0f3084aa54c74d96b344e450b1fafd7b

Sharing

Copy URL Twitter E-mail

General

Target

0f3084aa54c74d96b344e450b1fafd7b
Size

728KB
MD5

0f3084aa54c74d96b344e450b1fafd7b
SHA1

7fa7a3ce0f154769639b9e0c32c62230af742225
SHA256

ebbf91e5a110ed1c42b87217dbe8a9ceddfaee87a02125f42697e96b5f76cbdc
SHA512

b1be0eb47ef7b28f9ac2810d5faaa15cc0dc6bdb4c9d89c67eb4a6e54f023eaff75e7adbba2e74933266f9de2d9bde7a3e0ef10cb637f266702886616f01bb39
SSDEEP

12288:sJF8OmL1dvUTnDMwaeHLMKrD5YiwstgvHbJF8OmL1dtITH+tLnqCSVCrRDb47dhS:WFSxWfKWlrDLwstaFSxDc6LnqCSVCrRf

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kido/CleanSvcVirus.exe
unpack001/Kido/KIDO_CLNR/Kid-Scn.exe
unpack001/Kido/MSVCCL.EXE
unpack001/Kido/Service/NPNON.dll
unpack001/Kido/Service/NPNON.exe
unpack001/Kido/Set_Perm/SetPermission.exe
unpack001/Kido/Set_Perm/regperm.exe
unpack001/Kido/SvcHostEnm.exe
unpack001/Kido/Update NP2005.exe
unpack001/Kido/browlog.exe
unpack001/Kido/ghp2.exe
unpack001/Kido/updateset.exe

Files

0f3084aa54c74d96b344e450b1fafd7b
.zip
Kido/CleanSvcVirus.exe
.exe windows:4 windows x86 arch:x86

5de2fb7c5b3faf8bd89e799e95307697

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

mfc42

ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord693
ord2514
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord2985
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord1576
ord4627
ord3640
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord3996
ord4710
ord2379
ord755
ord470
ord6907
ord3998
ord3302
ord6675
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord5163
ord3370

msvcrt

_controlfp
_setmbcp
_strupr
__CxxFrameHandler
strstr
sprintf
strtok
__dllonexit
_onexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

kernel32

GetStartupInfoA
CreateDirectoryA
WritePrivateProfileStringA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
LocalAlloc

user32

GetSystemMetrics
GetClientRect
DrawIcon
IsIconic
EnableWindow
SendMessageA
LoadIconA

advapi32

RegEnumKeyExA
GetSidLengthRequired
InitializeSid
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
RegCloseKey
RegQueryValueExA
RegOpenKeyA
FreeSid
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/KIDO_CLNR/Kid-Scn.exe
.exe windows:4 windows x86 arch:x86

78fe725e5d47f682665ed4848d30e94e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord800
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord540
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3721
ord3619
ord6055
ord1776
ord5290
ord3402
ord3698
ord1146
ord1168
ord567
ord2302
ord4224
ord3092
ord1641
ord6215
ord4160
ord2863
ord2379
ord755
ord470
ord1105
ord1200
ord6199
ord5875
ord3089
ord4476
ord1134
ord2621
ord2514
ord795
ord765
ord2414
ord641
ord3663
ord3626
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord3749
ord1576

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_onexit
__dllonexit
strrchr
exit
sprintf
strncmp
fgets
fseek
ftell
fread
strtok
atoi
strpbrk
strstr
strchr
strncpy
tolower
isdigit
free
realloc
perror
calloc
malloc
fprintf
_strcmpi
_fstat
_strdup
_exit
fopen
fclose
__CxxFrameHandler
_setmbcp

kernel32

CreateFileMappingA
ReadFile
DeleteFileA
GetLastError
GetSystemInfo
VirtualFree
VirtualAlloc
MapViewOfFile
DuplicateHandle
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetModuleFileNameA
Thread32Next
TerminateThread
GetExitCodeThread
Thread32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetCurrentProcessId
GetShortPathNameA
GetWindowsDirectoryA
GetStartupInfoA
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
CreateFileA
SetLastError
CloseHandle

user32

IsIconic
GetSystemMetrics
GetClientRect
SetCursor
GetSystemMenu
AppendMenuA
SendMessageA
LoadCursorA
LoadIconA
EnableWindow
DrawIcon

gdi32

CreateFontIndirectA
CreateSolidBrush

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/KIDO_CLNR/Kido.db
Kido/MSVCCL.EXE
.exe windows:4 windows x86 arch:x86

11fc5d11355a12e9b808f8fb9e378382

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
StrDupA
SHDeleteKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc42

ord2621
ord1134
ord2575
ord4396
ord3574
ord3721
ord3619
ord3693
ord3402
ord3567
ord1146
ord1168
ord2642
ord6888
ord800
ord4160
ord540
ord2863
ord5981
ord1641
ord4224
ord6215
ord6199
ord2379
ord755
ord609
ord3092
ord6880
ord6197
ord6453
ord5572
ord2915
ord6283
ord6282
ord860
ord823
ord551
ord3811
ord548
ord1105
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5861
ord668
ord3178
ord858
ord3181
ord2781
ord2770
ord356
ord3610
ord541
ord535
ord795
ord602
ord2414
ord656
ord801
ord3663
ord3626
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord6675
ord3302
ord4476
ord2645
ord3998
ord6907
ord4710
ord3996
ord4234
ord2302
ord693
ord324
ord567
ord641
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord825
ord470
ord1576

msvcrt

_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_onexit
__dllonexit
strncpy
_except_handler3
wcslen
wcsncpy
__set_app_type
wcstombs
strtol
srand
rand
fseek
fread
ftell
malloc
fwrite
free
atoi
strtok
exit
printf
strrchr
fgets
strchr
strstr
sprintf
fopen
fputs
fclose
__CxxFrameHandler
wcscpy
_strdup
_strcmpi
_strupr
_strlwr
_setmbcp
_controlfp

kernel32

MoveFileA
GetCurrentProcess
GetVersion
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
DeleteFileA
WritePrivateProfileStringA
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
GetSystemDirectoryA
GetEnvironmentVariableA
CreateDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
ReadFile
CloseHandle
GetComputerNameA
GetLastError
CreateEventA
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
DuplicateHandle
CreatePipe
GetStdHandle
WriteFile
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
GetVersionExA
WinExec
Sleep
SetFileAttributesA
MoveFileExA
SearchPathA
FindNextFileA
FindFirstFileA
GetShortPathNameA
FreeLibrary
GetFileSize
GetProcAddress
MultiByteToWideChar
GetTempPathA
GetTickCount
GetLongPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
WaitForSingleObject
CreateProcessA
GetFileAttributesA
GetFileTime
GetPrivateProfileIntA
CopyFileA
SetFilePointer
GetWindowsDirectoryA
SetEvent

user32

SetCursor
wsprintfA
MessageBoxA
GetWindowRect
IsIconic
GetSystemMetrics
GetCursorPos
GetSubMenu
LoadMenuA
KillTimer
DrawIcon
GetClientRect
GetSystemMenu
AppendMenuA
LoadIconA
SendMessageA
EnableWindow
LoadCursorA

gdi32

CreateSolidBrush
CreateFontA

advapi32

RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSidLengthRequired
InitializeSid
RegOpenKeyExA
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegEnumKeyExA
FreeSid
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegEnumKeyA
QueryServiceConfigA
CloseServiceHandle
OpenServiceA
GetServiceKeyNameA
OpenSCManagerA
ChangeServiceConfigA
ControlService
SetNamedSecurityInfoA
SetSecurityDescriptorOwner
GetTokenInformation
GetLengthSid

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/Readme.txt.txt
Kido/Service/NPNON.dll
.dll windows:4 windows x86 arch:x86

979d376a93acfe09aa5f7356b00e2943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

mfc42

ord825
ord1168
ord1253
ord342
ord823
ord1182
ord540
ord800
ord5572
ord2818
ord2915

msvcrt

_adjust_fdiv
malloc
__CxxFrameHandler
rand
_initterm
fopen
fclose
free
printf
sprintf
calloc
_iob
fprintf
srand

kernel32

DisableThreadLibraryCalls
GetComputerNameA
GetLastError
GetCurrentProcessId
LocalFree
LocalAlloc
DeleteFileA
ExitProcess
CreateMutexA

advapi32

FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kido/Service/NPNON.exe
.exe windows:4 windows x86 arch:x86

481217fb1b2e39b49f416237c784fbd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetModuleFileNameA
CopyFileA
ExitProcess
GlobalAlloc
GlobalFree
GetStringTypeA
LCMapStringW
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
SetFilePointer
MultiByteToWideChar
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
LCMapStringA
GetStringTypeW

advapi32

RegCloseKey
RegCreateKeyExW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shlwapi

PathFileExistsA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Kido/Set_Perm/SetPermission.exe
.exe windows:4 windows x86 arch:x86

ce606ef74b9f69d64cf077d6e869e311

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord609
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord4486
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord1576
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord4224
ord6375
ord4274
ord4673
ord6052
ord3749

msvcrt

_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
strrchr
exit
sprintf
__CxxFrameHandler
_setmbcp

kernel32

WinExec
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetShortPathNameA

user32

AppendMenuA
GetSystemMenu
DrawIcon
SendMessageA
GetSystemMetrics
IsIconic
EnableWindow
GetClientRect
LoadIconA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/Set_Perm/regperm.exe
.exe windows:4 windows x86 arch:x86

52da7a189ba1fb414d6d5deb79355148

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalFree
GlobalFree
GlobalAlloc
GetLastError
LoadLibraryExA
FreeLibrary
FormatMessageA
GetModuleFileNameA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
CloseHandle

advapi32

RegCloseKey
RegEnumKeyExA
RegGetKeySecurity
GetSecurityDescriptorDacl
SetEntriesInAclA
LookupAccountNameA
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
InitializeSecurityDescriptor
InitializeAcl
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Kido/SvcHostEnm.exe
.exe windows:4 windows x86 arch:x86

54d97637252810cd3e80bcfc2ff12705

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetVersionExA
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
DeleteFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
GetCPInfo
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetModuleFileNameA
GetPrivateProfileSectionNamesA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
SetFilePointer
CreateFileA
VirtualAlloc
HeapReAlloc

user32

LoadIconA
SendMessageA
EnableWindow
SetWindowTextA
MessageBoxA
EndDialog
IsDlgButtonChecked
DialogBoxParamA
GetDlgItem

gdi32

SetBkMode
CreatePen
SetTextColor

advapi32

RegCloseKey
RegQueryInfoKeyA
GetSidLengthRequired
InitializeSid
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegEnumKeyExA
FreeSid
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteA

shlwapi

PathFileExistsA
SHDeleteKeyA

comctl32

ord17

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/Update NP2005.exe
.exe windows:4 windows x86 arch:x86

56d1375e6dc617a13a8b6cbb94d0b078

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
__vbaPut3
_adj_fdiv_m64
__vbaPut4
__vbaNextEachVar
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaStrCat
__vbaForEachCollAd
ord553
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
ord661
__vbaHresultCheckObj
ord662
ord557
ord558
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaLateMemSt
__vbaExitProc
ord300
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
__vbaStrFixstr
__vbaBoolVar
ord705
ord309
__vbaFpR8
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
ord709
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaAryConstruct2
__vbaGet4
__vbaI2I4
ord561
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
ord538
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaR8Str
ord648
ord570
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaVarMod
ord616
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaI2ErrVar
__vbaCastObj
ord618
__vbaForEachVar
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/browlog.exe
.exe windows:4 windows x86 arch:x86

11fc5d11355a12e9b808f8fb9e378382

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
StrDupA
SHDeleteKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc42

ord2621
ord1134
ord2575
ord4396
ord3574
ord3721
ord3619
ord3693
ord3402
ord3567
ord1146
ord1168
ord2642
ord6888
ord800
ord4160
ord540
ord2863
ord5981
ord1641
ord4224
ord6215
ord6199
ord2379
ord755
ord609
ord3092
ord6880
ord6197
ord6453
ord5572
ord2915
ord6283
ord6282
ord860
ord823
ord551
ord3811
ord548
ord1105
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5861
ord668
ord3178
ord858
ord3181
ord2781
ord2770
ord356
ord3610
ord541
ord535
ord795
ord602
ord2414
ord656
ord801
ord3663
ord3626
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord6675
ord3302
ord4476
ord2645
ord3998
ord6907
ord4710
ord3996
ord4234
ord2302
ord693
ord324
ord567
ord641
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord1776
ord4078
ord6055
ord2582
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord825
ord470
ord1576

msvcrt

_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_exit
_onexit
__dllonexit
strncpy
_except_handler3
wcslen
wcsncpy
__set_app_type
wcstombs
strtol
srand
rand
fseek
fread
ftell
malloc
fwrite
free
atoi
strtok
exit
printf
strrchr
fgets
strchr
strstr
sprintf
fopen
fputs
fclose
__CxxFrameHandler
wcscpy
_strdup
_strcmpi
_strupr
_strlwr
_setmbcp
_controlfp

kernel32

MoveFileA
GetCurrentProcess
GetVersion
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
DeleteFileA
WritePrivateProfileStringA
LocalAlloc
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
GetSystemDirectoryA
GetEnvironmentVariableA
CreateDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
ReadFile
CloseHandle
GetComputerNameA
GetLastError
CreateEventA
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
DuplicateHandle
CreatePipe
GetStdHandle
WriteFile
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
GetVersionExA
WinExec
Sleep
SetFileAttributesA
MoveFileExA
SearchPathA
FindNextFileA
FindFirstFileA
GetShortPathNameA
FreeLibrary
GetFileSize
GetProcAddress
MultiByteToWideChar
GetTempPathA
GetTickCount
GetLongPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
WaitForSingleObject
CreateProcessA
GetFileAttributesA
GetFileTime
GetPrivateProfileIntA
CopyFileA
SetFilePointer
GetWindowsDirectoryA
SetEvent

user32

SetCursor
wsprintfA
MessageBoxA
GetWindowRect
IsIconic
GetSystemMetrics
GetCursorPos
GetSubMenu
LoadMenuA
KillTimer
DrawIcon
GetClientRect
GetSystemMenu
AppendMenuA
LoadIconA
SendMessageA
EnableWindow
LoadCursorA

gdi32

CreateSolidBrush
CreateFontA

advapi32

RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSidLengthRequired
InitializeSid
RegOpenKeyExA
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegEnumKeyExA
FreeSid
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegEnumKeyA
QueryServiceConfigA
CloseServiceHandle
OpenServiceA
GetServiceKeyNameA
OpenSCManagerA
ChangeServiceConfigA
ControlService
SetNamedSecurityInfoA
SetSecurityDescriptorOwner
GetTokenInformation
GetLengthSid

shell32

ShellExecuteExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/db.ini
Kido/ghp2.exe
.exe windows:4 windows x86 arch:x86

9c51078c1ca96db482ad433c601b8be2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathFileExistsA

mfc42

ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord5289
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord1576
ord3597
ord324
ord4234
ord1146
ord1168
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord4224
ord2820
ord547
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord1775
ord4425

msvcrt

__set_app_type
_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
malloc
fopen
fwrite
free
fclose
strstr
strrchr
__CxxFrameHandler
_setmbcp
_strcmpi

kernel32

MoveFileExA
GetStartupInfoA
GetModuleHandleA
SetFileAttributesA
CreateFileA
MoveFileA
GetModuleFileNameA
FindClose
FindFirstFileA
GetSystemDirectoryA
DeleteFileA
GetTempPathA
GetVersionExA
ReadFile
SetFilePointer
GetLastError
GetFileSize
UnmapViewOfFile
IsBadReadPtr
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
CloseHandle
CopyFileA

user32

LoadIconA
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
wsprintfA
EnableWindow

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kido/updateset.exe
.exe windows:4 windows x86 arch:x86

b9c4b34c4b7df84068af403558f18dbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
DeleteFileA
CreateDirectoryA
GetSystemDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
GetStringTypeW

user32

LoadIconA
SendMessageA
DialogBoxParamA
EndDialog
MessageBoxA

shlwapi

PathFileExistsA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5de2fb7c5b3faf8bd89e799e95307697

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

78fe725e5d47f682665ed4848d30e94e

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 236KB

.rsrc Size: 8KB - Virtual size: 4KB

11fc5d11355a12e9b808f8fb9e378382

Headers

File Characteristics

Imports

shlwapi

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 16KB

979d376a93acfe09aa5f7356b00e2943

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

advapi32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 4KB - Virtual size: 534B

481217fb1b2e39b49f416237c784fbd7

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 24KB - Virtual size: 21KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 236KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 4KB - Virtual size: 534B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 568B

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 20KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 380KB - Virtual size: 378KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 16KB