d5a33b814dee0abc1c9fc2cc78a1b048

Sharing

Copy URL

Twitter E-mail

General

Target

d5a33b814dee0abc1c9fc2cc78a1b048
Size

7.4MB
MD5

d5a33b814dee0abc1c9fc2cc78a1b048
SHA1

71fbc502e30e332edaf88367b82aaa70d1a23f3e
SHA256

fee11a0d3184b9f9953d099310bb6b6cd83a0817e99fe65eacff3f92b8545b86
SHA512

91fac0cb70ccc619078db5f9a4caaff88b62ddb6b9104ebc4dfc15271f672bd9e84595178ece88d61313165e6e2cd21aa33a42a07aac4a2926ec6017603783e2
SSDEEP

196608:loiSQRwu4/iW/n+Oe2G+8euwAuZoRE3TpFPs/:GhQRwf/P+Oe2mQpFk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Abrosoft FantaMorph 5.2.4.exe
unpack001/Interop.IWshRuntimeLibrary.dll
unpack001/Interop.SHDocVw.dll
unpack001/Rainmeter.dll
unpack001/msreg.dll
unpack001/update.exe

Files

d5a33b814dee0abc1c9fc2cc78a1b048
.rar
Abrosoft FantaMorph 5.2.4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\域名劫持\setup\setupBHO\setupBHO\obj\Debug\波克城市.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.IWshRuntimeLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.SHDocVw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rainmeter.dll
.dll windows:5 windows x86 arch:x86

57453ddc002d8a2708fc284c5ed770c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\RainTrunk\Library\x32\Release\Rainmeter.pdb

Imports

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Create

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW

uxtheme

SetWindowTheme
EnableThemeDialogTexture

winmm

PlaySoundW

gdiplus

GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngleI
GdipFillRectangleI
GdipDeleteMatrix
GdipSetMatrixElements
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateCachedBitmap
GdipDrawCachedBitmap
GdipBitmapGetPixel
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipSetClipPath
GdipResetClip
GdipFillPath
GdipIsMatrixIdentity
GdipGetImageRawFormat
GdipGetImageWidth
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawLine
GdipAddPathLine
GdipSetPenLineJoin
GdipDrawPath
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipResetWorldTransform
ord1
GdipCreateFontFamilyFromName
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureString
GdipDrawString
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFamilyName
GdipCreateMatrix
GdipCreateBitmapFromFile
GdipCreateHICONFromBitmap
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteCachedBitmap
GdipCreateFromHWND
GdipCreateImageAttributes
GdipGetImagePixelFormat
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipPrivateAddFontFile
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipSetWorldTransform
GdipCreateFromHDC
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipSetImageAttributesColorMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipImageRotateFlip
GdipDrawImageRectRect
GdipFillPolygonI
GdipCloneBrush

iphlpapi

GetIfTable
GetNumberOfInterfaces

shlwapi

PathCanonicalizeW
AssocQueryStringW

kernel32

EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetFileTime
GetFileSize
ReadFile
GetTempFileNameW
GetTempPathW
DeleteFileW
SetFileAttributesW
SetCurrentDirectoryW
GetTickCount
GetVersionExW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
FindFirstFileExW
IsDebuggerPresent
GetModuleFileNameW
DisableThreadLibraryCalls
GetLastError
Sleep
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
GetLocalTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
SetDllDirectoryW
WritePrivateProfileSectionW
GlobalMemoryStatusEx
GetVolumeInformationW
GetDiskFreeSpaceExW
SetLastError
SetErrorMode
GetDriveTypeW
GetSystemTimes
GetSystemInfo
GetModuleHandleW
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
GetLocaleInfoW
CreateDirectoryW
WritePrivateProfileStringW
CloseHandle
CreateFileW
GetPrivateProfileStringW
FindClose
FindNextFileW
GetProcAddress
FindFirstFileW
FreeLibrary
LoadLibraryW
GetPrivateProfileSectionW
QueryPerformanceCounter
GetCurrentProcessId
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW

user32

GetWindowTextW
SystemParametersInfoW
GetSystemMetrics
MessageBoxW
SetWindowLongW
GetWindowLongW
EnumChildWindows
SendMessageW
DestroyWindow
CreateDialogParamW
IsZoomed
ShowWindow
SetForegroundWindow
GetDlgItem
SetWindowPos
GetClientRect
PostMessageW
GetWindowPlacement
LoadIconW
SetWindowPlacement
BringWindowToTop
LoadImageW
SetPropW
SetWindowTextW
EnableWindow
PostQuitMessage
CopyIcon
RegisterWindowMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumWindows
IsWindow
GetClassNameW
GetShellWindow
EnumDisplayMonitors
EnumDisplaySettingsW
EnumDisplayDevicesW
UnhookWinEvent
SetWinEventHook
RegisterClassW
GetMenuItemID
GetMenuState
GetMenuItemCount
ModifyMenuW
RemoveMenu
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
HiliteMenuItem
GetMenuStringW
DeleteMenu
CheckMenuItem
SendMessageTimeoutW
GetPropW
RemovePropW
ShowScrollBar
DefWindowProcW
GetParent
LoadCursorW
SetCursor
FindWindowExW
GetAncestor
MapWindowPoints
WindowFromPoint
EndPaint
BeginPaint
UpdateLayeredWindow
InvalidateRect
SetWindowRgn
MonitorFromRect
IsWindowVisible
GetWindow
GetMonitorInfoW
MonitorFromPoint
TrackMouseEvent
SetTimer
RegisterClassExW
UnregisterClassW
KillTimer
ReleaseDC
GetDC
GetKeyState
GetDesktopWindow
DestroyIcon
CreateWindowExW
LoadStringW
SetRect
EnableMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
ScreenToClient
GetCursorPos
GetSubMenu
LoadMenuW
DestroyMenu
TrackPopupMenu
GetWindowRect
InsertMenuW
CreatePopupMenu

gdi32

CreateCompatibleDC
DeleteObject
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CreateFontIndirectW
CreateRoundRectRgn
CreateRectRgn
GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
CombineRgn
CreateEllipticRgn
DeleteDC

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_CItan
_CItanh
_CIasin
_CIacos
_CIatan
_CIatan2
_CIsqrt
_CIlog
_CIlog10
_CIexp
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
_CIsin
_CIcos
memset
_CIpow
_CIfmod
floor
memcpy
_setjmp3
_strnicmp
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
strcoll
strpbrk
_difftime64
strftime
clock
remove
system
tmpnam
_gmtime64
_mktime64
rename
strcspn
getenv
strrchr
_HUGE
frexp
ldexp
localeconv
clearerr
fseek
ftell
fwrite
setvbuf
_popen
fflush
_pclose
tmpfile
fscanf
exit
longjmp
fgets
strtoul
fputs
getc
freopen
ferror
fprintf
fread
fopen
__iob_func
strstr
ungetc
strerror
_CIcosh
strncat
_snprintf_s
sin
asin
_CIsinh
exp
atan
log10
acos
tan
log
calloc
modf
ceil
cos
sqrt
sprintf
realloc
strncpy
strtol
strtod
_beginthread
atoi
_wasctime
wcsrchr
isxdigit
islower
toupper
iscntrl
isupper
isdigit
isalpha
tolower
ispunct
isalnum
strchr
isspace
malloc
strncmp
_wtof
setlocale
_localtime64
wcsftime
_tzset
_wcsnicmp
rand
_time64
srand
_purecall
wcsncat_s
wcsncpy_s
_vsnprintf_s
memchr
_snwprintf_s
_set_invalid_parameter_handler
fputws
fclose
_wfopen
_ultow
towupper
wcstoul
_itow
_vsnwprintf_s
_wcsicmp
??_V@YAXPAX@Z
_waccess
swscanf
iswspace
wcsncmp
free
_wtoi
wcstok
_wcsdup
wcschr
wcstod
_errno
towlower
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
feof
fabs

Exports

Exports

ExecuteBang
Initialize
LSLog
PluginBridge
Quit
ReadConfigString

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.exe
.exe windows:1 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:db:bf:f8:6e:08:ed:51:2b:22:02:89:1a:5a:2c:ff
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

29/10/2009, 00:00

Not After

28/10/2012, 23:59

Subject

CN=Abrosoft Co.,O=Abrosoft Co.,POSTALCODE=100080,STREET=HaiDian+STREET=No.72 SuZhouJie\, Tower 1/Suite 403,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:b5:4c:4e:86:9a:e0:b5:29:13:ef:9f:48:e4:5d:b4:05:56:b8:a7
Signer

Actual PE Digest

fc:b5:4c:4e:86:9a:e0:b5:29:13:ef:9f:48:e4:5d:b4:05:56:b8:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msreg.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\域名劫持\BHO\obj\Debug\msreg.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RegAsm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 116KB - Virtual size: 114KB

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 4KB - Virtual size: 12B

57453ddc002d8a2708fc284c5ed770c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

wininet

uxtheme

winmm

gdiplus

iphlpapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 542KB - Virtual size: 541KB

.data Size: 3KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 28KB - Virtual size: 28KB

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

7a:db:bf:f8:6e:08:ed:51:2b:22:02:89:1a:5a:2c:ffCertificate

Extended Key Usages

Key Usages

fc:b5:4c:4e:86:9a:e0:b5:29:13:ef:9f:48:e4:5d:b4:05:56:b8:a7Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 116KB - Virtual size: 114KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 542KB - Virtual size: 541KB

.data
Size: 3KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 28KB - Virtual size: 28KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

7a:db:bf:f8:6e:08:ed:51:2b:22:02:89:1a:5a:2c:ff
Certificate

fc:b5:4c:4e:86:9a:e0:b5:29:13:ef:9f:48:e4:5d:b4:05:56:b8:a7
Signer

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 40KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B