9a19a1059595689db06d117c4b0aa97f

Sharing

Copy URL Twitter E-mail

General

Target

9a19a1059595689db06d117c4b0aa97f
Size

994KB
MD5

9a19a1059595689db06d117c4b0aa97f
SHA1

c2d4d4ed87f652c6e8ea1f552e47872e2d4a0519
SHA256

f67346966c9cbb7423123ed49ed727b9632b7d618c9a6fc06a1fe1bb737946f9
SHA512

bd4f519501fb7eebe95854cce681d13b228c69942a0103d627e5f38be746460090c04ca2a0d4682c838b570a533b7866ff008051e935d4a57949ac7461b5ded9
SSDEEP

24576:OfteiI7fe58P4irVHGhM00mI0Qy3nrBPsb9EtVyvv6:0IiIacrwi7y3ntOFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/znwb5807.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/chenbfck.exe
unpack002/chenbmxg.exe
unpack002/chencksz.exe
unpack002/chenhfck.exe
unpack002/chenhu2.ime
unpack002/chenhu4.ime
unpack002/chenxf.exe
unpack002/chenznwb.exe
unpack002/uninst.exe
unpack003/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/znwb5807.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

9a19a1059595689db06d117c4b0aa97f
.rar
znwb5807.exe
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
big5hz.ov1
chen1.wav
chen2.wav
chenbfck.exe
.exe windows:4 windows x86 arch:x86

a1cfad95790962adda669fad8822c145

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
_lopen
_llseek
_lread
GlobalLock
GetModuleHandleA
GetStartupInfoA
CopyFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
lstrlenA
SetHandleCount
_lclose
GlobalAlloc
GetCommandLineA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GlobalUnlock
GlobalFree
lstrcpyA
GetEnvironmentStringsW
TerminateProcess
GetEnvironmentStrings
GetVersion
ExitProcess
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

TranslateMessage
GetActiveWindow
InvalidateRect
DispatchMessageA
GetMessageA
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
SetRect
CreateWindowExA
GetSystemMetrics
SetActiveWindow
PostQuitMessage
SetWindowTextA
SetFocus
DefWindowProcA
GetWindowTextA
wsprintfA
PostMessageA
EndPaint
BeginPaint

gdi32

SelectObject
DeleteDC
StretchBlt
CreateDIBitmap
CreateCompatibleDC
GetStockObject
TextOutA
SetTextColor
SetBkColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
LineTo

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chenbmxg.exe
.exe windows:4 windows x86 arch:x86

804d4bb129a0878f9e1ececf7639fb14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CloseHandle
OpenFileMappingA
_lcreat
MapViewOfFile
GetShortPathNameA
CreateProcessA
_lwrite
lstrcpyA
_llseek
GetSystemDirectoryA
_lopen
GlobalAlloc
GetModuleHandleA
GetStartupInfoA
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryA
LCMapStringA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
WriteFile
GetACP
HeapFree
VirtualFree
lstrlenA
RtlUnwind
GetCommandLineA
_lread
GetVersion
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GlobalLock
_lclose
GlobalUnlock
GlobalFree
TerminateProcess
GetModuleFileNameA
GetEnvironmentStrings
ExitProcess
UnhandledExceptionFilter
GetCurrentProcess
FreeEnvironmentStringsA

user32

SetRect
TranslateMessage
CreateWindowExA
LoadAcceleratorsA
DispatchMessageA
GetMessageA
LoadCursorA
GetActiveWindow
RegisterClassA
ShowWindow
LoadIconA
UpdateWindow
GetSystemMetrics
EndPaint
EndDialog
GetDlgItemTextA
PostQuitMessage
SetActiveWindow
GetWindowTextA
SetFocus
DefWindowProcA
DialogBoxParamA
PostMessageA
InvalidateRect
SetWindowTextA
BeginPaint
wsprintfA

gdi32

SetTextColor
CreateFontA
GetStockObject
SelectObject
SetBkColor
SetBkMode
TextOutA
LineTo
MoveToEx
DeleteObject
CreateCompatibleDC
CreateDIBitmap
Rectangle
DeleteDC
StretchBlt

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chencksz.exe
.exe windows:4 windows x86 arch:x86

798f20650adeed436b50441dd0387ed0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
OpenFileMappingA
MapViewOfFile
GetShortPathNameA
GetModuleFileNameA
GetSystemDirectoryA
_lwrite
_lcreat
lstrlenA
_llseek
lstrcpyA
_lopen
UnmapViewOfFile
GlobalAlloc
GetModuleHandleA
GlobalFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetVersion
GetStartupInfoA
VirtualFree
_lread
HeapFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GlobalLock
_lclose
GlobalUnlock
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess

user32

TranslateMessage
DispatchMessageA
GetMessageA
GetActiveWindow
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
MessageBoxA
GetSystemMetrics
InvalidateRect
DialogBoxParamA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SendDlgItemMessageA
GetDC
ReleaseDC
SetActiveWindow
PostQuitMessage
SetRect
BeginPaint
wsprintfA
EndPaint
DefWindowProcA
PostMessageA

gdi32

SetTextColor
SelectObject
TextOutA
SetBkColor
GetStockObject
CreateFontA
DeleteObject
SetBkMode
MoveToEx
Rectangle
LineTo
CreateDIBitmap
DeleteDC
StretchBlt
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chencyzk.chh
chencyzk.txt
chendhz.chh
chendwdw.txt
chengbk.ovl
chenhfck.exe
.exe windows:4 windows x86 arch:x86

7fe6926658d6fb3ba0efb414d0e2d86d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
_lopen
_llseek
_lread
GlobalLock
GetModuleHandleA
GetStartupInfoA
CopyFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
lstrlenA
SetHandleCount
_lclose
GlobalAlloc
GetCommandLineA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GlobalUnlock
GlobalFree
lstrcpyA
GetEnvironmentStringsW
TerminateProcess
GetEnvironmentStrings
GetVersion
ExitProcess
GetModuleFileNameA
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

TranslateMessage
GetActiveWindow
InvalidateRect
DispatchMessageA
GetMessageA
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
SetRect
CreateWindowExA
GetSystemMetrics
SetActiveWindow
PostQuitMessage
SetWindowTextA
SetFocus
DefWindowProcA
GetWindowTextA
wsprintfA
PostMessageA
EndPaint
BeginPaint

gdi32

SelectObject
DeleteDC
StretchBlt
CreateDIBitmap
CreateCompatibleDC
GetStockObject
TextOutA
SetTextColor
SetBkColor
MoveToEx
SetBkMode
Rectangle
DeleteObject
LineTo

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chenhu2.ime
.dll windows:4 windows x86 arch:x86

cf3a79eeb2fb878eb9dd96cd0d5597cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

kernel32

CopyFileA
lstrlenW
GlobalAddAtomA
MapViewOfFile
OpenFileMappingA
CloseHandle
DeleteFileA
GetFileTime
CreateFileMappingA
_llseek
UnmapViewOfFile
FileTimeToSystemTime
CreateProcessA
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetFileAttributesA
SetFileAttributesA
_lcreat
_lwrite
IsValidCodePage
GetSystemTime
lstrcatA
GetSystemDirectoryA
_lopen
_lread
_lclose
GetShortPathNameA
GetTickCount
lstrlenA
GetStringTypeA
GetOEMCP
LoadLibraryA
LCMapStringW
LCMapStringA
GetACP
MultiByteToWideChar
HeapReAlloc
GetCPInfo
WriteFile
VirtualFree
VirtualAlloc
HeapDestroy
GetEnvironmentStringsW
HeapCreate
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleFileNameA
GetStartupInfoA
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetVersion
GetProcAddress
DeleteCriticalSection
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
HeapAlloc
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetCurrentThreadId
HeapFree
GetCommandLineA
ExitThread
TlsSetValue
CreateThread
InitializeCriticalSection
GetLastError
GetStringTypeW
ResumeThread

user32

LoadCursorA
MoveWindow
RegisterClassExA
SendMessageA
OpenClipboard
ShowWindow
UnregisterClassA
MessageBoxA
wsprintfA
MessageBeep
DefWindowProcA
SetActiveWindow
SetFocus
DestroyWindow
IsWindow
SetTimer
KillTimer
PostMessageA
SetWindowPos
GetWindowLongA
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
keybd_event
FindWindowA
GetClassNameA
GetParent
GetFocus
PostMessageW
CloseClipboard
SendDlgItemMessageA
GetClipboardData
PtInRect
EndDialog
GetKeyboardLayout
LoadBitmapA
BringWindowToTop
GetDesktopWindow
GetSubMenu
SetCursor
LoadMenuA
GetActiveWindow
TrackPopupMenu
DestroyMenu
BeginPaint
ScreenToClient
SetWindowRgn
SystemParametersInfoA
GetClientRect
EndPaint
GetCursorPos
IsWindowVisible
CreateWindowExA
GetWindowRect
SetWindowLongA
SetCapture
GetKeyboardLayoutList
ReleaseCapture
GetSystemMetrics
DialogBoxParamA

gdi32

DeleteObject
SelectObject
DeleteDC
MoveToEx
GetStockObject
GetTextExtentPointA
PatBlt
CreateDCA
CombineRgn
CreateRectRgn
SetBkColor
SetTextColor
SetBkMode
CreatePen
LineTo
TextOutA
CreateRoundRectRgn
Rectangle
CreateFontA
GetClipBox
TextOutW
GetTextMetricsA
GetDeviceCaps
StretchBlt
CreateCompatibleDC
CreateDIBitmap

shell32

ShellExecuteA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

winmm

PlaySoundA

imm32

ImmUnlockIMC
ImmLockIMC
ImmReSizeIMCC
ImmUnlockIMCC
ImmLockIMCC
ImmGetIMEFileNameA
ImmGenerateMessage
ImmGetOpenStatus

Exports

Exports

CandWndProc
CompWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hchenhuz
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chenhu4.ime
.dll windows:4 windows x86 arch:x86

cf3a79eeb2fb878eb9dd96cd0d5597cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

kernel32

CopyFileA
lstrlenW
GlobalAddAtomA
MapViewOfFile
OpenFileMappingA
CloseHandle
DeleteFileA
GetFileTime
CreateFileMappingA
_llseek
UnmapViewOfFile
FileTimeToSystemTime
CreateProcessA
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetFileAttributesA
SetFileAttributesA
_lcreat
_lwrite
IsValidCodePage
GetSystemTime
lstrcatA
GetSystemDirectoryA
_lopen
_lread
_lclose
GetShortPathNameA
GetTickCount
lstrlenA
GetStringTypeA
GetOEMCP
LoadLibraryA
LCMapStringW
LCMapStringA
GetACP
MultiByteToWideChar
HeapReAlloc
GetCPInfo
WriteFile
VirtualFree
VirtualAlloc
HeapDestroy
GetEnvironmentStringsW
HeapCreate
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleFileNameA
GetStartupInfoA
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetFileType
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetVersion
GetProcAddress
DeleteCriticalSection
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
HeapAlloc
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetCurrentThreadId
HeapFree
GetCommandLineA
ExitThread
TlsSetValue
CreateThread
InitializeCriticalSection
GetLastError
GetStringTypeW
ResumeThread

user32

LoadCursorA
MoveWindow
RegisterClassExA
SendMessageA
OpenClipboard
ShowWindow
UnregisterClassA
MessageBoxA
wsprintfA
MessageBeep
DefWindowProcA
SetActiveWindow
SetFocus
DestroyWindow
IsWindow
SetTimer
KillTimer
PostMessageA
SetWindowPos
GetWindowLongA
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
keybd_event
FindWindowA
GetClassNameA
GetParent
GetFocus
PostMessageW
CloseClipboard
SendDlgItemMessageA
GetClipboardData
PtInRect
EndDialog
GetKeyboardLayout
LoadBitmapA
BringWindowToTop
GetDesktopWindow
GetSubMenu
SetCursor
LoadMenuA
GetActiveWindow
TrackPopupMenu
DestroyMenu
BeginPaint
ScreenToClient
SetWindowRgn
SystemParametersInfoA
GetClientRect
EndPaint
GetCursorPos
IsWindowVisible
CreateWindowExA
GetWindowRect
SetWindowLongA
SetCapture
GetKeyboardLayoutList
ReleaseCapture
GetSystemMetrics
DialogBoxParamA

gdi32

DeleteObject
SelectObject
DeleteDC
MoveToEx
GetStockObject
GetTextExtentPointA
PatBlt
CreateDCA
CombineRgn
CreateRectRgn
SetBkColor
SetTextColor
SetBkMode
CreatePen
LineTo
TextOutA
CreateRoundRectRgn
Rectangle
CreateFontA
GetClipBox
TextOutW
GetTextMetricsA
GetDeviceCaps
StretchBlt
CreateCompatibleDC
CreateDIBitmap

shell32

ShellExecuteA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

winmm

PlaySoundA

imm32

ImmUnlockIMC
ImmLockIMC
ImmReSizeIMCC
ImmUnlockIMCC
ImmLockIMCC
ImmGetIMEFileNameA
ImmGenerateMessage
ImmGetOpenStatus

Exports

Exports

CandWndProc
CompWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hchenhuz
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chenhu5.com
chenjfk.ov1
chenpymb.ov1
chenskfh.chh
chenszsj.chh
chenxf.exe
.exe windows:4 windows x86 arch:x86

77785f0d6d97db0c0200f36ce5f6be23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
LCMapStringW
CloseHandle
GetStringTypeW
LCMapStringA
SetStdHandle
LoadLibraryA
GetStringTypeA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
MultiByteToWideChar
GetACP
GetLastError
WriteFile
SetFilePointer
HeapFree
VirtualFree
RtlUnwind
GlobalFree
ExitProcess
HeapDestroy
lstrcpyA
lstrlenA
GetVersion
_lopen
_llseek
_lread
GlobalAlloc
GlobalLock
_lclose
GlobalUnlock
GetModuleHandleA
FreeEnvironmentStringsA
GetFileType
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

user32

LoadAcceleratorsA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
GetActiveWindow
RegisterClassA
ShowWindow
LoadIconA
UpdateWindow
InvalidateRect
CreateWindowExA
GetSystemMetrics
DialogBoxParamA
SendDlgItemMessageA
EndDialog
SetActiveWindow
MessageBoxA
BeginPaint
PostQuitMessage
SetRect
DefWindowProcA
wsprintfA
EndPaint

gdi32

CreateDIBitmap
DeleteDC
DeleteObject
GetStockObject
TextOutA
CreateCompatibleDC
StretchBlt
SetTextColor
SelectObject
Rectangle
MoveToEx
LineTo
SetBkMode

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chenynhz.txt
chenzdfh.chh
chenzdfh.txt
chenzdym.chh
chenzdym.txt
chenznwb.exe
.exe windows:4 windows x86 arch:x86

d77deaa37d3ed281d13b47744f41addc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetVersion
SetCurrentDirectoryA
GetModuleFileNameA
MapViewOfFile
GetLogicalDriveStringsA
lstrlenA
lstrcpyA
GetOEMCP
GetSystemDirectoryA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
_lwrite
_lcreat
_lopen
_llseek
GlobalAlloc
GlobalLock
_lclose
_lread
GlobalFree
GlobalUnlock
UnmapViewOfFile
OpenFileMappingA
CloseHandle
LCMapStringW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetACP
LCMapStringA
GetCPInfo
WinExec
HeapFree
VirtualFree
RtlUnwind
HeapDestroy
GetFileType
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetCurrentProcess
FreeEnvironmentStringsA
ExitProcess
GetCommandLineA
TerminateProcess
GetModuleHandleA
WriteFile
GetStringTypeW
GetStartupInfoA

user32

LoadCursorA
LoadIconA
CreateWindowExA
LoadAcceleratorsA
GetMessageA
DispatchMessageA
TranslateMessage
UpdateWindow
ShowWindow
DialogBoxParamA
GetSystemMetrics
GetWindowTextA
MessageBoxA
InvalidateRect
PostMessageA
EndPaint
DefWindowProcA
SetRect
wsprintfA
BeginPaint
SetWindowsHookExA
GetDlgItemTextA
ReleaseDC
ActivateKeyboardLayout
SetDlgItemTextA
GetActiveWindow
CallNextHookEx
SendMessageA
EndDialog
SetFocus
SetWindowTextA
UnhookWindowsHookEx
SetActiveWindow
PostQuitMessage
GetDC
RegisterClassA
LoadKeyboardLayoutA
GetKeyboardLayoutList

gdi32

TextOutA
GetStockObject
SetBkColor
SetBkMode
SelectObject
CreateFontA
GetTextExtentPoint32A
GetTextMetricsA
DeleteObject
LineTo
MoveToEx
Rectangle
DeleteDC
StretchBlt
CreateCompatibleDC
CreateDIBitmap
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

imm32

ImmGetDescriptionA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chfz0.bmp
chfz1.bmp
chfz2.bmp
chfz3.bmp
chfz4.bmp
chgbkbh.chh
chpyjm1.txt
chpykey0.txt
chpykey1.txt
chpykey2.txt
chpykey3.txt
chpykey4.txt
chpykey5.txt
chszsj01.chh
chszsj02.chh
chszsj03.chh
chszsj04.chh
chszsj43.chh
chszsj44.chh
chszsjpy.chh
chver.obj
.html
chver.txt
chwbjm.txt
chword.chh
chznwb11.bmp
chznwb12.bmp
chznwb13.bmp
chznwb14.bmp
chznwb15.bmp
chznwb16.bmp
chznwb17.bmp
chznwb18.bmp
chznwb21.bmp
chznwb22.bmp
chznwb23.bmp
chznwb24.bmp
chznwb25.bmp
chznwb26.bmp
chznwb27.bmp
chznwb28.bmp
chznwb31.bmp
chznwb32.bmp
chznwb33.bmp
chznwb34.bmp
chznwb41.bmp
chznwb51.bmp
chznwb52.bmp
cwb.ov1
cwbzlcz1.txt
filet.dat
.html
jfhzb.txt
pyqspmb.txt
softkey.txt
ssbl2.bmp
ssbl21.bmp
ssblc1.bmp
ssblc2.bmp
uninst.exe
.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
SetFileTime
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uwb.chh
znwb1.bmp
znwb2.bmp
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 290KB

.ndata Size: - Virtual size: 280KB

.rsrc Size: 27KB - Virtual size: 28KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

a1cfad95790962adda669fad8822c145

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

804d4bb129a0878f9e1ececf7639fb14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

798f20650adeed436b50441dd0387ed0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

7fe6926658d6fb3ba0efb414d0e2d86d

Headers

File Characteristics

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 290KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 24KB

hchenhuz
Size: 4KB - Virtual size: 324B

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 23KB

hchenhuz
Size: 4KB - Virtual size: 324B

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 2KB