dee70e18ca72a77169a6f9c0123f9ca2

Sharing

Copy URL

Twitter E-mail

General

Target

dee70e18ca72a77169a6f9c0123f9ca2
Size

1.6MB
MD5

dee70e18ca72a77169a6f9c0123f9ca2
SHA1

bf827ede4939b001e9637ec6a97368fe275192f4
SHA256

48254bfde00c8a7e45c71e063ee689ef3c59fb765e44abbad5d75011940593c8
SHA512

d018e346094423a1107dbae9120a4a81c156db71cfb98184acb9305e15b10edcb9b8f11f30b2a3b9d3396700f585e2df4144a7959fd6f735b8966e6af6b633a5
SSDEEP

49152:zXo8MPESiibc52HPKMX1XsfItn9hAHv7gN2vUPLJ:svPJms718fIWYLJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/gb_ems.exe	upx
static1/unpack001/sender.exe	upx
static1/unpack001/tracker.exe	upx

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe
static1/unpack003/out.upx	autoit_exe

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C60DOSX.DLL
unpack001/C60OLEX.DLL
unpack001/C60RUNX.DLL
unpack001/C60TPSX.DLL
unpack001/gb_ems.exe
unpack002/out.upx
unpack001/iQxml.dll
unpack001/sender.exe
unpack003/out.upx
unpack001/tracker.exe
unpack004/out.upx

Files

dee70e18ca72a77169a6f9c0123f9ca2
.rar
C60DOSX.DLL
.dll windows:1 windows x86 arch:x86

167d1cb4210d4bc7e187dc0a6427825e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c60runx

Cla$ACCEPTED
Cla$activate_drv
Cla$ADDqueue
Cla$ANSITOOEMdesc
Cla$CHANGE_DRIVER
Cla$CHANGE_FILE
Cla$CLEAR
Cla$clearerror
Cla$CLEARqueue
Cla$deactivate_drv
Cla$DecAdd
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecSub
Cla$DELAY
Cla$DISPOSEqueue
Cla$DPopLong
Cla$DPopReal
Cla$DPopUlong
Cla$DPushLong
Cla$DPushULong
Cla$EndEventLoop
Cla$ERRORCODE
Cla$EVENT
Cla$FILE_CLOSE
CLA$FILE_DESTROY
Cla$FILE_GETfl
Cla$FILE_HOLDf
Cla$FILE_HOLDfi
Cla$FILE_LOCKf
Cla$FILE_NEXT
Cla$FILE_OPEN
Cla$FILE_POSITIONf
Cla$FILE_POSITIONk
Cla$FILE_PREV
Cla$FILE_REGETf
Cla$FILE_RESETf
Cla$FILE_RESETk
Cla$FILE_SETf
Cla$FILE_SETfk
Cla$FILE_SETfl
Cla$FILE_SETk
Cla$FILE_SETkk
Cla$FILE_SETkkl
Cla$FILE_SETkl
Cla$FILE_STREAM
Cla$FILE_WATCH
Cla$FREEqueue
Cla$freestr
Cla$freewindow
Cla$getLogoutNumber
Cla$GETqueueptr
Cla$HELP
Cla$init
Cla$MessageBox
Cla$NewMemT
Cla$NEWqueue
Cla$OEMTOANSIdesc
Cla$OPENwindow
Cla$PopCString
Cla$PopString
Cla$PopTemp
Cla$PushCString
Cla$PushLong
Cla$PushNull
Cla$PushReal
Cla$PushString
Cla$pwopen
Cla$seterror
Cla$SetErrorFile
Cla$SORTqueuekey
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompare
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackHeap
Cla$StackINSTRING
Cla$StackLen
Cla$StackRotate
Cla$StackUPPER
Cla$StartEventLoop
Cla$storecstr
Cla$THREAD
THR$GetInstance
_10CInterface__BeforeDispose@F
_10CInterface__dt__@F
_10ErrorBlock__restore@F
_10ErrorBlock__save@F
_11HashElement__ct__@F
_11HashElement__dt__@F
_18ProtectedHashTable__ct__@FiP15CriticalSection
_18ProtectedHashTable__dt__@F
_18ProtectedHashTable__Lock@CF
_18ProtectedHashTable__Release@CF
_6DynStr__cat@Fc
_6DynStr__cat@Fi
_6DynStr__cat@Fl
_6DynStr__cat@FPCc
_6DynStr__cat@FPCcUi
_6DynStr__ct__@F
_6DynStr__ct__@FPcUi
_6DynStr__dt__@F
_6DynStr__opPc__@F
_6DynStr__PopString@F
_6DynStr__PushString@F
_9ClassDesc__ct__@FPUcUc
_9ClassDesc__dt__@F
_9ClassDesc__NFields@F
_9HashTable__HAdd@FPCv
_9HashTable__HDelete@FP11HashElement
_9HashTable__HFind@CFPCv
_9TraceFile__ct__@FPCcP7Drv_FCB
_9TraceFile__Logging@F
_9TraceFile__Message@FPCcUc
_9TraceFile__StartLine@F
_9TraceFile__StartLogging@FPCc
_9TraceFile__StartTiming@FPCc
_9TraceFile__StopLogging@F
_9TraceFile__WriteOp@FPC7Drv_FCBPC7Drv_KCBili
_abs
_atoi
_atol
_calloc
_CallRemoteFile
_clock
_DestroyRemoteFile
_DFSetFielderror@FP7Drv_FLDUiPCcPCc
_DFSetKeyerror@FP7Drv_KCBUiPCcPCc
_DFSetMemoerror@FP7Drv_MCBUiPCcPCc
_dl__@FPv
_drv_check_state
_drv_ChkName
_drv_CopyOrRenameFile
_drv_GetTypeName@Fi
_drv_hasEqualSign
_drv_MakeCSTRING
_drv_Strup
_drv_update_state
_FindRemoteDriver
_FindRemoteFile
_free
_ltoa
_malloc
_memcmp
_memcpy
_memmove
_nw__@FUi
_realloc
_strchr
_strcmp
_strcpy
_strdup
_strlen
_strncmp
_ultoa
__OsCloseFile
__OsCommitFile
__OsCreateFile
__OsDeleteFile
__OsFileTruncate
__OsGetFileLen
__OsGetFilePos
__OsLockFile
__OsOpenFile
__OsReadFile
__OsSeekFile
__OsUnlockFile
__OsWriteFile
__sysinit
__systerm
__systhrinit
__systhrterm

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection

user32

MessageBoxA

Exports

Exports

DOS
Dos$DrvReg

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 87B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C60OLEX.DLL
.dll windows:1 windows x86 arch:x86

5229e81ade1f79add3b6ce140d2fe87c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA

c60runx

Cla$ADDqueue
Cla$AssignRefUfo
Cla$CloneUfo
Cla$DPopLong
Cla$Evaluate
Cla$FIELDNAME
Cla$FreeUfo
Cla$HALT
Cla$Long2Ufo
Cla$MessageBox
Cla$NewMemB
Cla$NUMCHANGESqueue
Cla$PopCString
Cla$PopLong
Cla$PopString
Cla$PushBool
Cla$PushCString
Cla$PushLong
Cla$PushNull
Cla$PushReal
Cla$PushString
Cla$PushUfo
Cla$Real2Ufo
Cla$seterror
Cla$Stack2DStack
Cla$Stack2Ufo
Cla$StackHeap
Cla$StackLen
Cla$STACKpop
Cla$String2Ref
Cla$Ufo2Real
Cla$WHATqueue
CtlMain@newolecontrol
THR$GetInstance
Wsl$GetTargetWindow
Wsl@screener
WslWind@pFrame
_12ctlclassinfo__ct__@F
_12ctlclassinfo__docallback@FP6HWND__UiUil
_12ctlclassinfo__dt__@F
_12FieldCreator__makemenubar@FP8DmenubarP6screen7BarModei
_12reportscreen__GetFieldData@Fii
_17graphicfilterlist__Create@F
_17graphicfilterlist__loadimage@FP12reportscreenPCciUsP13graphictarget
_5field__active@CF
_5field__checkqueuechanged@F
_5field__checkusechanged@F
_5field__choice@F
_5field__dimchild@Fi
_5field__enabled@CF
_5field__findincomplete@F
_5field__getdeepesthelp@F
_5field__hidechild@Fi
_5field__incomplete@F
_5field__IsField@CF
_5field__preselect@FUiUi
_5field__preselectchild@FP5field
_5field__select@FUiUi
_5field__SetVarProperty@FiP3Ufo
_5field__update@F
_5field__visible@CF
_6DynStr__cat@FPCc
_6DynStr__cat@FPCcUi
_6DynStr__catbase@FUlUi
_6DynStr__ct__@F
_6DynStr__ct__@FPc
_6DynStr__ct__@FPcUi
_6DynStr__dt__@F
_6DynStr__kill@F
_6DynStr__opPc__@F
_6DynStr__PopString@F
_7control__AdjustForBorder@FR7tagRECT11BorderStyle
_7control__attach3d@Fi
_7control__create@FP13DcontrolfieldR12FieldCreatorPC12ctlclassinfoUlPCcUl
_7control__createcopy@FRC7controlR12FieldCreator
_7control__ct__@FP8DgenctrlR12FieldCreatori
_7control__dim@Fii
_7control__displayed@CF
_7control__drawgraphic@FP5HDC__P7tagRECT
_7control__dt__@F
_7control__enableSTD@CFi
_7control__findcontrol@FP8tagPOINTi
_7control__findgraphic@FP8tagPOINT
_7control__getcolorbrush@CFci
_7control__GetFont@CFi
_7control__GetIndexProperty@CFii
_7control__GetPosition@CFRiRiRiRi
_7control__GetPrintRect@CFR7tagRECT
_7control__GetProperty@CFi
_7control__gettext@CFR6DynStr
_7control__getvalue@CFR6DynStr
_7control__hide@Fii
_7control__mappalette@F
_7control__notification@FP8tagNMHDRRi
_7control__onwindowresize@F
_7control__PostEvent@FUi
_7control__redraw@F
_7control__redraw@FR7tagRECT
_7control__releasecapture@F
_7control__resize@F
_7control__SetDefaultHeight@FR7tagRECTPCc
_7control__SetDefaultWidth@FR7tagRECTPCc
_7control__SetFont@FPC14FontDescriptor
_7control__SetIndexProperty@FiiPCc
_7control__SetLayoutStyles@F
_7control__SetPosition@Fiiii
_7control__SetProperty@FiPCc
_7control__settext@FPCc
_7control__setup@F
_7control__TranslateAccel@FR6tagMSG
_7control__UnAdjustForBorder@CFR7tagRECT11BorderStyle
_7menubar__winmenu@F
_7UseDesc__Push@CF
_7UseDesc__SetFromStack@F
_7UseDesc__UpdateCopy@F
_8property__copyfeq@FP6screeni
_8property__getmetatarget@F
_8property__GetNamedProperty@CFR6DynStri
_8property__IsFrame@CF
_8property__IsMDI@CF
_8property__IsReport@CF
_8property__IsRepScreen@CF
_8property__IsScreen@CF
_8property__SetClassProperty@FiPv
_8property__SetFieldProperty@FiPvi
_8property__SetNamedProperty@FR6DynStrR6DynStri
_8property__SetQueueProperty@FiPv
_9classinfo__init@FPCcPFP6HWND__UiUil_lPCcUi
_9EVALUATOR__CURRENT@F
_atoi
_atol
_dl__@FPv
_dumpbase
_free
_graphfilters
_itoa
_ltoa
_malloc
_memchr
_memcmp
_memcpy
_memicmp
_memmove
_memset
_nw__@FUi
_strcat
_strchr
_strcmp
_strcpy
_striequ
_strlen
_strstr
_strupr
_ultoa
__OsDeleteFile
__sysinit
__systerm
__systhrinit
__systhrterm

gdi32

CreateHatchBrush
DeleteObject
GetDeviceCaps
GetObjectA
Rectangle
SelectObject
SetROP2

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetProcAddress
GetTempFileNameA
GetTempPathA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
lstrcmpW
MulDiv
MultiByteToWideChar
WideCharToMultiByte
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen

ole32

CLSIDFromString
CoCreateInstance
CoDisconnectObject
CoFreeUnusedLibraries
CoGetClassObject
CoGetMalloc
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
IIDFromString
IsAccelerator
OleCreate
OleCreateFromData
OleCreateFromFile
OleCreateLinkFromData
OleCreateLinkToFile
OleGetClipboard
OleInitialize
OleIsRunning
OleLoad
OleQueryCreateFromData
OleQueryLinkFromData
OleRun
OleSave
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleUninitialize
ProgIDFromCLSID
ReleaseStgMedium
StgCreateDocfile
StgCreateDocfileOnILockBytes
StgOpenStorage
StringFromCLSID
StringFromIID

oleaut32

SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayRedim
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

user32

BeginPaint
BringWindowToTop
DestroyWindow
DrawMenuBar
EndPaint
GetClientRect
GetDC
GetParent
GetSubMenu
GetWindowRect
InvalidateRect
IsWindow
IsWindowVisible
MapWindowPoints
MessageBoxA
MessageBoxW
PostMessageA
PtInRect
RegisterClipboardFormatA
ReleaseDC
RemoveMenu
SendMessageA
SetFocus
SetMenu
SetWindowPos
wsprintfA

Exports

Exports

CLEAR@F9SAFEARRAY
CONSTRUCT@F9SAFEARRAY
CREATE2@F9SAFEARRAYUsllll
CREATE@F9SAFEARRAYUsll
Cla$HookOle
Cla$OLEDIRECTORY
DESTRUCT@F9SAFEARRAY
DIMENSIONS@F9SAFEARRAY
GET2@F9SAFEARRAYll
GET@F9SAFEARRAYl
LOWERBOUND@F9SAFEARRAYl
OCxUnRegisterEventProc
OCxUnRegisterPropChange
OCxUnRegisterPropEdit
OcxGetParam
OcxGetParamCount
OcxLoadImage
OcxRegisterEventProc
OcxRegisterPropChange
OcxRegisterPropEdit
OcxSetParam
PUT2@F9SAFEARRAYllu
PUT@F9SAFEARRAYlu
RESIZE@F9SAFEARRAYll
TYPE$SAFEARRAY
TYPE@F9SAFEARRAY
UPPERBOUND@F9SAFEARRAYl
VMT$SAFEARRAY
VMTP$SAFEARRAY
_9ClwOleStr__ct__@F
_9ClwOleStr__ct__@FPCUsUi
_9ClwOleStr__ct__@FPCcUi
_9ClwOleStr__ct__@FRC6DynStr
_9ClwOleStr__ct__@FRC9ClwOleStr
_9ClwOleStr__dt__@F
_9ClwOleStr__get@FR6DynStr
_9ClwOleStr__length@CF
_9ClwOleStr__opPCc__@F
_9ClwOleStr__setcstr@FPCcUi

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C60RUNX.DLL
.dll windows:1 windows x86 arch:x86

54aea5b9a40ec0f1b49cabc12f2b4bd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA

comctl32

ImageList_Draw
InitCommonControls

comdlg32

ChooseColorA
ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PrintDlgA

gdi32

Arc
BitBlt
Chord
CloseEnhMetaFile
CloseMetaFile
CombineRgn
CopyMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBitmap
CreateEllipticRgn
CreateEnhMetaFileA
CreateFontA
CreateFontIndirectA
CreateICA
CreateMetaFileA
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontFamiliesExA
EnumMetaFile
Escape
ExcludeClipRect
ExtSelectClipRgn
ExtTextOutA
GetBkColor
GetBkMode
GetCharWidthA
GetClipBox
GetCurrentPositionEx
GetDeviceCaps
GetMapMode
GetMetaFileBitsEx
GetNearestColor
GetObjectA
GetPaletteEntries
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextColor
GetTextExtentPoint32A
GetTextExtentPointA
GetTextFaceA
GetTextMetricsA
GetWinMetaFileBits
IntersectClipRect
LineTo
LPtoDP
MoveToEx
OffsetViewportOrgEx
PaintRgn
PatBlt
Pie
PlayMetaFile
PlayMetaFileRecord
Polygon
RealizePalette
Rectangle
RectVisible
ResetDCA
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetMetaFileBitsEx
SetPaletteEntries
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

kernel32

AreFileApisANSI
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumResourceNamesA
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
FreeResource
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileStringA
GetShortPathNameA
GetStartupInfoA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalFileTimeToFileTime
LockFile
LockResource
lstrcmpA
lstrcmpiA
lstrcmpiW
MoveFileA
MulDiv
MultiByteToWideChar
OpenFile
OpenMutexA
OpenSemaphoreA
OutputDebugStringA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResumeThread
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetLocalTime
SizeofResource
Sleep
SleepEx
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProfileStringA
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite

mpr

WNetGetConnectionA

ole32

CoInitialize
CoUninitialize
CreateILockBytesOnHGlobal
GetClassFile
OleGetClipboard
StgCreateDocfileOnILockBytes

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

oledlg

OleUIAddVerbMenuA
OleUIInsertObjectA
OleUIPasteSpecialA

shell32

DragAcceptFiles
DragQueryFileA
ExtractIconA
SHBrowseForFolderA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA

user32

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharNextA
CharPrevA
CharToOemA
CharToOemBuffA
CharUpperA
CheckMenuItem
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyIcon
CopyRect
CreateCaret
CreateDialogParamA
CreateIconFromResourceEx
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefDlgProcA
DeferWindowPos
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamA
DialogBoxParamA
DispatchMessageA
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateA
DrawTextA
DrawTextExA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumChildWindows
EqualRect
FillRect
FrameRect
FreeDDElParam
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoExA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyboardLayout
GetKeyboardState
GetKeyState
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMessageA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
HideCaret
InflateRect
InSendMessage
InsertMenuA
IntersectRect
InvalidateRect
InvertRect
IsCharAlphaA
IsCharUpperA
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
keybd_event
KillTimer
LoadBitmapA
LoadCursorA
LoadCursorFromFileA
LoadIconA
LoadImageA
LoadStringA
LookupIconIdFromDirectoryEx
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
ModifyMenuA
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
PackDDElParam
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ReplyMessage
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SendNotifyMessageA
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetParent
SetPropA
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
ToAscii
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UnregisterClassA
UpdateWindow
VkKeyScanA
WindowFromPoint
WinHelpA
wsprintfA
wvsprintfA

winspool.drv

ClosePrinter
DeviceCapabilitiesA
DocumentPropertiesA
OpenPrinterA

Exports

Exports

AttachThreadToClarion
CLA$FILE_CALLBACK
CLA$FILE_DESTROY
CLA$FILE_FREESTATE
CLA$FILE_GETSTATE
CLA$FILE_RESTORESTATE
CLA$FILE_SQLCALLBACK
CLA$GETINIGROUP
CLA$PUTINIGROUP
Cla$ACCEPTED
Cla$ACOS
Cla$ADDqueue
Cla$ADDqueuefkey
Cla$ADDqueuekey
Cla$ADDqueueptr
Cla$ADDqueueskey
Cla$ALERT
Cla$ALIAS
Cla$ANSITOOEMdesc
Cla$ARC
Cla$ASIN
Cla$ASK
Cla$AStringLen
Cla$AStringUPPER
Cla$ATAN
Cla$AccessColSeqInfo
Cla$AddressUfo
Cla$ArrayOfUfo
Cla$AssertFailed
Cla$AssertFailedM
Cla$AssignLong2RefUfo
Cla$AssignLong2Ufo
Cla$AssignLong2Variant
Cla$AssignReal2RefUfo
Cla$AssignReal2Variant
Cla$AssignRefUfo
Cla$AssignUfo
Cla$BEEP
Cla$BLANK
Cla$BLOB_DO_PROPERTY
Cla$BLOB_GET_PROPERTY
Cla$BLOB_SET_PROPERTY
Cla$BLOB_SIZE
Cla$BLOB_TAKE
Cla$BLOB_YIELD
Cla$BOX
Cla$BSHIFT
Cla$BindE
Cla$BindG
Cla$BindP
Cla$BindV
Cla$CALL
Cla$CHAIN
Cla$CHANGE
Cla$CHANGE_DRIVER
Cla$CHANGE_FILE
Cla$CHOICE
Cla$CHORD
Cla$CLEAR
Cla$CLEARqueue
Cla$CLIPBOARD
Cla$CLOCK
Cla$CLONE
Cla$CLOSEwindow
Cla$COLORDIALOG
Cla$COMMAND
Cla$COMMIT
Cla$CONVERTANSITOOEM
Cla$CONVERTOEMTOANSI
Cla$COS
Cla$CREATE
Cla$CString2AString
Cla$ClearBString
Cla$ClearDec
Cla$ClearType
Cla$ClearUfo
Cla$ClearVariant
Cla$CloneUfo
Cla$CloneVariantTmp
Cla$CollationChar
Cla$CollationVal
Cla$CopyFile
Cla$DATE
Cla$DAY
Cla$DAbs
Cla$DDEacknowledge
Cla$DDEapp
Cla$DDEchannel
Cla$DDEclient
Cla$DDEclose
Cla$DDEexecute
Cla$DDEitem
Cla$DDEpoke
Cla$DDEquery
Cla$DDEread
Cla$DDEserver
Cla$DDEtopic
Cla$DDEvalue
Cla$DDEwrite
Cla$DEBUGHOOK
Cla$DELAY
Cla$DELETEREG
Cla$DELETEqueue
Cla$DESTROY
Cla$DIRECTORY
Cla$DISABLE
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DISPOSEref
Cla$DISPOSEvref
Cla$DInt
Cla$DNegate
Cla$DPopDec
Cla$DPopLong
Cla$DPopPdec
Cla$DPopPict
Cla$DPopReal
Cla$DPopUlong
Cla$DPushCString
Cla$DPushConstant
Cla$DPushDec
Cla$DPushLong
Cla$DPushPdec
Cla$DPushReal
Cla$DPushStringP
Cla$DPushStringStackP
Cla$DPushULong
Cla$DRAGID
Cla$DROPID
Cla$DRound
Cla$DStack2Stack
Cla$DStack2Ufo
Cla$DSwap
Cla$DecAdd
Cla$DecCompareN
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecDivide
Cla$DecDivideR
Cla$DecMul
Cla$DecSub
Cla$DecSubR
Cla$DeepAssign
Cla$DesignateUfo
Cla$DisposeDynStr
Cla$Dlongpower
Cla$DoProp
Cla$Dulongpower
Cla$ELLIPSE
Cla$ENABLE
Cla$ENDPAGE
Cla$ERASE
Cla$ERROR
Cla$ERRORCODE
Cla$ERRORFILE
Cla$ERRORFILENAME
Cla$EVENT
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ErrorString
Cla$Evaluate
Cla$EvaluateParsed
Cla$FIELD
Cla$FIELDNAME
Cla$FILEDIALOG
Cla$FILEDIALOGA
Cla$FILEERRORCODE
Cla$FILEERRORMSG
Cla$FILE_ADDf
Cla$FILE_ADDfu
Cla$FILE_APPENDf
Cla$FILE_APPENDfu
Cla$FILE_BOF
Cla$FILE_BUFFER
Cla$FILE_BUILDf
Cla$FILE_BUILDk
Cla$FILE_BUILDks
Cla$FILE_BUILDksf
Cla$FILE_BYTES
Cla$FILE_CEOF
Cla$FILE_CLEAR
Cla$FILE_CLOSE
Cla$FILE_COPY
Cla$FILE_CREATE
Cla$FILE_DELETE
Cla$FILE_DO_PROPERTY
Cla$FILE_DUPLICATEf
Cla$FILE_DUPLICATEk
Cla$FILE_EMPTY
Cla$FILE_FIXFORMAT
Cla$FILE_FLUSH
Cla$FILE_GETNULLS
Cla$FILE_GET_PROPERTY
Cla$FILE_GETfk
Cla$FILE_GETfl
Cla$FILE_GETflu
Cla$FILE_GETkl
Cla$FILE_HOLDf
Cla$FILE_HOLDfi
Cla$FILE_LOCKf
Cla$FILE_LOCKfi
Cla$FILE_NAME
Cla$FILE_NEXT
Cla$FILE_NOMEMO
Cla$FILE_NULL
Cla$FILE_NULL2
Cla$FILE_OPEN
Cla$FILE_PACK
Cla$FILE_POINTERf
Cla$FILE_POINTERk
Cla$FILE_POSITIONf
Cla$FILE_POSITIONk
Cla$FILE_PREV
Cla$FILE_PUTf
Cla$FILE_PUTfl
Cla$FILE_PUTflu
Cla$FILE_RECORDSf
Cla$FILE_RECORDSk
Cla$FILE_REGETf
Cla$FILE_REGETk
Cla$FILE_RELEASE
Cla$FILE_REMOVE
Cla$FILE_RENAME
Cla$FILE_RESETf
Cla$FILE_RESETk
Cla$FILE_SEND
Cla$FILE_SETNONULL
Cla$FILE_SETNONULL2
Cla$FILE_SETNULL
Cla$FILE_SETNULL2
Cla$FILE_SETNULLS
Cla$FILE_SET_PROPERTY
Cla$FILE_SETf
Cla$FILE_SETfk
Cla$FILE_SETfl
Cla$FILE_SETk
Cla$FILE_SETkk
Cla$FILE_SETkkl
Cla$FILE_SETkl
Cla$FILE_SHARE
Cla$FILE_SKIP
Cla$FILE_STREAM
Cla$FILE_UNFIXFORMAT
Cla$FILE_UNLOCK
Cla$FILE_WATCH
Cla$FIRSTFIELD
Cla$FOCUS
Cla$FONTDIALOG
Cla$FONTDIALOGA
Cla$FORWARDKEY
Cla$FREEqueue
Cla$FREEqueuea
Cla$FREEqueuefkey
Cla$FREEqueuekey
Cla$FREEqueueskey
Cla$FastClip
Cla$FileExists
Cla$FreeBStringTmp
Cla$FreeParsed
Cla$FreeUfo
Cla$FreeUpUfo
Cla$FreeVariantTmp
Cla$GETFONT
Cla$GETFONTEX
Cla$GETGROUP
Cla$GETGROUPqueue
Cla$GETINI
Cla$GETPOSITION
Cla$GETREG
Cla$GETqueuefkey
Cla$GETqueuekey
Cla$GETqueueptr
Cla$GETqueueskey
Cla$GetProcessMutex
Cla$GetProcessSemaphore
Cla$GetPropS
Cla$Group2Ufo
Cla$HALT
Cla$HELP
Cla$HIDE
Cla$HOWMANY
Cla$HOWMANYqueue
Cla$IDLE
Cla$IMAGE
Cla$IN
Cla$INCOMPLETE
Cla$INSTANCE
Cla$INT
Cla$ISGROUP
Cla$ISGROUPqueue
Cla$IsAlpha
Cla$IsLower
Cla$IsUfoString
Cla$IsUpper
Cla$IsfGetMsg
Cla$KEYBOARD
Cla$KEYCHAR
Cla$KEYCODE
Cla$KEYSTATE
Cla$KEY_DO_PROPERTY
Cla$KEY_GET_PROPERTY
Cla$KEY_SET_PROPERTY
Cla$LASTFIELD
Cla$LFNDIRECTORY
Cla$LINE
Cla$LOCKTHREAD
Cla$LOCKTHREAD_NCT
Cla$LOG10
Cla$LOGE
Cla$LOGOUT
Cla$LONGPATH
Cla$Locale
Cla$Long2Ufo
Cla$MATCH
Cla$MONTH
Cla$MOUSEX
Cla$MOUSEY
Cla$MakeAString
Cla$MakeRefVariant
Cla$Mem2Ufo
Cla$MessageBox
Cla$NEWqueue
Cla$NOTIFICATION
Cla$NOTIFY
Cla$NUMCHANGESqueue
Cla$NewCriticalSection
Cla$NewDynStr
Cla$NewHashTable
Cla$NewMemB
Cla$NewMemT
Cla$NewMemZ
Cla$NewMutex
Cla$NewProcessMutex
Cla$NewProcessSemaphore
Cla$NewReaderWriterLock
Cla$NewSemaphore
Cla$OEMTOANSIdesc
Cla$OPENowned
Cla$OPENwindow
Cla$OUT
Cla$Omitted
Cla$PEEK
Cla$PENCOLOR
Cla$PENSTYLE
Cla$PENWIDTH
Cla$PIE
Cla$POINTERqueue
Cla$POKE
Cla$POLYGON
Cla$POPUP
Cla$POSITIONqueue
Cla$POST
Cla$PRESSKEY
Cla$PRINTERDIALOG
Cla$PRINTreport
Cla$PUTINI
Cla$PUTREG
Cla$PUTqueue
Cla$PUTqueuefkey
Cla$PUTqueuekey
Cla$PUTqueueskey
Cla$ParseCString
Cla$ParseCStringR
Cla$Picture2Ufo
Cla$PictureUfo
Cla$PopAString
Cla$PopBStringTmp
Cla$PopBind
Cla$PopCString
Cla$PopLong
Cla$PopPString
Cla$PopPictLong
Cla$PopPictReal
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$PrintClarion
Cla$PrintSQL
Cla$PrintSQLOrder
Cla$PushAString
Cla$PushBString
Cla$PushBStringTmp
Cla$PushBind
Cla$PushBool
Cla$PushCString
Cla$PushLong
Cla$PushNull
Cla$PushPictDec
Cla$PushPictLong
Cla$PushPictReal
Cla$PushReal
Cla$PushString
Cla$PushTemp
Cla$PushUfo
Cla$PushVariant
Cla$PushVariantLong
Cla$PushVariantReal
Cla$QUOTE
Cla$RANDOM
Cla$RECORDSqueue
Cla$REGISTEREVENT
Cla$REGULAR
Cla$REJECTCODE
Cla$RESUME
Cla$ROLLBACK
Cla$ROUND
Cla$ROUNDBOX
Cla$RUN
Cla$RUNCODE
Cla$Real2Ufo
Cla$RefAssignAny
Cla$RefAssignVariant
Cla$RemoveFile
Cla$RenameFile
Cla$SELECT
Cla$SELECTED
Cla$SET3DLOOK
Cla$SETCLIPBOARD
Cla$SETCLOCK
Cla$SETCOMMAND
Cla$SETCURSOR
Cla$SETDROPID
Cla$SETFONT
Cla$SETFONTEX
Cla$SETKEYCHAR
Cla$SETKEYCODE
Cla$SETLAYOUT
Cla$SETPATH
Cla$SETPENCOLOR
Cla$SETPENSTYLE
Cla$SETPENWIDTH
Cla$SETPOSITION
Cla$SETTARGET
Cla$SETTODAY
Cla$SHORTPATH
Cla$SHOW
Cla$SHUTDOWN
Cla$SIN
Cla$SORTqueuefkey
Cla$SORTqueuekey
Cla$SORTqueueskey
Cla$SQRT
Cla$STACKpop
Cla$START
Cla$START1
Cla$START2
Cla$START3
Cla$STATUSfile
Cla$STATUSwindow
Cla$STOP
Cla$SUSPEND
Cla$SelectUfo
Cla$SelectUfo2
Cla$SetErrorFile
Cla$SetPropF
Cla$SetPropQ
Cla$SetPropS
Cla$SetPropUI
Cla$SetPropV
Cla$SetSafeVariantClear
Cla$SizeUfo
Cla$Stack2BString
Cla$Stack2BStringTmp
Cla$Stack2DStack
Cla$Stack2Ufo
Cla$Stack2UfoC
Cla$Stack2Variant
Cla$Stack2VariantTmp
Cla$StackAGE
Cla$StackALL
Cla$StackCENTER
Cla$StackCLIP
Cla$StackCONTENTS
Cla$StackCompare
Cla$StackCompare1
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackCompareNEQ1
Cla$StackCompareR
Cla$StackCompareR1
Cla$StackConcat
Cla$StackConcatR
Cla$StackDEFORMAT
Cla$StackDEFORMAT2
Cla$StackErrstr
Cla$StackFORMAT
Cla$StackFORMAT2
Cla$StackHeap
Cla$StackINLIST
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLOWER
Cla$StackLen
Cla$StackLen2
Cla$StackNUMERIC
Cla$StackPRESS
Cla$StackRIGHT
Cla$StackRotate
Cla$StackSUB
Cla$StackTYPE

Sections

.text
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cwdebug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C60TPSX.DLL
.dll windows:1 windows x86 arch:x86

491416e3a4f9f746ff3e3d26f856c2cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c60runx

Cla$ACCEPTED
Cla$AccessColSeqInfo
Cla$activate_drv
Cla$addLogoutFile
Cla$ADDqueue
Cla$AddressUfo
Cla$CHANGE_DRIVER
Cla$CHANGE_FILE
Cla$CHOICE
Cla$CLEAR
Cla$clearerror
Cla$CLEARqueue
Cla$clearstr
Cla$CLOSEwindow
Cla$deactivate_drv
Cla$DecAdd
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecSub
Cla$DELAY
Cla$deleteLogoutFile
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DPopLong
Cla$DPopReal
Cla$DPopUlong
Cla$DPushLong
Cla$DPushULong
Cla$DStack2Stack
Cla$EndEventLoop
Cla$ERRORCODE
Cla$EVENT
Cla$FILEDIALOG
Cla$FILE_CLOSE
CLA$FILE_DESTROY
Cla$FILE_GETfl
Cla$FILE_HOLDf
Cla$FILE_HOLDfi
Cla$FILE_LOCKf
Cla$FILE_NEXT
Cla$FILE_OPEN
Cla$FILE_POSITIONf
Cla$FILE_POSITIONk
Cla$FILE_PREV
Cla$FILE_REGETf
Cla$FILE_RESETf
Cla$FILE_RESETk
Cla$FILE_SETf
Cla$FILE_SETfk
Cla$FILE_SETfl
Cla$FILE_SETk
Cla$FILE_SETkk
Cla$FILE_SETkkl
Cla$FILE_SETkl
Cla$FILE_STREAM
Cla$FILE_WATCH
Cla$FreeParsed
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$getLogoutNumber
Cla$GetPropS
Cla$GETqueueptr
Cla$HELP
Cla$init
Cla$IsfGetMsg
Cla$isftoupper
Cla$isfxconvert
Cla$isfxlower
Cla$KEYCODE
Cla$Mem2Ufo
Cla$MessageBox
Cla$NewMemT
Cla$NEWqueue
Cla$OPENwindow
Cla$ParseCString
Cla$PopCString
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PushCString
Cla$PushLong
Cla$PushNull
Cla$PushReal
Cla$PushString
Cla$pwopen
Cla$RECORDSqueue
Cla$rterr
Cla$SELECT
Cla$seterror
Cla$SetErrorFile
Cla$setfileerror
Cla$SETPATH
Cla$SetPropS
Cla$SetPropV
Cla$SHORTPATH
Cla$SORTqueuekey
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompare
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackHeap
Cla$StackINSTRING
Cla$StackLen
Cla$StackRotate
Cla$StackUPPER
Cla$StartEventLoop
Cla$storecstr
Cla$storestr
Cla$THREAD
THR$GetInstance
Wsl$DoEvent
Wsl$GetActiveWindow
Wsl$GetLFNEnabled
Wsl$OSVersion
WslUtil$ParseFileName
_10CInterface__BeforeDispose@F
_10CInterface__dt__@F
_10ErrorBlock__restore@F
_10ErrorBlock__save@F
_11HashElement__ct__@F
_11HashElement__dt__@F
_13ReadWriteLock__ct__@F
_13ReadWriteLock__dt__@F
_13ReadWriteLock__lockRead@F
_13ReadWriteLock__lockWrite@F
_13ReadWriteLock__unlockRead@F
_13ReadWriteLock__unlockWrite@F
_18ProtectedHashTable__ct__@FiP15CriticalSection
_18ProtectedHashTable__dt__@F
_18ProtectedHashTable__Lock@CF
_18ProtectedHashTable__Release@CF
_6DynStr__cat@Fc
_6DynStr__cat@Fi
_6DynStr__cat@Fl
_6DynStr__cat@FPCc
_6DynStr__cat@FPCcUi
_6DynStr__ct__@F
_6DynStr__ct__@FPc
_6DynStr__ct__@FPcUi
_6DynStr__dt__@F
_6DynStr__opPc__@F
_6DynStr__PopString@F
_6DynStr__PushString@F
_9ClassDesc__ct__@FPUcUc
_9ClassDesc__dt__@F
_9ClassDesc__NFields@F
_9exp_array__append@FR8selement
_9exp_array__ct__@F
_9exp_array__dt__@F
_9exp_array__remove@FUii
_9HashTable__HAdd@FPCv
_9HashTable__HDelete@FP11HashElement
_9HashTable__HFind@CFPCv
_9TraceFile__ct__@FPCcP7Drv_FCB
_9TraceFile__Logging@F
_9TraceFile__Message@FPCcUc
_9TraceFile__StartLine@F
_9TraceFile__StartLogging@FPCc
_9TraceFile__StartTiming@FPCc
_9TraceFile__StopLogging@F
_9TraceFile__WriteOp@FPC7Drv_FCBPC7Drv_KCBili
_abs
_atoi
_atol
_calloc
_CallRemoteFile
_clock
_DestroyRemoteFile
_DFSetComponentError@FP7Drv_KCBcUiPCcPCc
_DFSetFielderror@FP7Drv_FLDUiPCcPCc
_DFSetFileerror@FUiPCcPCc
_DFSetKeyerror@FP7Drv_KCBUiPCcPCc
_DFSetMemoerror@FP7Drv_MCBUiPCcPCc
_dl__@FPv
_drv_check_state
_drv_ChkName
_drv_CopyOrRenameFile
_drv_GetTypeName@Fi
_drv_hasEqualSign
_drv_MakeCSTRING
_drv_PathIsDirectory
_drv_update_state
_FindRemoteDriver
_FindRemoteFile
_free
_itoa
_longjmp
_ltoa
_malloc
_memcmp
_memcpy
_memicmp
_memset
_nw__@FUi
_realloc
_remove
_strcat
_strchr
_strcmp
_strcpy
_strdup
_strequ
_stricmp
_striequ
_strlen
_strncpy
_strrchr
_strspn
_strstr
_strupr
_time
_tmpnam
_ultoa
__OsGetFileLen
__OsGetFilePos
__OsOpenFile
__OsSeekFile
__setjmp
__sysinit
__systerm
__systhrinit
__systhrterm

comdlg32

CommDlgExtendedError
GetOpenFileNameA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FlushFileBuffers
GetLastError
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LockFile
MulDiv
ReadFile
SetEndOfFile
SetFilePointer
SetLastError
Sleep
UnlockFile
WriteFile
_lclose
_lcreat
_llseek
_lread
_lwrite

user32

CharToOemBuffA
GetActiveWindow
OemToCharBuffA
PostMessageA

Exports

Exports

TOPSPEED
TPS_DrvReg

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gb_ems.au3
.ps1
gb_ems.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iQxml.dll
.dll windows:1 windows x86 arch:x86

94f69633b3efd2ce5ef6405564740e8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c60dosx

DOS

c60runx

Cla$ADDqueue
Cla$ADDqueuekey
Cla$AssignRefUfo
Cla$BEEP
Cla$CHANGE
Cla$CHOICE
Cla$CLEAR
Cla$CLEARqueue
Cla$clearstr
Cla$ClearType
Cla$CLOCK
Cla$CLOSEwindow
Cla$comparestr
Cla$CREATE
Cla$DecAdd
Cla$DecDistinct
Cla$DecDivide
Cla$DecMul
Cla$DecSub
Cla$DELETEqueue
Cla$DESTROY
Cla$DInt
Cla$DISPLAY
Cla$DPopLong
Cla$DPopPdec
Cla$DPopReal
Cla$DPopUlong
Cla$DPushConstant
Cla$DPushLong
Cla$DPushPdec
Cla$DPushULong
Cla$DStack2Stack
Cla$duplicate
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ERRORCODE
Cla$EVENT
Cla$FIELD
Cla$FILEDIALOG
Cla$FILE_ADDfu
Cla$FILE_APPENDf
Cla$FILE_BYTES
Cla$FILE_CLOSE
Cla$FILE_CREATE
CLA$FILE_DESTROY
Cla$FILE_NEXT
Cla$FILE_OPEN
Cla$FILE_SEND
Cla$FILE_SETf
Cla$FILE_SHARE
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETGROUP
Cla$GETGROUPqueue
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$GETREG
Cla$HIDE
Cla$HOWMANY
Cla$HOWMANYqueue
Cla$init
Cla$ISGROUP
Cla$ISGROUPqueue
Cla$KEYCODE
Cla$Mem2Ufo
Cla$MessageBox
Cla$MOUSEX
Cla$MOUSEY
Cla$NewMemZ
Cla$OPENwindow
Cla$ploaddec
Cla$POINTERqueue
Cla$PopBind
Cla$PopCString
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$POPUP
Cla$POST
Cla$PushBind
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$PushUfo
Cla$PUTINI
Cla$PUTqueue
Cla$PUTREG
Cla$pwopen
Cla$RANDOM
Cla$RECORDSqueue
Cla$RefAssignAny
Cla$RemoveFile
Cla$SELECT
Cla$SETCLIPBOARD
Cla$SETCURSOR
Cla$SETKEYCODE
Cla$SETPOSITION
Cla$SetPropF
Cla$SetPropS
Cla$SetPropV
Cla$SORTqueuekey
Cla$Stack2DStack
Cla$Stack2Ufo
Cla$StackALL
Cla$StackCLIP
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackErrstr
Cla$StackFORMAT2
Cla$StackHeap
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLen
Cla$StackLOWER
Cla$StackNUMERIC
Cla$STACKpop
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$StartEventLoop
Cla$storecstr
Cla$storestr
Cla$String2Ref
Cla$THREAD
Cla$THREAD_FILE
Cla$TODAY
Cla$UNHIDE
Cla$WHAT
Cla$WHATqueue
Cla$WHO
Cla$WHOqueue
THR$GetInstance
_free
_longjmp
_malloc
_setjmp
__sysinit
__systerm
__systhrinit
__systhrterm

kernel32

GetTimeZoneInformation

shell32

ShellExecuteA

user32

GetDesktopWindow

Exports

Exports

XML:ADDCOMMENT@Fsb
XML:ADDELEMENT@FsbsbOUc
XML:ADDFROMGROUP@FRgsbOUcOUcOUc
XML:ADDFROMQUEUE@FBqsbOUcOUcOUcOUc
XML:ADDPARENT@FOUcOsb
XML:ADDPARENTBINARY@FUcsbOUc
XML:ADDREPLACEENTRY@Fsbsb
XML:ADDSTRINGTEXT@FsbOUc
XML:ATTRIBUTEFIELDCLEAR@FOsb
XML:ATTRIBUTEFIELDSET@FsbOUcOsb
XML:AUTOROOTCLEAR@F
XML:AUTOROOTSET@F
XML:BINARYFIELDCLEAR@FOsb
XML:BINARYFIELDSET@FsbOsb
XML:CLOSEPARENT@FOsb
XML:CLOSEXMLFILE@FOUc
XML:CLOSEXMLSTRING@FOUc
XML:CONVERTFROMXML@FRsc
XML:CONVERTTOGMT@F
XML:CONVERTTOXML@Fsb
XML:CREATEATTRIBUTE@Fsbsb
XML:CREATEECHOTOKEN@F
XML:CREATEPARENT@Fsb
XML:CREATEXMLFILE@FsbOsbOsbOUcOsbOUcOUc
XML:CREATEXMLSTRING@FOsbOsbOUc
XML:DEBUGMYQUEUE@FBqOsb
XML:DEBUGQUEUE@FOsb
XML:DEBUGTRACE@FUc
XML:FINDNEXTCONTENT@FsbUcUc
XML:FINDNEXTNODE@FsbOsbOsbOsbOsb
XML:FREE@F
XML:FREESTATE@Fs
XML:GETERROR@FOs
XML:GETLASTSTRING@F
XML:GETPOINTER@F
XML:GOTOCHILD@F
XML:GOTOPARENT@F
XML:GOTOSIBLING@F
XML:GOTOTOP@F
XML:HTMLTOPLAINTEXT@FRscOsb
XML:LOADFROMFILE@FsbOUcOUcOlOUc
XML:LOADFROMSTRING@FRscOUcOUcOUc
XML:LOADQUEUE@FBqOUcOUcOUcOlOUc
XML:NOINDENT@FUc
XML:PICKFILETODEBUG@F
XML:PRIMARYFIELDCASCADE@Fsbsb
XML:PRIMARYFIELDCLEAR@F
XML:PRIMARYKEYCASCADE@FsbOs
XML:PRIMARYKEYCLEAR@FOsb
XML:QUALIFYFIELDCLEAR@FOsb
XML:QUALIFYFIELDSET@FsbOUc
XML:READCURRENTDATA@FRsc
XML:READCURRENTRECORD@FBqRsc
XML:READNEXTRECORD@FBqRsc
XML:READPREVIOUSRECORD@FBqRsc
XML:REPLACE@Fsbsbsb
XML:RESTORESTATE@Fs
XML:SAVESTATE@F
XML:SETELEMENTPREFIX@Fsb
XML:SETFIELDPICTURE@Fsbsb
XML:SETPOINTER@Fl
XML:SETPROGRESSWINDOW@FlOsb
XML:SKIPDEBUG@FUc
XML:VIEWFILE@Fsb

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.rtf
.rtf
sender.au3
.ps1
sender.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sender.ini.defaults
tracker.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 443KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 2KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

167d1cb4210d4bc7e187dc0a6427825e

Headers

File Characteristics

Imports

c60runx

kernel32

user32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 2KB

.cwtls Size: 512B - Virtual size: 116B

.edata Size: 512B - Virtual size: 87B

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

5229e81ade1f79add3b6ce140d2fe87c

Headers

File Characteristics

Imports

advapi32

c60runx

gdi32

kernel32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 3KB

.cwtls Size: 512B - Virtual size: 20B

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 868B

.reloc Size: 2KB - Virtual size: 1KB

54aea5b9a40ec0f1b49cabc12f2b4bd9

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

mpr

ole32

oleaut32

oledlg

shell32

user32

winspool.drv

Exports

Exports

Sections

.text Size: 875KB - Virtual size: 875KB

.data Size: 83KB - Virtual size: 89KB

.cwtls Size: 512B - Virtual size: 2KB

.edata Size: 41KB - Virtual size: 40KB

.idata Size: 14KB - Virtual size: 14KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 35KB - Virtual size: 35KB

.cwdebug Size: 512B - Virtual size: 28B

491416e3a4f9f746ff3e3d26f856c2cb

Headers

File Characteristics

Imports

c60runx

comdlg32

kernel32

user32

Exports

Exports

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 2KB

.cwtls
Size: 512B - Virtual size: 116B

.edata
Size: 512B - Virtual size: 87B

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 3KB

.cwtls
Size: 512B - Virtual size: 20B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 868B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 875KB - Virtual size: 875KB

.data
Size: 83KB - Virtual size: 89KB

.cwtls
Size: 512B - Virtual size: 2KB

.edata
Size: 41KB - Virtual size: 40KB

.idata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 35KB - Virtual size: 35KB

.cwdebug
Size: 512B - Virtual size: 28B

.text
Size: 73KB - Virtual size: 72KB

.data
Size: 3KB - Virtual size: 5KB

.cwtls
Size: 512B - Virtual size: 212B

.edata
Size: 512B - Virtual size: 92B

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 472KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 8KB - Virtual size: 3.9MB

.cwtls
Size: 512B - Virtual size: 174KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 517KB - Virtual size: 517KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 91KB

.rsrc
Size: 37KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 318KB - Virtual size: 320KB

.rsrc
Size: 443KB - Virtual size: 444KB