0631054b029827f22578f6f01715c0a3

Sharing

Copy URL Twitter E-mail

General

Target

0631054b029827f22578f6f01715c0a3
Size

642KB
MD5

0631054b029827f22578f6f01715c0a3
SHA1

8ea9aa94c7aefc55d54df0f342b0f8e42ec5ce0c
SHA256

57d0cdbee1cb65967ac80178b61b54de623627d7f31b789f7f8b171d38ded034
SHA512

2412e213a9a33d53e667e22854b57eb9966099f41042e5fe452465eb75ba06db1e440b68553c2246071fb873c31027a4977e14b5206e4ab9a6f8d2eb7d96bbbf
SSDEEP

12288:NoE1UyC5gvbFDnvdM1gWMvkY10A/VLgVt0pbWmGd9pNJmA76D3W2cCtl3xt:CE9bFDvdKgWMvlV1bWmm1mA87cCf3/

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/D3dHook.dll	aspack_v212_v242
static1/unpack001/Game Dxwnd v1.0.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/D3dHook.dll
unpack001/Game Dxwnd v1.0.exe

Files

0631054b029827f22578f6f01715c0a3
.zip
D3dHook.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$xp$12Madtools@TOS
@$xp$15Madtypes@TAByte
@$xp$15Madtypes@TAChar
@$xp$15Madtypes@TAWord
@$xp$15Madtypes@TPByte
@$xp$15Madtypes@TPChar
@$xp$15Madtypes@TPWord
@$xp$15Madtypes@TSByte
@$xp$15Madtypes@TSChar
@$xp$16Madtools@TOsEnum
@$xp$16Madtypes@TAInt64
@$xp$16Madtypes@TDAByte
@$xp$16Madtypes@TDAChar
@$xp$16Madtypes@TDAWord
@$xp$16Madtypes@TMethod
@$xp$16Madtypes@TPAByte
@$xp$16Madtypes@TPAChar
@$xp$16Madtypes@TPAWord
@$xp$16Madtypes@TPInt64
@$xp$16Madtypes@TPSByte
@$xp$16Madtypes@TPSChar
@$xp$17Madtypes@TAString
@$xp$17Madtypes@TDAInt64
@$xp$17Madtypes@TExtBool
@$xp$17Madtypes@TPAInt64
@$xp$17Madtypes@TPDAByte
@$xp$17Madtypes@TPDAChar
@$xp$17Madtypes@TPDAWord
@$xp$17Madtypes@TPString
@$xp$18Madtypes@TABoolean
@$xp$18Madtypes@TAExtBool
@$xp$18Madtypes@TAInteger
@$xp$18Madtypes@TAPointer
@$xp$18Madtypes@TDAString
@$xp$18Madtypes@TPAString
@$xp$18Madtypes@TPBoolean
@$xp$18Madtypes@TPDAInt64
@$xp$18Madtypes@TPExtBool
@$xp$18Madtypes@TPInteger
@$xp$18Madtypes@TPPointer
@$xp$18Madtypes@TSBoolean
@$xp$18Madtypes@TSExtBool
@$xp$19Madtypes@TACardinal
@$xp$19Madtypes@TAIUnknown
@$xp$19Madtypes@TAShortInt
@$xp$19Madtypes@TASmallInt
@$xp$19Madtypes@TDABoolean
@$xp$19Madtypes@TDAExtBool
@$xp$19Madtypes@TDAInteger
@$xp$19Madtypes@TDAPointer
@$xp$19Madtypes@TPABoolean
@$xp$19Madtypes@TPAExtBool
@$xp$19Madtypes@TPAInteger
@$xp$19Madtypes@TPAPointer
@$xp$19Madtypes@TPCardinal
@$xp$19Madtypes@TPDAString
@$xp$19Madtypes@TPIUnknown
@$xp$19Madtypes@TPSBoolean
@$xp$19Madtypes@TPSExtBool
@$xp$19Madtypes@TPShortInt
@$xp$19Madtypes@TPSmallInt
@$xp$20Madremote@TDAProcess
@$xp$20Madtypes@TDACardinal
@$xp$20Madtypes@TDAIUnknown
@$xp$20Madtypes@TDAShortInt
@$xp$20Madtypes@TDASmallInt
@$xp$20Madtypes@TPACardinal
@$xp$20Madtypes@TPAIUnknown
@$xp$20Madtypes@TPAShortInt
@$xp$20Madtypes@TPASmallInt
@$xp$20Madtypes@TPDABoolean
@$xp$20Madtypes@TPDAExtBool
@$xp$20Madtypes@TPDAInteger
@$xp$20Madtypes@TPDAPointer
@$xp$21Madtypes@MadException
@$xp$21Madtypes@TPDACardinal
@$xp$21Madtypes@TPDAIUnknown
@$xp$21Madtypes@TPDAShortInt
@$xp$21Madtypes@TPDASmallInt
@$xp$22Maddisasm@madDisAsm__2
@$xp$22Maddisasm@madDisAsm__3
@$xp$22Maddisasm@madDisAsm__4
@$xp$22Maddisasm@madDisAsm__5
@$xp$22Maddisasm@madDisAsm__6
@$xp$22Maddisasm@madDisAsm__7
@$xp$22Madremote@madRemote__1
@$xp$22Madtools@TMsgHandlerOO
@$xp$23Maddisasm@TFunctionInfo
@$xp$24Maddisasm@TPFunctionInfo
@$xp$24Madremote@TModuleEntry32
@$xp$25Madremote@TProcessEntry32
@@Ddrawform@Finalize
@@Ddrawform@Initialize
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Inifiles@TCustomIniFile@$bdtr$qqrv
@Inifiles@TIniFile@$bctr$qqrx17System@AnsiString
@Inifiles@TIniFile@$bdtr$qqrv
@Madcodehook@AddAccessForEveryone$qqsuiui
@Madcodehook@AmSystemProcess$qqsv
@Madcodehook@AmUsingInputDesktop$qqsv
@Madcodehook@AnsiToWide$qqspcpb
@Madcodehook@CollectHooks$qqrv
@Madcodehook@CreateGlobalEvent$qqspcii
@Madcodehook@CreateGlobalFileMapping$qqspcui
@Madcodehook@CreateGlobalMutex$qqspc
@Madcodehook@CreateIpcQueue$qqspcpqqspcpvuit2ui$v
@Madcodehook@CreateIpcQueueEx$qqspcpqqspcpvuit2ui$vuiui
@Madcodehook@CreateProcessEx$qqrpct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATION17System@AnsiString
@Madcodehook@CreateProcessExA$qqspct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@CreateProcessExW$qqspbt1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@DestroyIpcQueue$qqspc
@Madcodehook@Finalization$qqrv
@Madcodehook@FinalizeMadCHook$qqrv
@Madcodehook@FindRealCode$qqrpv
@Madcodehook@FlushHooks$qqrv
@Madcodehook@GetCallingModule$qqsv
@Madcodehook@GetCurrentSessionId$qqsv
@Madcodehook@GetInputSessionId$qqsv
@Madcodehook@HookAPI$qqspct1pvrpvui
@Madcodehook@HookCode$qqspvt1rpvui
@Madcodehook@InitializeMadCHook$qqrv
@Madcodehook@InjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@InjectLibraryA$qqsuipcui
@Madcodehook@InjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@InjectLibrarySessionA$qqsuiipcui
@Madcodehook@InjectLibrarySessionW$qqsuiipbui
@Madcodehook@InjectLibraryW$qqsuipbui
@Madcodehook@OpenGlobalEvent$qqspc
@Madcodehook@OpenGlobalFileMapping$qqspci
@Madcodehook@OpenGlobalMutex$qqspc
@Madcodehook@ProcessIdToFileName$qqsuipc
@Madcodehook@RenewHook$qqsrpv
@Madcodehook@SendIpcMessage$qqspcpvuit2uiuii
@Madcodehook@UnhookAPI$qqsrpv
@Madcodehook@UnhookCode$qqsrpv
@Madcodehook@UninjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@UninjectLibraryA$qqsuipcui
@Madcodehook@UninjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@UninjectLibrarySessionA$qqsuiipcui
@Madcodehook@UninjectLibrarySessionW$qqsuiipbui
@Madcodehook@UninjectLibraryW$qqsuipbui
@Madcodehook@WideToAnsi$qqspbpc
@Madcodehook@amMchDll
@Madcodehook@initialization$qqrv
@Maddisasm@EndTryRead$qqrui
@Maddisasm@Finalization$qqrv
@Maddisasm@GetExportDirectory$qqrpvruirp30Madtools@TImageExportDirectory
@Maddisasm@GetProcNameFromMapFile
@Maddisasm@KernelProc$qqr17System@AnsiString
@Maddisasm@Magic$qqrv
@Maddisasm@Magic95$qqrv
@Maddisasm@NtProc$qqr17System@AnsiString
@Maddisasm@ParseCode$qqrpv
@Maddisasm@ParseCode$qqrpvr17System@AnsiString
@Maddisasm@ParseCode_$qqrpvui
@Maddisasm@ParseFunction$qqrpv
@Maddisasm@ParseFunction$qqrpvr17System@AnsiString
@Maddisasm@ParseFunctionEx$qqrpvr17System@AnsiStringt1io
@Maddisasm@ParseFunction_$qqrpvui
@Maddisasm@SolveW9xDebugMode$qqrpv
@Maddisasm@StartTryRead$qqrv
@Maddisasm@TryRead$qqrpvt1iui
@Maddisasm@TryWrite$qqrpvt1iui
@Maddisasm@initialization$qqrv
@Maddisasm@kernel32handle$qqrv
@Maddisasm@ntdllhandle$qqrv
@Madremote@AllocMemEx$qqsuiui
@Madremote@CopyFunction$qqrpvuioppvp23Maddisasm@TFunctionInfo
@Madremote@CreateRemoteThreadEx$qqsuip20_SECURITY_ATTRIBUTESipvt4uirui
@Madremote@CreateToolhelp32Snapshot
@Madremote@EnumProcesses$qqrv
@Madremote@Finalization$qqrv
@Madremote@FreeMemEx$qqspvui
@Madremote@GetKernel32ProcessHandle$qqrv
@Madremote@GetSmssProcessHandle$qqrv
@Madremote@HandleLiveForever$qqrui
@Madremote@InitSharedMem9x$qqrppvt1
@Madremote@InitToolhelp$qqrv
@Madremote@InitUnprotectMemory$qqrv
@Madremote@IsMemoryProtected$qqrpv
@Madremote@Module32First
@Madremote@Module32Next
@Madremote@Process32First
@Madremote@Process32Next
@Madremote@ProcessHandleToId$qqsui
@Madremote@ProtectMemory$qqrpvui
@Madremote@RemoteExecute$qqsuipqqspv$uiruipvui
@Madremote@UnprotectMemory$qqrpvui
@Madremote@UnprotectMemoryAsm$qqrv
@Madremote@initialization$qqrv
@Madstrings@AnsiToWideEx$qqr17System@AnsiStringo
@Madstrings@BooleanToChar$qqro
@Madstrings@CompareStr$qqrx17System@AnsiStringt1
@Madstrings@CompareText$qqrx17System@AnsiStringt1
@Madstrings@CopyR$qqrx17System@AnsiStringui
@Madstrings@DecryptStr$qqr17System@AnsiString
@Madstrings@DeleteR$qqrr17System@AnsiStringui
@Madstrings@ErrorCodeToStr$qqrui
@Madstrings@FileMatch$qqr17System@AnsiStringt1
@Madstrings@FillStr$qqr17System@AnsiStringic
@Madstrings@Finalization$qqrv
@Madstrings@FormatSubStrs$qqrr17System@AnsiStringc
@Madstrings@IntToHexEx$qqriic
@Madstrings@IntToHexEx$qqrjic
@Madstrings@IntToHexEx$qqruiic
@Madstrings@IntToStrEx$qqriic
@Madstrings@IntToStrEx$qqrjic
@Madstrings@IntToStrEx$qqruiic
@Madstrings@IsTextEqual$qqrx17System@AnsiStringt1
@Madstrings@Keep$qqrr17System@AnsiStringuiui
@Madstrings@KeepR$qqrr17System@AnsiStringui
@Madstrings@KillChar$qqrr17System@AnsiStringc
@Madstrings@KillChars$qqrr17System@AnsiStringrx29System@%Set$tc$iuc$0$iuc$255%
@Madstrings@KillStr$qqrr17System@AnsiString17System@AnsiString
@Madstrings@LowChar$qqrxc
@Madstrings@LowStr$qqrx17System@AnsiString
@Madstrings@MsToStr$qqrui
@Madstrings@PosChars$qqrrx29System@%Set$tc$iuc$0$iuc$255%x17System@AnsiStringuiui
@Madstrings@PosPChar$qqrpct1uiuiouiui
@Madstrings@PosStr$qqrx17System@AnsiStringt1uiui
@Madstrings@PosStrIs1$qqrx17System@AnsiStringt1
@Madstrings@PosText$qqrx17System@AnsiStringt1uiui
@Madstrings@PosTextIs1$qqrx17System@AnsiStringt1
@Madstrings@ReplaceStr$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@ReplaceText$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@RetDelete$qqrx17System@AnsiStringuiui
@Madstrings@RetDeleteR$qqrx17System@AnsiStringui
@Madstrings@RetTrimStr$qqrx17System@AnsiString
@Madstrings@SizeToStr$qqrj
@Madstrings@StrMatch$qqr17System@AnsiStringt1
@Madstrings@StrMatchEx$qqr17System@AnsiStringt1
@Madstrings@StrToIntEx$qqropci
@Madstrings@SubStr$qqr17System@AnsiStringuic
@Madstrings@SubStrCount$qqr17System@AnsiStringc
@Madstrings@SubStrExists$qqr17System@AnsiStringt1c
@Madstrings@SubTextExists$qqr17System@AnsiStringt1c
@Madstrings@TextMatch$qqr17System@AnsiStringt1
@Madstrings@TextMatchEx$qqr17System@AnsiStringt1
@Madstrings@TrimStr$qqrr17System@AnsiString
@Madstrings@UpChar$qqrxc
@Madstrings@UpStr$qqrx17System@AnsiString
@Madstrings@WideToAnsiEx$qqrpb
@Madstrings@initialization$qqrv
@Madtools@AddMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@AddMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@COsDescr
@Madtools@DelMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@DelMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@FileVersionToStr$qqrj
@Madtools@Finalization$qqrv
@Madtools@FindModule$qqrpvruir17System@AnsiString
@Madtools@GetFileVersion$qqr17System@AnsiString
@Madtools@GetFreeSystemResources$qqrus
@Madtools@GetImageExportDirectory$qqrui
@Madtools@GetImageImportDirectory$qqrui
@Madtools@GetImageNtHeaders$qqrui
@Madtools@GetImageProcAddress$qqrui17System@AnsiString
@Madtools@GetImageProcAddress$qqruii
@Madtools@GetImageProcName$qqruipvo
@Madtools@GetLongFileName$qqr17System@AnsiString
@Madtools@GetShortFileName$qqr17System@AnsiString
@Madtools@InitTryExceptFinally$qqrv
@Madtools@MethodToProcedure$qqrp14System@TObjectpv
@Madtools@MethodToProcedure$qqrrx16Madtypes@TMethod
@Madtools@MsgHandlerWindow$qqrui
@Madtools@OS$qqrv
@Madtools@ProcedureToMethod$qqrp14System@TObjectpv
@Madtools@TickDif$qqrui
@Madtools@Unmangle$qqrr17System@AnsiStringt1
@Madtools@VirtualToRaw$qqrp17_IMAGE_NT_HEADERSui
@Madtools@initialization$qqrv
@Madtypes@Finalization$qqrv
@Madtypes@MadException@
@Madtypes@MadException@$bctr$qqrx17System@AnsiString
@Madtypes@initialization$qqrv
___CPPdebugHook
_frmDDraw

Sections

.text
Size: 229KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Game Dxwnd v1.0 ˵.CHM
.chm
Game Dxwnd v1.0.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@$xp$12Madtools@TOS
@$xp$15Madtypes@TAByte
@$xp$15Madtypes@TAChar
@$xp$15Madtypes@TAWord
@$xp$15Madtypes@TPByte
@$xp$15Madtypes@TPChar
@$xp$15Madtypes@TPWord
@$xp$15Madtypes@TSByte
@$xp$15Madtypes@TSChar
@$xp$16Madtools@TOsEnum
@$xp$16Madtypes@TAInt64
@$xp$16Madtypes@TDAByte
@$xp$16Madtypes@TDAChar
@$xp$16Madtypes@TDAWord
@$xp$16Madtypes@TMethod
@$xp$16Madtypes@TPAByte
@$xp$16Madtypes@TPAChar
@$xp$16Madtypes@TPAWord
@$xp$16Madtypes@TPInt64
@$xp$16Madtypes@TPSByte
@$xp$16Madtypes@TPSChar
@$xp$17Madtypes@TAString
@$xp$17Madtypes@TDAInt64
@$xp$17Madtypes@TExtBool
@$xp$17Madtypes@TPAInt64
@$xp$17Madtypes@TPDAByte
@$xp$17Madtypes@TPDAChar
@$xp$17Madtypes@TPDAWord
@$xp$17Madtypes@TPString
@$xp$17Taskbar@TTrayIcon
@$xp$18Madtypes@TABoolean
@$xp$18Madtypes@TAExtBool
@$xp$18Madtypes@TAInteger
@$xp$18Madtypes@TAPointer
@$xp$18Madtypes@TDAString
@$xp$18Madtypes@TPAString
@$xp$18Madtypes@TPBoolean
@$xp$18Madtypes@TPDAInt64
@$xp$18Madtypes@TPExtBool
@$xp$18Madtypes@TPInteger
@$xp$18Madtypes@TPPointer
@$xp$18Madtypes@TSBoolean
@$xp$18Madtypes@TSExtBool
@$xp$19Madtypes@TACardinal
@$xp$19Madtypes@TAIUnknown
@$xp$19Madtypes@TAShortInt
@$xp$19Madtypes@TASmallInt
@$xp$19Madtypes@TDABoolean
@$xp$19Madtypes@TDAExtBool
@$xp$19Madtypes@TDAInteger
@$xp$19Madtypes@TDAPointer
@$xp$19Madtypes@TPABoolean
@$xp$19Madtypes@TPAExtBool
@$xp$19Madtypes@TPAInteger
@$xp$19Madtypes@TPAPointer
@$xp$19Madtypes@TPCardinal
@$xp$19Madtypes@TPDAString
@$xp$19Madtypes@TPIUnknown
@$xp$19Madtypes@TPSBoolean
@$xp$19Madtypes@TPSExtBool
@$xp$19Madtypes@TPShortInt
@$xp$19Madtypes@TPSmallInt
@$xp$19Trshlapi@TOnMessage
@$xp$20Madremote@TDAProcess
@$xp$20Madtypes@TDACardinal
@$xp$20Madtypes@TDAIUnknown
@$xp$20Madtypes@TDAShortInt
@$xp$20Madtypes@TDASmallInt
@$xp$20Madtypes@TPACardinal
@$xp$20Madtypes@TPAIUnknown
@$xp$20Madtypes@TPAShortInt
@$xp$20Madtypes@TPASmallInt
@$xp$20Madtypes@TPDABoolean
@$xp$20Madtypes@TPDAExtBool
@$xp$20Madtypes@TPDAInteger
@$xp$20Madtypes@TPDAPointer
@$xp$21Madtypes@MadException
@$xp$21Madtypes@TPDACardinal
@$xp$21Madtypes@TPDAIUnknown
@$xp$21Madtypes@TPDAShortInt
@$xp$21Madtypes@TPDASmallInt
@$xp$22Maddisasm@madDisAsm__2
@$xp$22Maddisasm@madDisAsm__3
@$xp$22Maddisasm@madDisAsm__4
@$xp$22Maddisasm@madDisAsm__5
@$xp$22Maddisasm@madDisAsm__6
@$xp$22Maddisasm@madDisAsm__7
@$xp$22Madremote@madRemote__1
@$xp$22Madtools@TMsgHandlerOO
@$xp$22Taskbar@TIconAnimation
@$xp$22Trshlapi@TTaskTrayIcon
@$xp$22Trshlapi@TToolTipStyle
@$xp$23Maddisasm@TFunctionInfo
@$xp$24Maddisasm@TPFunctionInfo
@$xp$24Madremote@TModuleEntry32
@$xp$24Trshlapi@TOnTrayIconFlag
@$xp$25Madremote@TProcessEntry32
@$xp$25Trshlapi@TBalloonIconType
@$xp$25Trshlapi@TOnTrayIconFlags
@$xp$28Trshlapi@TCustomToolTipStyle
@$xp$28Trshlapi@TTrayIconMouseState
@$xp$29Trshlapi@TTrayIconMouseStates
@$xp$29Trshlapi@TTrayIconWinProcList
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TComponent@UpdateRegistry$qqr4boolx17System@AnsiStringxt2
@Classes@TPersistent@$bctr$qqrv
@Classes@TStringList@$bctr$qqrv
@Classes@TStrings@$bctr$qqrv
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponent
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bctr$qqrp18Classes@TComponenti
@Forms@TForm@$bdtr$qqrv
@Forms@TForm@$bdtr$qqrv
@Graphics@TGraphic@$bdtr$qqrv
@Inifiles@TCustomIniFile@$bdtr$qqrv
@Inifiles@TIniFile@$bctr$qqrx17System@AnsiString
@Inifiles@TIniFile@$bdtr$qqrv
@Madcodehook@AddAccessForEveryone$qqsuiui
@Madcodehook@AmSystemProcess$qqsv
@Madcodehook@AmUsingInputDesktop$qqsv
@Madcodehook@AnsiToWide$qqspcpb
@Madcodehook@CollectHooks$qqrv
@Madcodehook@CreateGlobalEvent$qqspcii
@Madcodehook@CreateGlobalFileMapping$qqspcui
@Madcodehook@CreateGlobalMutex$qqspc
@Madcodehook@CreateIpcQueue$qqspcpqqspcpvuit2ui$v
@Madcodehook@CreateIpcQueueEx$qqspcpqqspcpvuit2ui$vuiui
@Madcodehook@CreateProcessEx$qqrpct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATION17System@AnsiString
@Madcodehook@CreateProcessExA$qqspct1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@CreateProcessExW$qqspbt1p20_SECURITY_ATTRIBUTESt3iuipvt1rx13_STARTUPINFOAr20_PROCESS_INFORMATIONt1
@Madcodehook@DestroyIpcQueue$qqspc
@Madcodehook@Finalization$qqrv
@Madcodehook@FinalizeMadCHook$qqrv
@Madcodehook@FindRealCode$qqrpv
@Madcodehook@FlushHooks$qqrv
@Madcodehook@GetCallingModule$qqsv
@Madcodehook@GetCurrentSessionId$qqsv
@Madcodehook@GetInputSessionId$qqsv
@Madcodehook@HookAPI$qqspct1pvrpvui
@Madcodehook@HookCode$qqspvt1rpvui
@Madcodehook@InitializeMadCHook$qqrv
@Madcodehook@InjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@InjectLibraryA$qqsuipcui
@Madcodehook@InjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@InjectLibrarySessionA$qqsuiipcui
@Madcodehook@InjectLibrarySessionW$qqsuiipbui
@Madcodehook@InjectLibraryW$qqsuipbui
@Madcodehook@OpenGlobalEvent$qqspc
@Madcodehook@OpenGlobalFileMapping$qqspci
@Madcodehook@OpenGlobalMutex$qqspc
@Madcodehook@ProcessIdToFileName$qqsuipc
@Madcodehook@RenewHook$qqsrpv
@Madcodehook@SendIpcMessage$qqspcpvuit2uiuii
@Madcodehook@UnhookAPI$qqsrpv
@Madcodehook@UnhookCode$qqsrpv
@Madcodehook@UninjectLibrary$qqrui17System@AnsiStringui
@Madcodehook@UninjectLibraryA$qqsuipcui
@Madcodehook@UninjectLibrarySession$qqruii17System@AnsiStringui
@Madcodehook@UninjectLibrarySessionA$qqsuiipcui
@Madcodehook@UninjectLibrarySessionW$qqsuiipbui
@Madcodehook@UninjectLibraryW$qqsuipbui
@Madcodehook@WideToAnsi$qqspbpc
@Madcodehook@amMchDll
@Madcodehook@initialization$qqrv
@Maddisasm@EndTryRead$qqrui
@Maddisasm@Finalization$qqrv
@Maddisasm@GetExportDirectory$qqrpvruirp30Madtools@TImageExportDirectory
@Maddisasm@GetProcNameFromMapFile
@Maddisasm@KernelProc$qqr17System@AnsiString
@Maddisasm@Magic$qqrv
@Maddisasm@Magic95$qqrv
@Maddisasm@NtProc$qqr17System@AnsiString
@Maddisasm@ParseCode$qqrpv
@Maddisasm@ParseCode$qqrpvr17System@AnsiString
@Maddisasm@ParseCode_$qqrpvui
@Maddisasm@ParseFunction$qqrpv
@Maddisasm@ParseFunction$qqrpvr17System@AnsiString
@Maddisasm@ParseFunctionEx$qqrpvr17System@AnsiStringt1io
@Maddisasm@ParseFunction_$qqrpvui
@Maddisasm@SolveW9xDebugMode$qqrpv
@Maddisasm@StartTryRead$qqrv
@Maddisasm@TryRead$qqrpvt1iui
@Maddisasm@TryWrite$qqrpvt1iui
@Maddisasm@initialization$qqrv
@Maddisasm@kernel32handle$qqrv
@Maddisasm@ntdllhandle$qqrv
@Madremote@AllocMemEx$qqsuiui
@Madremote@CopyFunction$qqrpvuioppvp23Maddisasm@TFunctionInfo
@Madremote@CreateRemoteThreadEx$qqsuip20_SECURITY_ATTRIBUTESipvt4uirui
@Madremote@CreateToolhelp32Snapshot
@Madremote@EnumProcesses$qqrv
@Madremote@Finalization$qqrv
@Madremote@FreeMemEx$qqspvui
@Madremote@GetKernel32ProcessHandle$qqrv
@Madremote@GetSmssProcessHandle$qqrv
@Madremote@HandleLiveForever$qqrui
@Madremote@InitSharedMem9x$qqrppvt1
@Madremote@InitToolhelp$qqrv
@Madremote@InitUnprotectMemory$qqrv
@Madremote@IsMemoryProtected$qqrpv
@Madremote@Module32First
@Madremote@Module32Next
@Madremote@Process32First
@Madremote@Process32Next
@Madremote@ProcessHandleToId$qqsui
@Madremote@ProtectMemory$qqrpvui
@Madremote@RemoteExecute$qqsuipqqspv$uiruipvui
@Madremote@UnprotectMemory$qqrpvui
@Madremote@UnprotectMemoryAsm$qqrv
@Madremote@initialization$qqrv
@Madstrings@AnsiToWideEx$qqr17System@AnsiStringo
@Madstrings@BooleanToChar$qqro
@Madstrings@CompareStr$qqrx17System@AnsiStringt1
@Madstrings@CompareText$qqrx17System@AnsiStringt1
@Madstrings@CopyR$qqrx17System@AnsiStringui
@Madstrings@DecryptStr$qqr17System@AnsiString
@Madstrings@DeleteR$qqrr17System@AnsiStringui
@Madstrings@ErrorCodeToStr$qqrui
@Madstrings@FileMatch$qqr17System@AnsiStringt1
@Madstrings@FillStr$qqr17System@AnsiStringic
@Madstrings@Finalization$qqrv
@Madstrings@FormatSubStrs$qqrr17System@AnsiStringc
@Madstrings@IntToHexEx$qqriic
@Madstrings@IntToHexEx$qqrjic
@Madstrings@IntToHexEx$qqruiic
@Madstrings@IntToStrEx$qqriic
@Madstrings@IntToStrEx$qqrjic
@Madstrings@IntToStrEx$qqruiic
@Madstrings@IsTextEqual$qqrx17System@AnsiStringt1
@Madstrings@Keep$qqrr17System@AnsiStringuiui
@Madstrings@KeepR$qqrr17System@AnsiStringui
@Madstrings@KillChar$qqrr17System@AnsiStringc
@Madstrings@KillChars$qqrr17System@AnsiStringrx29System@%Set$tc$iuc$0$iuc$255%
@Madstrings@KillStr$qqrr17System@AnsiString17System@AnsiString
@Madstrings@LowChar$qqrxc
@Madstrings@LowStr$qqrx17System@AnsiString
@Madstrings@MsToStr$qqrui
@Madstrings@PosChars$qqrrx29System@%Set$tc$iuc$0$iuc$255%x17System@AnsiStringuiui
@Madstrings@PosPChar$qqrpct1uiuiouiui
@Madstrings@PosStr$qqrx17System@AnsiStringt1uiui
@Madstrings@PosStrIs1$qqrx17System@AnsiStringt1
@Madstrings@PosText$qqrx17System@AnsiStringt1uiui
@Madstrings@PosTextIs1$qqrx17System@AnsiStringt1
@Madstrings@ReplaceStr$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@ReplaceText$qqrr17System@AnsiString17System@AnsiStringt2o
@Madstrings@RetDelete$qqrx17System@AnsiStringuiui
@Madstrings@RetDeleteR$qqrx17System@AnsiStringui
@Madstrings@RetTrimStr$qqrx17System@AnsiString
@Madstrings@SizeToStr$qqrj
@Madstrings@StrMatch$qqr17System@AnsiStringt1
@Madstrings@StrMatchEx$qqr17System@AnsiStringt1
@Madstrings@StrToIntEx$qqropci
@Madstrings@SubStr$qqr17System@AnsiStringuic
@Madstrings@SubStrCount$qqr17System@AnsiStringc
@Madstrings@SubStrExists$qqr17System@AnsiStringt1c
@Madstrings@SubTextExists$qqr17System@AnsiStringt1c
@Madstrings@TextMatch$qqr17System@AnsiStringt1
@Madstrings@TextMatchEx$qqr17System@AnsiStringt1
@Madstrings@TrimStr$qqrr17System@AnsiString
@Madstrings@UpChar$qqrxc
@Madstrings@UpStr$qqrx17System@AnsiString
@Madstrings@WideToAnsiEx$qqrpb
@Madstrings@initialization$qqrv
@Madtools@AddMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@AddMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@COsDescr
@Madtools@DelMsgHandler$qqrpqqruiuiiiri$vuiui
@Madtools@DelMsgHandler$qqrynpqqruiuiiiri$vuiui
@Madtools@FileVersionToStr$qqrj
@Madtools@Finalization$qqrv
@Madtools@FindModule$qqrpvruir17System@AnsiString
@Madtools@GetFileVersion$qqr17System@AnsiString
@Madtools@GetFreeSystemResources$qqrus
@Madtools@GetImageExportDirectory$qqrui
@Madtools@GetImageImportDirectory$qqrui
@Madtools@GetImageNtHeaders$qqrui
@Madtools@GetImageProcAddress$qqrui17System@AnsiString
@Madtools@GetImageProcAddress$qqruii
@Madtools@GetImageProcName$qqruipvo
@Madtools@GetLongFileName$qqr17System@AnsiString
@Madtools@GetShortFileName$qqr17System@AnsiString
@Madtools@InitTryExceptFinally$qqrv
@Madtools@MethodToProcedure$qqrp14System@TObjectpv
@Madtools@MethodToProcedure$qqrrx16Madtypes@TMethod
@Madtools@MsgHandlerWindow$qqrui
@Madtools@OS$qqrv
@Madtools@ProcedureToMethod$qqrp14System@TObjectpv
@Madtools@TickDif$qqrui
@Madtools@Unmangle$qqrr17System@AnsiStringt1
@Madtools@VirtualToRaw$qqrp17_IMAGE_NT_HEADERSui
@Madtools@initialization$qqrv
@Madtypes@Finalization$qqrv
@Madtypes@MadException@
@Madtypes@MadException@$bctr$qqrx17System@AnsiString
@Madtypes@initialization$qqrv
@Sysutils@Exception@$bdtr$qqrv
@Taskbar@Finalization$qqrv
@Taskbar@Register$qqrv
@Taskbar@TIconAnimation@
@Taskbar@TIconAnimation@$bctr$qqrp17Taskbar@TTrayIcon
@Taskbar@TIconAnimation@$bdtr$qqrv
@Taskbar@TIconAnimation@Execute$qqrv
@Taskbar@TTrayIcon@
@Taskbar@TTrayIcon@$bctr$qqrp18Classes@TComponent
@Taskbar@TTrayIcon@$bdtr$qqrv
@Taskbar@TTrayIcon@BeginIconAnimation$qqrv
@Taskbar@TTrayIcon@CallbackWndProc$qqrr17Messages@TMessage
@Taskbar@TTrayIcon@CanIconic$qqrv
@Taskbar@TTrayIcon@DeleteTrayIcon$qqrv
@Taskbar@TTrayIcon@DoDeleteTrayIcon$qqrv
@Taskbar@TTrayIcon@DoSetTrayIcon$qqrv
@Taskbar@TTrayIcon@EndIconAnimation$qqrv
@Taskbar@TTrayIcon@GetBalloonHelp$qqrv
@Taskbar@TTrayIcon@GetBalloonIconType$qqrv
@Taskbar@TTrayIcon@GetBlHelpTitle$qqrv
@Taskbar@TTrayIcon@GetCanBalloonHelp$qqrv
@Taskbar@TTrayIcon@GetChackClick$qqrv
@Taskbar@TTrayIcon@GetFWindow$qqrv
@Taskbar@TTrayIcon@GetIconHandle$qqrv
@Taskbar@TTrayIcon@GetIconID$qqrv
@Taskbar@TTrayIcon@GetResIcon$qqrv
@Taskbar@TTrayIcon@GetTaskTrayHWND$qqrv
@Taskbar@TTrayIcon@GetTipHelp$qqrv
@Taskbar@TTrayIcon@GetToolTipStyle$qqrv
@Taskbar@TTrayIcon@GetUTimeOut$qqrv
@Taskbar@TTrayIcon@HideBalloonHelp$qqrv
@Taskbar@TTrayIcon@IconAnimation$qqrv
@Taskbar@TTrayIcon@Loaded$qqrv
@Taskbar@TTrayIcon@ModifyIcon$qqrv
@Taskbar@TTrayIcon@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Taskbar@TTrayIcon@OnAppMinimizeEvent$qqrp14System@TObject
@Taskbar@TTrayIcon@OnAppRestoreEvent$qqrp14System@TObject
@Taskbar@TTrayIcon@OnIconChangeEvent$qqrp14System@TObject
@Taskbar@TTrayIcon@OnTrayIconChange$qqrv
@Taskbar@TTrayIcon@SetAutoPopup$qqr4bool
@Taskbar@TTrayIcon@SetBalloonHelp$qqr17System@AnsiString
@Taskbar@TTrayIcon@SetBalloonIconType$qqr25Trshlapi@TBalloonIconType
@Taskbar@TTrayIcon@SetBlHelpTitle$qqr17System@AnsiString
@Taskbar@TTrayIcon@SetChackClick$qqr4bool
@Taskbar@TTrayIcon@SetFWindow$qqr4bool
@Taskbar@TTrayIcon@SetIcon$qqrp14Graphics@TIcon
@Taskbar@TTrayIcon@SetIconID$qqri
@Taskbar@TTrayIcon@SetIconIDList$qqrp19Classes@TStringList
@Taskbar@TTrayIcon@SetInterval$qqrui
@Taskbar@TTrayIcon@SetMinimized$qqr4bool
@Taskbar@TTrayIcon@SetTipHelp$qqr17System@AnsiString
@Taskbar@TTrayIcon@SetToolTipStyle$qqrp22Trshlapi@TToolTipStyle
@Taskbar@TTrayIcon@SetTrayIcon$qqrv
@Taskbar@TTrayIcon@SetUTimeOut$qqri
@Taskbar@TTrayIcon@SetVisible$qqr4bool
@Taskbar@TTrayIcon@ShowBalloonHelp$qqrv
@Taskbar@TTrayIcon@ShowBalloonHelpSE$qqr17System@AnsiStringt1i25Trshlapi@TBalloonIconType
@Taskbar@initialization$qqrv
@Trshlapi@Finalization$qqrv
@Trshlapi@GetShellDllVersion$qqrv
@Trshlapi@TCustomToolTipStyle@
@Trshlapi@TCustomToolTipStyle@$bctr$qqrv
@Trshlapi@TCustomToolTipStyle@$bdtr$qqrv
@Trshlapi@TCustomToolTipStyle@Assign$qqrp19Classes@TPersistent
@Trshlapi@TCustomToolTipStyle@DisableTrayIconRect$qqrv
@Trshlapi@TCustomToolTipStyle@DoMouseClick$qqr28Trshlapi@TTrayIconMouseState
@Trshlapi@TCustomToolTipStyle@DoMouseDblClick$qqr28Trshlapi@TTrayIconMouseState
@Trshlapi@TCustomToolTipStyle@DoMouseEnter$qqrv
@Trshlapi@TCustomToolTipStyle@DoMouseExit$qqrv
@Trshlapi@TCustomToolTipStyle@GetColor$qqri
@Trshlapi@TCustomToolTipStyle@GetMouseState$qqr28Trshlapi@TTrayIconMouseState
@Trshlapi@TCustomToolTipStyle@GetTooltipHandle$qqrv
@Trshlapi@TCustomToolTipStyle@GetWaitClickButton$qqrv
@Trshlapi@TCustomToolTipStyle@OnMouseClick$qqr28Trshlapi@TTrayIconMouseState
@Trshlapi@TCustomToolTipStyle@OnMouseEnter$qqrv
@Trshlapi@TCustomToolTipStyle@OnMouseExit$qqrv
@Trshlapi@TCustomToolTipStyle@SetColor$qqri15Graphics@TColor
@Trshlapi@TCustomToolTipStyle@SetCustomToolTip$qqrv
@Trshlapi@TCustomToolTipStyle@SetDefaultToolTip$qqrv
@Trshlapi@TCustomToolTipStyle@SetOwner$qqri
@Trshlapi@TCustomToolTipStyle@TrayIconWndProc$qqrr17Messages@TMessage
@Trshlapi@TCustomToolTipStyle@WndProc$qqrr17Messages@TMessage
@Trshlapi@TTaskTrayIcon@
@Trshlapi@TTaskTrayIcon@$bctr$qqrv
@Trshlapi@TTaskTrayIcon@$bdtr$qqrv
@Trshlapi@TTaskTrayIcon@Assign$qqrp22Trshlapi@TTaskTrayIcon
@Trshlapi@TTaskTrayIcon@BeginUpdate$qqrv
@Trshlapi@TTaskTrayIcon@DeleteTrayIcon$qqrv
@Trshlapi@TTaskTrayIcon@DoMouseEnter$qqrv
@Trshlapi@TTaskTrayIcon@DoMouseExit$qqrv
@Trshlapi@TTaskTrayIcon@EndUpdate$qqrv
@Trshlapi@TTaskTrayIcon@FinishUpdate$qqrv
@Trshlapi@TTaskTrayIcon@GetBalloonHelp$qqrv
@Trshlapi@TTaskTrayIcon@GetBalloonHelpTitle$qqrv
@Trshlapi@TTaskTrayIcon@GetBalloonIconType$qqrv
@Trshlapi@TTaskTrayIcon@GetIconHandle$qqrv
@Trshlapi@TTaskTrayIcon@GetIconRegisted$qqrv
@Trshlapi@TTaskTrayIcon@GetOnTaskTray$qqrv
@Trshlapi@TTaskTrayIcon@GetShellNewVersion$qqrv
@Trshlapi@TTaskTrayIcon@GetTipHelp$qqrv
@Trshlapi@TTaskTrayIcon@GetTrayHandle$qqrv
@Trshlapi@TTaskTrayIcon@GetUTimeOut$qqrv
@Trshlapi@TTaskTrayIcon@HideBalloonHelp$qqrv
@Trshlapi@TTaskTrayIcon@HideTrayIcon$qqrv
@Trshlapi@TTaskTrayIcon@IsCursorInnerRect$qqrii
@Trshlapi@TTaskTrayIcon@ModifyIcon$qqrv
@Trshlapi@TTaskTrayIcon@SetBalloonHelp$qqr17System@AnsiString
@Trshlapi@TTaskTrayIcon@SetBalloonHelpTitle$qqr17System@AnsiString
@Trshlapi@TTaskTrayIcon@SetBalloonIconType$qqr25Trshlapi@TBalloonIconType
@Trshlapi@TTaskTrayIcon@SetIconHandle$qqri
@Trshlapi@TTaskTrayIcon@SetIconRegisted$qqr4bool
@Trshlapi@TTaskTrayIcon@SetOnTaskTray$qqr4bool
@Trshlapi@TTaskTrayIcon@SetTipHelp$qqr17System@AnsiString
@Trshlapi@TTaskTrayIcon@SetTrayIcon$qqrv
@Trshlapi@TTaskTrayIcon@SetUTimeOut$qqri
@Trshlapi@TTaskTrayIcon@ShowBalloonHelp$qqrv
@Trshlapi@TTaskTrayIcon@ShowBalloonHelpSE$qqr17System@AnsiStringt1i25Trshlapi@TBalloonIconType
@Trshlapi@TTaskTrayIcon@TrayWndProc$qqrr17Messages@TMessage
@Trshlapi@TTaskTrayIcon@Updating$qqrv
@Trshlapi@TToolTipStyle@
@Trshlapi@TTrayIconWinProcList@
@Trshlapi@TTrayIconWinProcList@$bctr$qqrv
@Trshlapi@TTrayIconWinProcList@$bdtr$qqrv
@Trshlapi@TTrayIconWinProcList@AddClass$qqrp22Trshlapi@TTaskTrayIcon
@Trshlapi@TTrayIconWinProcList@DeleteClass$qqrp22Trshlapi@TTaskTrayIcon
@Trshlapi@TTrayIconWinProcList@MessageDeliver$qqrir17Messages@TMessage
@Trshlapi@TTrayIconWinProcList@RegisterClass$qqrv
@Trshlapi@TTrayIconWinProcList@UnRegisterClass$qqrv
@Trshlapi@initialization$qqrv
_Form2
__GetExceptDLLinfo
___CPPdebugHook
_frmMain

Sections

.text
Size: 241KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ap0x
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hook.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 612KB

.data Size: 16KB - Virtual size: 104KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 12KB

.edata Size: 13KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 12KB

.reloc Size: 26KB - Virtual size: 44KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 241KB - Virtual size: 588KB

.data Size: 11KB - Virtual size: 56KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 12KB

.edata Size: 21KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 44KB

.reloc Size: - Virtual size: 40KB

.aspack Size: 3KB - Virtual size: 8KB

.adata Size: 512B - Virtual size: 4KB

ap0x Size: 3KB - Virtual size: 12KB

.aspack Size: 3KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 229KB - Virtual size: 612KB

.data
Size: 16KB - Virtual size: 104KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 12KB

.edata
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 12KB

.reloc
Size: 26KB - Virtual size: 44KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 241KB - Virtual size: 588KB

.data
Size: 11KB - Virtual size: 56KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 12KB

.edata
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 44KB

.reloc
Size: - Virtual size: 40KB

.aspack
Size: 3KB - Virtual size: 8KB

.adata
Size: 512B - Virtual size: 4KB

ap0x
Size: 3KB - Virtual size: 12KB

.aspack
Size: 3KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB