e7c62e2a97bd5fc3399285513c412027_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e7c62e2a97bd5fc3399285513c412027_JaffaCakes118
Size

3.5MB
MD5

e7c62e2a97bd5fc3399285513c412027
SHA1

fa28c9419e73f21cb5c29e17bfd801c7a34356f6
SHA256

c571553af417bad23af5c7ef0b412f42475173c4a4512a042a448b54869d5ee7
SHA512

af10e8797b72b3f8b6bf8e12362c2fb3c3d89a00289b743159eb2a8a8abae71b4ccb94a6f1d78146fed43826a0ab060613d148d0ac3bc026c3efab643f5059e7
SSDEEP

49152:pLUUW24Lms6QQxZ/rbw4CP73B/BvlYDaTbOqegXv/aewjrfwBJKPo624iam5kOkd:pLbF4zaHa1Jv9TbFLwjjwOPo6245m5Ds

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/uTorrentPortable 3-5-3/App/uTorrent/uTorrent.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/uTorrentPortable 3-5-3/App/uTorrent/uTorrent.exe
unpack002/out.upx
unpack001/uTorrentPortable 3-5-3/uTorrentPortable.exe
unpack004/$PLUGINSDIR/FindProcDLL.dll
unpack004/$PLUGINSDIR/NewTextreplace.dll
unpack004/$PLUGINSDIR/Registry.dll
unpack004/$PLUGINSDIR/newadvsplash.dll
unpack004/$PLUGINSDIR/nsisFirewall.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/uTorrentPortable 3-5-3/uTorrentPortable.exe	nsis_installer_1
static1/unpack001/uTorrentPortable 3-5-3/uTorrentPortable.exe	nsis_installer_2

Files

e7c62e2a97bd5fc3399285513c412027_JaffaCakes118
.zip
uTorrentPortable 3-5-3/App/DefaultData/uTorrent/settings.dat
uTorrentPortable 3-5-3/App/uTorrent/uTorrent.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uTorrentPortable 3-5-3/App/uTorrent/uTorrent.lng
.zip
Arabic!ar.txt
Armenian!hy.txt
Basque!eu.txt
Belarusian (classical)!betarask.txt
Belarusian (official)!be.txt
Bosnian!bs.txt
Bulgarian!bg.txt
Catalan!ca.txt
Chinese (Simplified)!zhCN.txt
Chinese (Traditional)!zhTW.txt
Croatian!hr.txt
Czech!cs.txt
Danish!da.txt
Dutch!nl.txt
Estonian!et.txt
Finnish!fi.txt
French!fr.txt
Gaeilge (Irish)!ga.txt
Galician!gl.txt
German!de.txt
Greek!el.txt
Hebrew!he.txt
Hungarian!hu.txt
Indonesian!id.txt
Italian!it.txt
.vbs
Japanese!ja.txt
Kabyle!kab.txt
Korean!ko.txt
Kurdish (Sorani)!ckb.txt
Latvian!lv.txt
Lithuanian!lt.txt
Nepali!ne.txt
Norwegian (Bokmal)!nb.txt
Norwegian (Nynorsk)!nn.txt
Persian!fa.txt
Polish!pl.txt
Portuguese (Brazil)!ptBR.txt
Portuguese (Portugal)!pt.txt
Romanian!ro.txt
Russian!ru.txt
Serbian (Cyrillic)!srSR.txt
Serbian (Latin)!srYU.txt
Sinhala!si.txt
Slovak!sk.txt
Slovenian!sl.txt
Spanish!es.txt
Swedish!sv.txt
Taiwan!tw.txt
Tatar!tt.txt
Thai!th.txt
Turkish!tr.txt
Ukrainian!uk.txt
Uzbek!uz.txt
Vietnamese!vi.txt
Welsh!cy.txt
.vbs
english.txt
version
uTorrentPortable 3-5-3/Data/uTorrent/dht.dat
uTorrentPortable 3-5-3/Data/uTorrent/dht.dat.old
uTorrentPortable 3-5-3/Data/uTorrent/dht_feed.dat
uTorrentPortable 3-5-3/Data/uTorrent/dht_feed.dat.old
uTorrentPortable 3-5-3/Data/uTorrent/resume.dat
uTorrentPortable 3-5-3/Data/uTorrent/resume.dat.old
uTorrentPortable 3-5-3/Data/uTorrent/rss.dat
uTorrentPortable 3-5-3/Data/uTorrent/rss.dat.old
uTorrentPortable 3-5-3/Data/uTorrent/settings.dat
uTorrentPortable 3-5-3/Data/uTorrent/settings.dat.old
uTorrentPortable 3-5-3/Data/uTorrent/updates.dat
uTorrentPortable 3-5-3/Data/uTorrentPortable.ini
uTorrentPortable 3-5-3/Torrents/[R.G. Mechanics] Car Mechanic Simulator 2014.torrent
uTorrentPortable 3-5-3/uTorrentPortable.exe
.exe windows:4 windows x86 arch:x86

ab6770b0a8635b9d92a5838920cfe770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
CreateDirectoryA
lstrcmpiA
GetTempPathA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
ExitProcess
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

3ed242cfa221f82a48383ccf2212450d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameA
lstrcmpiA
QueryDosDeviceA
GetLogicalDriveStringsA
lstrlenA
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetVersionExA

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NewTextreplace.dll
.dll windows:4 windows x86 arch:x86

5cf8e041de669a184ff4f77c3682c027

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateFileA
FindAtomA
GetAtomNameA
GetFileAttributesA
GetFileSize
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetFileAttributesA
SetFilePointer
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memset

user32

CharUpperA
wsprintfA

Exports

Exports

_FillReadBuffer
_FindInFile
_FreeReadBuffer
_ReplaceInFile
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

2e363db44011ed76701ec6ce62db36f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CloseHandle
MultiByteToWideChar
lstrcpynA
lstrlenA
GetCurrentThreadId
CreateThread
Sleep
lstrcpyA
lstrcmpiA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
SendMessageA
wsprintfA
SystemParametersInfoA
BeginPaint
SetWindowPos
LoadCursorA
RegisterClassA
CreateWindowExA
IsWindow
GetMessageA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongA
EndPaint
TranslateMessage
DispatchMessageA
PostMessageA
SetWindowRgn
GetClientRect

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

1a4c99175e8891c64634680f4f238d51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
InterlockedDecrement
lstrlenA
MultiByteToWideChar
LocalFree

user32

wsprintfA

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocString

msvcrt

??2@YAPAXI@Z
_onexit
__dllonexit
_initterm
free
??1type_info@@UAE@XZ
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
malloc
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
uTorrentPortable 3-5-3/uTorrentPortable.ini

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.0MB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 123KB - Virtual size: 124KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 744KB - Virtual size: 743KB

.data Size: 140KB - Virtual size: 388KB

.tls Size: 512B - Virtual size: 12B

.gfids Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

ab6770b0a8635b9d92a5838920cfe770

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 17KB

3ed242cfa221f82a48383ccf2212450d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 28B

.reloc Size: 512B - Virtual size: 196B

5cf8e041de669a184ff4f77c3682c027

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 36B

.rdata Size: 512B - Virtual size: 356B

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 176B

.idata Size: 1024B - Virtual size: 960B

.reloc Size: 512B - Virtual size: 452B

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

UPX0
Size: - Virtual size: 3.0MB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 123KB - Virtual size: 124KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 744KB - Virtual size: 743KB

.data
Size: 140KB - Virtual size: 388KB

.tls
Size: 512B - Virtual size: 12B

.gfids
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 196B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 356B

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 176B

.idata
Size: 1024B - Virtual size: 960B

.reloc
Size: 512B - Virtual size: 452B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 322KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 269B

.reloc
Size: 1024B - Virtual size: 598B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 1024B - Virtual size: 574B