4��,Q�%㘭�ԯ�.H�n,�<.7� ��0T%?F�C9��Ɵ�fd8"�o�&Q��J��}�P��aA_�Z�O�R ��̊I��~Ҭ��3�Q��L{�h��y��[��,�i�UA_˱C��|��+�P�ޢp�'��֡l�:��G:�;��n;�AM��SY��o��쭖��|��z�[��E�֭�3řd;!��z"5Y� 7�m��]>��(��p?q��Flz�z�=��7rB ��we��[�A�#��>`PZvS��u��V�o )Y��^��Bd�Q��(F��s��/.")�Q��k֊.d�� N�b��|@J3� G%�1�]YR��S2��c�+��V!�ş�rrUjV�<��=Ī�#n��#ç�qX��+N�w�ޞC��(��F3k�ߖz�etIls`��.p��ܱ��k�,��W��g�/ê+�0��Fs�p ��i��>|�I3��8E"/v��y��W+׭̬;p$��r3e�"b��t�N��lt�'��S��٨�GdΘ�<a�*K#Z|~;�9Ƚ� W_st�T+Ƭ8X��1�PG��ng�FZ�� w��+Dy30��lP��r�f�.��W��)��'�(w��]ғ?��w�;N��G��0��{��1cT��5Y ��0�d��]��D`�j0��#�a^&��4N�4P� J�>��Eb�>��ӑ{�co��w��m��bcv��s.��f�� I��!jåFO;>��I��:6/7Uh��ֳ��)2'��X��x��Q ��~v��6"�R~�د8�4�ܙ�� B�6��ҙ �[NPma�-��]k�î�s3t�iI��S�٠&��l�-��n�o{-K~��k�̓�z$ܳ �N�h�� Q:)bSi��Q�j�Q�s��Хrǀ�}��w��u��m\ W*��v�E`Xr��a�z��M\�A��J�#O�X�ۢ�0�u��D��5�3@_+n��́Σ�zنf�x�RlP�ioΣ��]�`�[2b�\~�'�Z��5A��F�b�E�%^��[O��;*^�P#qlbC*��2}F��?ts��B��t=�Ѱ�F5�!�\��V=�q|�q��_�`�1��B��++?qR�kof ޷��{��J�q��yU��=#��$0"`�ɭ�V�o"�Y6��[7]�p��v��Q��+�d��,~-�$�w]�y|?��,�j��:g��y�Q��6�i`dZ��V��/��p�_

Sections

.text
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c9b20a00ce9db63c65f3eee3cf3cd1cb

Headers

File Characteristics

Imports

netapi32

mfc42

msvcrt

kernel32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 83KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

e37571c9327c51a033ee4c57f903f06d

Headers

File Characteristics

Imports

imm32

user32

kernel32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 50KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

cd0d5d06657e6676f84534542816d9cd

Headers

File Characteristics

Imports

iphlpapi

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

wininet

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 2.1MB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 1.2MB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 88KB - Virtual size: 86KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 50KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: - Virtual size: 2.1MB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 1.2MB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 88KB - Virtual size: 86KB