9866c005fe8d669888d8f695b5afedb5

Sharing

Copy URL Twitter E-mail

General

Target

9866c005fe8d669888d8f695b5afedb5
Size

1.5MB
MD5

9866c005fe8d669888d8f695b5afedb5
SHA1

5b1021981f5bf5009b87c83bb6b10a08ebfa8fa2
SHA256

df5354c5111b2ffaa45da6510f3f3ca7cb00b297a0be758a0aca678cf2fea05e
SHA512

3cbfac3b96e4816fd6d79c858715ec211c0523289468bdbf089f2f27073918e3df2e6d00dda859cc2294b2ebdf46c3ba50ffb7d719dde66bddff5ff894e3933b
SSDEEP

24576:A5jOYVzWF9IKrABDhlHuQgN4+8brs8uC03+lxaI3h5DZQYfhbZ+lDbUTs:wOYQFABfuNm+krCulImh5yY+nL

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 10 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/远程协助监控程序/远程协助监控-[控制端]/EThread.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[控制端]/iext.fnr	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[控制端]/krnln.fnr	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[控制端]/shell.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[控制端]/xwx.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[被控制端]/eAPI.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[被控制端]/eImgConverter.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[被控制端]/krnln.fnr	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[被控制端]/shell.fne	aspack_v212_v242
static1/unpack001/远程协助监控程序/远程协助监控-[被控制端]/xwx.fne	aspack_v212_v242

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/远程协助监控程序/远程协助监控-[控制端]/EThread.fne
unpack001/远程协助监控程序/远程协助监控-[控制端]/WININET.DLL
unpack001/远程协助监控程序/远程协助监控-[控制端]/iext.fnr
unpack001/远程协助监控程序/远程协助监控-[控制端]/krnln.fnr
unpack001/远程协助监控程序/远程协助监控-[控制端]/shell.fne
unpack001/远程协助监控程序/远程协助监控-[控制端]/xwx.fne
unpack001/远程协助监控程序/远程协助监控-[控制端]/远程协助监控-[控制端].exe
unpack001/远程协助监控程序/远程协助监控-[被控制端]/eAPI.fne
unpack001/远程协助监控程序/远程协助监控-[被控制端]/eImgConverter.fne
unpack001/远程协助监控程序/远程协助监控-[被控制端]/krnln.fnr
unpack001/远程协助监控程序/远程协助监控-[被控制端]/shell.fne
unpack001/远程协助监控程序/远程协助监控-[被控制端]/xwx.fne
unpack001/远程协助监控程序/远程协助监控-[被控制端]/远程协助监控-[被控制端].exe

Files

9866c005fe8d669888d8f695b5afedb5
.rar
远程协助监控程序/gmxz.htm
.html
远程协助监控程序/help.txt
远程协助监控程序/read.txt
远程协助监控程序/下载说明.htm
.html .js polyglot
远程协助监控程序/远程协助监控-[控制端]/21.skn
远程协助监控程序/远程协助监控-[控制端]/EThread.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[控制端]/WININET.DLL
.dll windows:5 windows x86 arch:x86

f81cfbf7eea6aefa1cdc69460a876678

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegCreateKeyExW

crypt32

CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrA
CertControlStore
CertNameToStrA
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertCloseStore
CertFindExtension
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

kernel32

ExpandEnvironmentStringsA
SuspendThread
TerminateThread
GetACP
RtlMoveMemory
ResetEvent
CreateThread
Sleep
SetErrorMode
FormatMessageA
lstrcatA
SystemTimeToFileTime
GetTickCount
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
GetDateFormatA
GetTimeFormatA
lstrcpyA
InterlockedCompareExchange
GetCurrentThread
GetCurrentProcess
IsBadReadPtr
ExitThread
GlobalFree
IsBadStringPtrW
DeleteFileA
IsBadCodePtr
IsBadWritePtr
SleepEx
GetModuleFileNameA
GetSystemTime
WritePrivateProfileStringA
WriteFile
SetFilePointer
ReadFile
FileTimeToSystemTime
LocalReAlloc
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
IsBadStringPtrA
CreateEventA
SetEvent
lstrcmpA
WaitForSingleObject
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
GetFileTime
ReleaseSemaphore
CreateSemaphoreA
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
GetVersion
CompareStringA
GetFileAttributesA
GetEnvironmentVariableA
GetWindowsDirectoryA
RemoveDirectoryA
GetShortPathNameA
FileTimeToDosDateTime
SetFileAttributesA
CreateDirectoryA
GetPrivateProfileStringA
SetFileTime
CopyFileA
DeviceIoControl
GetDiskFreeSpaceA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DosDateTimeToFileTime
FlushViewOfFile
IsDBCSLeadByte
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
SetEndOfFile
GetUserDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameA
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
MultiByteToWideChar
GetProcAddress
LoadLibraryA
lstrcmpiA
GetLastError
FreeLibrary
lstrcpynA
lstrlenA
WideCharToMultiByte
InterlockedExchange
CloseHandle
OpenEventA
LeaveCriticalSection
EnterCriticalSection
SetLastError
LocalFree
GetVersionExA
GetFileSize
CreateFileA
GetSystemDirectoryA
lstrlenW
RaiseException
GetModuleHandleA
OpenMutexA

msvcrt

memchr
isdigit
strpbrk
isspace
isalnum
time
strtoul
_ftol
ispunct
iscntrl
isalpha
_purecall
_CxxThrowException
wcsncpy
sprintf
wcscat
wcsstr
wcslen
rand
_wtoi
wcscpy
_wcsnicmp
wcstok
_wcsicmp
wcscmp
malloc
free
realloc
_except_handler3
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
srand
isxdigit

oleaut32

SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashA
PathRemoveFileSpecA
StrNCatA
ord419
StrChrA
ord215
SHDeleteKeyA
StrCmpNIW
ord342
wvnsprintfA
ord52
ord57
ord308
ord260
StrCmpNIA
StrStrA
ord151
ord217
UrlCombineW
UrlCanonicalizeW
ord340
UrlCombineA
UrlCanonicalizeA
ord153
PathCreateFromUrlA
UrlUnescapeA
StrNCatW
StrToIntW
StrCpyW
ord68
ord95
ord136
StrStrIA
StrCmpW
SHRegGetUSValueA
PathFindFileNameA
ord157
StrCmpNA
StrToIntA
StrCatBuffA
StrRChrA
StrCmpIW
ord59
ord107
SHSetValueW
ord356
ord437
ord309
StrStrIW
SHGetValueW
SHSetValueA
SHGetValueA
wnsprintfA
wnsprintfW
StrCpyNW
ord80
ord97
ord83
ord138
StrCatBuffW
ord310
ord311
ord143

user32

RegisterClassA
IntersectRect
EqualRect
wsprintfW
LoadIconA
LoadImageA
DestroyIcon
SetForegroundWindow
EnumChildWindows
SetWindowTextA
GetParent
GetWindowRect
ScreenToClient
SetWindowPos
SendDlgItemMessageA
WinHelpA
CharNextExA
IsWindow
IsCharAlphaNumericA
SendMessageA
PostMessageA
FindWindowA
LoadStringA
ShowWindow
GetDesktopWindow
wsprintfA
CharLowerA
DestroyWindow
IsDlgButtonChecked
EnableWindow
SetFocus
GetDlgItem
EndDialog
CheckDlgButton
CreateWindowExA
RegisterWindowMessageA
KillTimer
SetTimer
DefWindowProcA
SetWindowLongA
GetWindowLongA
CharLowerW
CharNextA
CharToOemA
CharUpperA

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
远程协助监控程序/远程协助监控-[控制端]/gmxz.htm
.html
远程协助监控程序/远程协助监控-[控制端]/gmzc.sz
远程协助监控程序/远程协助监控-[控制端]/help.txt
远程协助监控程序/远程协助监控-[控制端]/iext.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 55KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[控制端]/krnln.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 316KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[控制端]/read.txt
远程协助监控程序/远程协助监控-[控制端]/shell.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[控制端]/xwx.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetNewInf

Sections

CODE
Size: 188KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[控制端]/远程协助监控-[控制端].exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
远程协助监控程序/远程协助监控-[被控制端]/21.skn
远程协助监控程序/远程协助监控-[被控制端]/eAPI.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 85KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[被控制端]/eImgConverter.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
png_IDAT
png_IEND
png_IHDR
png_PLTE
png_bKGD
png_build_grayscale_palette
png_cHRM
png_check_sig
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_write_struct
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_gAMA
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_color_type
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_interlace_type
png_get_io_ptr
png_get_libpng_ver
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pixel_aspect_ratio
png_get_pixels_per_meter
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_transform_ptr
png_get_valid
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_meter
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_meter
png_hIST
png_iCCP
png_iTXt
png_init_io
png_malloc
png_memcpy_check
png_memset_check
png_oFFs
png_pCAL
png_pHYs
png_permit_empty_plte
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_sBIT
png_sCAL
png_sPLT
png_sRGB
png_set_IHDR
png_set_PLTE
png_set_bKGD
png_set_background
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_dither
png_set_error_fn
png_set_expand
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gray_1_2_4_to_8
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunks
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_bytes
png_sig_cmp
png_start_read_image
png_tEXt
png_tIME
png_tRNS
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_zTXt

Sections

.text
Size: 171KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[被控制端]/krnln.fnr
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 316KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[被控制端]/shell.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf

Sections

.text
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[被控制端]/xwx.fne
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetNewInf

Sections

CODE
Size: 188KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
远程协助监控程序/远程协助监控-[被控制端]/远程协助监控-[被控制端].exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

f81cfbf7eea6aefa1cdc69460a876678

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

oleaut32

shlwapi

user32

Exports

Exports

Sections

.text Size: 482KB - Virtual size: 482KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 18KB - Virtual size: 18KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 116KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 68KB

.rsrc Size: 6KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 752KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 20KB - Virtual size: 124KB

.rsrc Size: 14KB - Virtual size: 60KB

.reloc Size: 26KB - Virtual size: 68KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 36KB

.reloc Size: 1KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 188KB - Virtual size: 464KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 18KB - Virtual size: 32KB

.text
Size: 7KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB

.text
Size: 482KB - Virtual size: 482KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 55KB - Virtual size: 116KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 68KB

.rsrc
Size: 6KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 316KB - Virtual size: 752KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 20KB - Virtual size: 124KB

.rsrc
Size: 14KB - Virtual size: 60KB

.reloc
Size: 26KB - Virtual size: 68KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 36KB

.reloc
Size: 1KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 188KB - Virtual size: 464KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 18KB - Virtual size: 32KB

.rsrc
Size: 13KB - Virtual size: 40KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 556B

.rdata
Size: 512B - Virtual size: 404B

.ecode
Size: 195KB - Virtual size: 195KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 85KB - Virtual size: 188KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 15KB - Virtual size: 116KB

shared
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 28KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 171KB - Virtual size: 364KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 13KB - Virtual size: 56KB

.reloc
Size: 8KB - Virtual size: 16KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 316KB - Virtual size: 752KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 20KB - Virtual size: 124KB

.rsrc
Size: 14KB - Virtual size: 60KB

.reloc
Size: 26KB - Virtual size: 68KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 36KB

.reloc
Size: 1KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB