pack[.]zip | Triage

Resubmissions

08/04/2024, 20:35

240408-zdfznsee3w 9

08/04/2024, 20:24

240408-y6xmfsah65 7

Sharing

Copy URL Twitter E-mail

General

Target

pack.zip
Size

35.5MB
MD5

1fe5caeac12877d9194cf6342d0f88e5
SHA1

abdbdf9ade3a16bf81da5867c78af1a70820b0a6
SHA256

a913a828bf081f45a0046e9005014a8a7ef34b42c2e9c4713b0d827153d2263c
SHA512

7cff837bd1f5ef75fdffc6204a8e085ae1e5b812185a88f2d73d0eb426c8f36fcdcf9e0b494f4adfa25c55b7c0be927961b5793d672d12436f4c237aa7c8b798
SSDEEP

786432:vT+/FE6wh/iu0W8iKZLquzfuWVEkOLmCsTTYqd7CpbpNi7IkutMn+c:L+/m6wh/QW81Hzf0TLTs9ECXt+c

Score

7^/10

themida upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/LordPE/16Edit.DLL	acprotect
static1/unpack001/LordPE/LDS_Clients/CoolDump1.4/Genoep.dll	acprotect

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Discord.exe	themida

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/LordPE/16Edit.DLL	upx
static1/unpack001/LordPE/Misc/PESnoop.exe	upx
static1/unpack001/LordPE/Misc/SoftSnoop/SoftSnoop.exe	upx

Unsigned PE 40 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Discord.exe
unpack001/LordPE/16Edit.DLL
unpack002/out.upx
unpack001/LordPE/LDE/IntelliDump.LDE
unpack001/LordPE/LDS_Clients/CoolDump1.4/Cooldump.exe
unpack001/LordPE/LDS_Clients/CoolDump1.4/Genoep.dll
unpack001/LordPE/LordPE.EXE
unpack001/LordPE/Misc/16Edit.exe
unpack001/LordPE/Misc/LordElf.exe
unpack001/LordPE/Misc/MetaPuck.exe
unpack001/LordPE/Misc/PESnoop.exe
unpack003/out.upx
unpack001/LordPE/Misc/RunKMD.exe
unpack001/LordPE/Misc/RunVxD.exe
unpack001/LordPE/Misc/SoftSnoop/APISnoop.dll
unpack001/LordPE/Misc/SoftSnoop/ForceLibrary.dll
unpack001/LordPE/Misc/SoftSnoop/Plugins/HelloWorld.dll
unpack001/LordPE/Misc/SoftSnoop/Plugins/MsgHook.dll
unpack001/LordPE/Misc/SoftSnoop/Plugins/PluginExp3.dll
unpack001/LordPE/Misc/SoftSnoop/Plugins/TestMe.exe
unpack001/LordPE/Misc/SoftSnoop/SoftSnoop.exe
unpack004/out.upx
unpack001/LordPE/Misc/yPER.exe
unpack001/LordPE/PROCS.DLL
unpack001/LordPE/PSAPI.DLL
unpack001/LordPE/REALIGN.DLL
unpack001/LordPE/SDK/LordPE/LDS/Examples/CallModMem.EXE
unpack001/LordPE/SDK/LordPE/LDS/Examples/LDSChat.exe
unpack001/LordPE/SDK/LordPE/LDS/Examples/LDS_DmpTst.exe
unpack001/LordPE/SDK/LordPE/LDS/Examples/LDS_LoadDump.exe
unpack001/LordPE/SDK/LordPE/LDS/Examples/LDS_TaskViewer.exe
unpack001/LordPE/SDK/LordPE/LDS/Examples/LDS_VerPid.exe
unpack001/LordPE/SDK/procsDLL/examples/UseProcs1.exe
unpack001/LordPE/SDK/procsDLL/examples/useprocs2.exe
unpack001/LordPE/TrapDll.exe
unpack001/olly/BOOKMARK.DLL
unpack001/olly/Cmdline.dll
unpack001/olly/ODbgScript.dll
unpack001/olly/ODbgScript_Win2k.dll
unpack001/olly/OLLYDBG.EXE

Files

pack.zip
.zip
Discord.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 289KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 137KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 71.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 33.3MB - Virtual size: 33.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
LordPE/16Edit.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HEEnterWindowLoop
HEEnterWindowLoopInNewThread
HESpecifySettings

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/LDE/IntelliDump.LDE
.dll windows:4 windows x86 arch:x86

cd4f4f57932a96a8ea7047435b5053ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQueryEx
CloseHandle
ReadProcessMemory
lstrcpyA
OpenProcess
DisableThreadLibraryCalls

user32

MessageBoxA
GetActiveWindow
wsprintfA

msvcrt

_adjust_fdiv
free
_initterm
malloc

Exports

Exports

DumpProcessRange
GetLDEName
ShowLDEInfo

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/LDE/LDELoad.log
LordPE/LDS_Clients/CoolDump1.4/Cooldump.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 871B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/LDS_Clients/CoolDump1.4/File_id.diz
LordPE/LDS_Clients/CoolDump1.4/Genoep.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FindOEP

Sections

CODE
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/LDS_Clients/CoolDump1.4/Ug2002.nfo
LordPE/LordPE.EXE
.exe windows:4 windows x86 arch:x86

af5a2557d1d5daaaf732f8a12ba06a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

gmtime
toupper
div
asctime
mktime
_timezone
_except_handler3
strncmp
sprintf
strchr
free
realloc
malloc
strstr

kernel32

lstrcpynA
lstrcatA
lstrlenA
CreateProcessA
WideCharToMultiByte
lstrlenW
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
TerminateProcess
VirtualProtectEx
WriteFile
FindClose
FindNextFileA
LoadLibraryA
SetFilePointer
SetThreadPriority
VirtualFree
IsBadReadPtr
lstrcmpiA
ExitProcess
SetFileAttributesA
OutputDebugStringA
lstrcpyA
GetFileAttributesA
ResumeThread
GetCurrentThread
DeleteFileA
GetTempPathA
SetPriorityClass
VirtualQueryEx
lstrcmpA
GetPrivateProfileStructA
WritePrivateProfileStructA
GetCurrentDirectoryA
UnmapViewOfFile
MulDiv
GetStartupInfoA
CreatePipe
WaitForSingleObject
CopyFileA
MapViewOfFile
CreateFileMappingA
SetEndOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualUnlock
VirtualLock
GetModuleFileNameA
SetCurrentDirectoryA
GetFileSize
CloseHandle
OpenProcess
ReadProcessMemory
GetModuleHandleA
CreateFileA
GetProcAddress
WriteProcessMemory
GetCurrentProcessId
Sleep
ReadFile
GetPriorityClass
FindFirstFileA
VirtualAlloc
GetCommandLineA

user32

ShowWindow
SetMenuItemInfoA
AppendMenuA
CreatePopupMenu
SetWindowTextA
DestroyIcon
LoadIconA
InvalidateRect
CharLowerA
LoadBitmapA
SetDlgItemTextA
GetDlgItemTextA
GetSysColorBrush
DestroyCursor
SetClassLongA
LoadCursorA
GetParent
EnableWindow
GetWindowTextA
EnableMenuItem
IsIconic
MoveWindow
GetWindowDC
TrackPopupMenu
CheckMenuRadioItem
SetTimer
GetActiveWindow
GetClassInfoA
DialogBoxParamA
FindWindowA
SetForegroundWindow
CheckDlgButton
GetDlgItem
EndDialog
IsDlgButtonChecked
SendDlgItemMessageA
wvsprintfA
GetAsyncKeyState
SetClipboardData
GetWindowRect
SetWindowPos
SetWindowLongA
KillTimer
IsZoomed
DestroyMenu
IsWindowEnabled
CheckRadioButton
SetFocus
GetCursorPos
ScreenToClient
SendMessageA
GetClipboardData
CloseClipboard
CallWindowProcA
MessageBeep
wsprintfA
MessageBoxA
CharUpperA
OpenClipboard
EnumClipboardFormats
EmptyClipboard

gdi32

GetDeviceCaps
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegOpenKeyExA
AdjustTokenPrivileges
RegCloseKey

shell32

ShellExecuteA
SHGetFileInfoA
DragFinish
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Remove
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon

procs

GetProcessPathID
GetModuleHandleList
GetProcessIDList
GetProcessBaseSize
GetNumberOfModules
GetNumberOfProcesses
GetModuleSize
GetModulePath
GetProcessPath

realign

RealignPE
ReBasePEImage
WipeReloc

16edit

HEEnterWindowLoop
HESpecifySettings

imagehlp

BindImageEx
ImageRvaToVa
ImageRvaToSection
CheckSumMappedFile
ImageNtHeader

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/LordPE.iNi
LordPE/Misc/16Edit.exe
.exe windows:4 windows x86 arch:x86

3915ab2aa57cdef4a874beac32a99f23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

MessageBoxA

comdlg32

GetOpenFileNameA

16edit

HESpecifySettings
HEEnterWindowLoop

msvcrt

__getmainargs
__CxxFrameHandler

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/Misc/16Edit.tXt
.vbs
LordPE/Misc/LordElf.exe
.exe windows:4 windows x86 arch:x86

dbdc13e9fe4048ca29db8f14af5cf58b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
CloseHandle
CreateFileMappingA
CreateFileA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SetConsoleTitleA

msvcrt

printf
_exit
_XcptFilter
_except_handler3
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_getch

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/LordElf.tXt
LordPE/Misc/MetaPuck.exe
.exe windows:4 windows x86 arch:x86

65076f412a3c0a389d46177e0a3683a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VC7\projects\MetaPuck\Release\MetaPuck.pdb

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ord6
InitCommonControlsEx

kernel32

ReadFile
CloseHandle
CreateFileA
lstrcpyA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetSystemInfo
VirtualProtect
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
SetHandleCount
WriteFile
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetFileSize
lstrcatA
VirtualQuery
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
lstrlenA
GetModuleHandleA
GetEnvironmentStringsW

user32

LoadBitmapA
SendDlgItemMessageA
LoadIconA
EndDialog
SetTimer
SendMessageA
SetMenuItemInfoA
CheckDlgButton
SetDlgItemTextA
GetDlgItem
SetWindowLongA
IsDlgButtonChecked
GetDlgItemTextA
CharUpperA
GetClassInfoA
CallWindowProcA
GetDlgCtrlID
GetParent
MessageBoxA
LoadCursorA
DialogBoxParamA
RegisterClassA
GetSystemMetrics
CreateWindowExA
LoadMenuA
SetMenu
ShowWindow
UpdateWindow
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
PostQuitMessage
DefWindowProcA
DestroyMenu
MoveWindow
GetWindowRect
GetClientRect
wsprintfA
wvsprintfA
KillTimer

gdi32

DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

DragFinish
DragAcceptFiles
DragQueryFileA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantChangeType

msvcrt

__getmainargs

imagehlp

ImageNtHeader
ImageRvaToVa

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/MetaPuck.tXt
LordPE/Misc/PESnoop.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/PESnoop.tXt
LordPE/Misc/RunKMD.exe
.exe windows:4 windows x86 arch:x86

7b700cb395c90c9431168f9449d5c73b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
_lwrite
lstrcmpiA
lstrcpyA
ExitProcess
DeviceIoControl
CloseHandle
GetVersion
GetCommandLineA
lstrcpynA
CreateFileA

user32

wsprintfA

advapi32

StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ControlService

msvcrt

_strnicmp
toupper

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/Misc/RunKMD.tXt
LordPE/Misc/RunVxD.exe
.exe windows:4 windows x86 arch:x86

6d8a5c23ea76c87325f0ffaa3e930d27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
lstrlenA
ExitProcess
DeviceIoControl
CloseHandle
CreateFileA
lstrcpyA
lstrcpynA
_lwrite

msvcrt

getchar
strncat
_stricmp
_strnicmp
toupper

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/Misc/RunVxD.tXt
LordPE/Misc/SoftSnoop/APISnoop.dll
.dll windows:4 windows x86 arch:x86

189541063a68896fdad9c98b6d5f6307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
GlobalFree
GetProcAddress
TlsAlloc
TlsSetValue
GlobalAlloc
TlsGetValue
lstrcmpiA
VirtualProtect
GetModuleHandleA

user32

SendMessageA
MessageBoxA
FindWindowA

msvcrt

_except_handler3
free
_initterm
_strnicmp
strstr
_adjust_fdiv
malloc

Exports

Exports

RetTrapProc
TrappedApiCall

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/ApiDef/Kernel32.ss
LordPE/Misc/SoftSnoop/ApiDef/SS.TXT
LordPE/Misc/SoftSnoop/ApiDef/User32.ss
LordPE/Misc/SoftSnoop/ForceLibrary.dll
.dll windows:4 windows x86 arch:x86

381e752d4cf0389f7eb35922ca5268a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
GetModuleHandleA
GetVersion
GlobalFree
ReadProcessMemory
GlobalAlloc
OpenProcess
CloseHandle
SetThreadContext
SuspendThread
Sleep
ResumeThread
WriteProcessMemory
VirtualProtectEx
GetProcAddress
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
LoadLibraryA

msvcrt

_initterm
malloc
_adjust_fdiv
_stricmp
free

Exports

Exports

ForceLibrary
ForceLibraryDBG
PerformCleanup
TrapEntry

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/Plugins/HelloWorld.dll
.dll windows:4 windows x86 arch:x86

404e4d51a749c64c9e3db149fe6af736

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

_initterm
free
malloc
_adjust_fdiv

Exports

Exports

StartSSPlugin

Sections

.text
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/Plugins/MsgHook.dll
.dll windows:4 windows x86 arch:x86

ddaedee7bea36e496fe1dc768c43d7e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CheckDlgButton
DialogBoxParamA
EndDialog
IsDlgButtonChecked

kernel32

GetModuleHandleA
GetProcAddress
WriteProcessMemory
lstrcmpiA

Sections

.text
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/Plugins/PluginExp3.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

StartSSPlugin

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 137B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/Plugins/TestMe.exe
.exe windows:4 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/SoftSnoop.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetSSApi

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/Misc/SoftSnoop/SoftSnoop.tXt
LordPE/Misc/yPER.exe
.exe windows:4 windows x86 arch:x86

b74a6218943cbdab2ffd30749e228d8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
lstrcmpiA
MapViewOfFile
CloseHandle
Sleep
CreateFileMappingA
GetFileSize
CreateFileA
lstrcpyA
SetFilePointer
SetEndOfFile

realign

ValidatePE
WipeReloc
RealignPE

imagehlp

ImageNtHeader

msvcrt

printf
__setusermatherr
_initterm
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_controlfp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/Misc/yPER.tXt
LordPE/PROCS.DLL
.dll windows:4 windows x86 arch:x86

671e5d05e30b558e7b4fab82758cac2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
CloseHandle
OpenProcess
GetVersion
lstrcpyA
GetProcAddress
LoadLibraryA

msvcrt

_except_handler3
strstr
_strupr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetModuleHandleEx
GetModuleHandleList
GetModulePath
GetModuleSize
GetNumberOfModules
GetNumberOfProcesses
GetProcessBaseSize
GetProcessIDList
GetProcessPath
GetProcessPathID

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/PROTOOLS.COM
LordPE/PSAPI.DLL
.dll windows:5 windows x86 arch:x86

264476cbdcf6020ccd69c92bbd24050f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

_stricmp
RtlUnwind
sprintf
atoi
NtStopProfile
RtlUnicodeToOemN
_chkstk
DbgPrint
NtCreateProfile
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
RtlAdjustPrivilege
NtSetIntervalProfile
NtStartProfile
NtQueryInformationProcess
NtWriteFile
NtSetInformationProcess
RtlNtStatusToDosError
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

LocalAlloc
MultiByteToWideChar
GetLastError
RaiseException
LoadLibraryA
FreeLibrary
GetProcAddress
InterlockedExchange
OpenFileMappingA
MapViewOfFile
DisableThreadLibraryCalls
CreateFileA
UnmapViewOfFile
GetProcessHeap
HeapAlloc
CloseHandle
lstrcpyA
GetProcessWorkingSetSize
lstrlenA
SetLastError
LocalFree
GetSystemInfo
ReadProcessMemory
WideCharToMultiByte
SetProcessWorkingSetSize

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/REALIGN.DLL
.dll windows:4 windows x86 arch:x86

843d4acd52668b581fd295da850eeceb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageRvaToVa
ImageNtHeader

kernel32

CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
SetFilePointer
CreateFileA
GlobalFree
GlobalAlloc
LockResource
LoadResource
FindResourceA

msvcrt

malloc
_except_handler3
free
_initterm
div
_adjust_fdiv

Exports

Exports

ReBasePEImage
RealignPE
TruncateFile
ValidatePE
WipeReloc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/RunLDS.BAT
LordPE/SDK/16Edit/16Edit.cs
LordPE/SDK/16Edit/16Edit.def
LordPE/SDK/16Edit/16EditDll.INC
LordPE/SDK/16Edit/16EditDll.bas
LordPE/SDK/16Edit/16EditDll.h
LordPE/SDK/16Edit/APIs.tXt
LordPE/SDK/16Edit/B_16Edit.lib
LordPE/SDK/16Edit/HEditDll.pas
.js
LordPE/SDK/16Edit/MS_16Edit.lib
LordPE/SDK/16Edit/TOC.tXt
LordPE/SDK/LordPE/LDE/IntelliDump/IntelliDump.DEF
LordPE/SDK/LordPE/LDE/IntelliDump/IntelliDump.c
LordPE/SDK/LordPE/LDE/IntelliDump/IntelliDump.dsp
LordPE/SDK/LordPE/LDE/IntelliDump/IntelliDump.mak
LordPE/SDK/LordPE/LDE/LDE.tXt
LordPE/SDK/LordPE/LDS/Examples/ASM/LDS_LoadDump.bat
LordPE/SDK/LordPE/LDS/Examples/C/Plugin.c
LordPE/SDK/LordPE/LDS/Examples/C/Plugin.dsp
LordPE/SDK/LordPE/LDS/Examples/C/Plugin.mak
LordPE/SDK/LordPE/LDS/Examples/C/resource.h
LordPE/SDK/LordPE/LDS/Examples/C/rsrc.rc
LordPE/SDK/LordPE/LDS/Examples/CS/App.ico
LordPE/SDK/LordPE/LDS/Examples/CS/AssemblyInfo.cs
LordPE/SDK/LordPE/LDS/Examples/CS/Form1.cs
LordPE/SDK/LordPE/LDS/Examples/CS/Form1.resx
.xml .vbs polyglot
LordPE/SDK/LordPE/LDS/Examples/CS/LDSChat.csproj
LordPE/SDK/LordPE/LDS/Examples/CS/LDSChat.csproj.user
LordPE/SDK/LordPE/LDS/Examples/CS/LDSChat.sln
LordPE/SDK/LordPE/LDS/Examples/CallModMem.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1004B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8B - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/SDK/LordPE/LDS/Examples/Delphi/FindLDSAndLaunch4Delphi.dpr
LordPE/SDK/LordPE/LDS/Examples/Delphi/LDS_DmpTst.dpr
LordPE/SDK/LordPE/LDS/Examples/Delphi/LDS_VerPid.dpr
LordPE/SDK/LordPE/LDS/Examples/LDSChat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LordPE/SDK/LordPE/LDS/Examples/LDS_DmpTst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/SDK/LordPE/LDS/Examples/LDS_LoadDump.exe
.exe windows:4 windows x86 arch:x86

37233ab54761e227db351e9a7c77f7d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetCurrentProcessId
Sleep
SuspendThread
TerminateProcess
lstrcpynA

user32

FindWindowA
MessageBoxA
SendMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/SDK/LordPE/LDS/Examples/LDS_TaskViewer.exe
.exe windows:4 windows x86 arch:x86

6b1649ca6b76d36e4f75bd013074d178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetCurrentProcessId
GetModuleHandleA
ExitProcess

user32

SendMessageA
EndDialog
wsprintfA
GetDlgItem
DialogBoxParamA
FindWindowA
MessageBoxA

comctl32

InitCommonControlsEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/SDK/LordPE/LDS/Examples/LDS_VerPid.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LordPE/SDK/LordPE/LDS/INC/LDS.INC
LordPE/SDK/LordPE/LDS/INC/LDS.bas
LordPE/SDK/LordPE/LDS/INC/LDS.cs
LordPE/SDK/LordPE/LDS/INC/LDS.h
LordPE/SDK/LordPE/LDS/INC/LDS.ni
LordPE/SDK/LordPE/LDS/INC/LDS.pas
LordPE/SDK/LordPE/LDS/LDS.tXt
LordPE/SDK/SoftSnoop/PluginExp1/PluginExp1.c
LordPE/SDK/SoftSnoop/PluginExp1/PluginExp1.def
LordPE/SDK/SoftSnoop/PluginExp1/PluginExp1.dsp
LordPE/SDK/SoftSnoop/PluginExp2/BUILD.BAT
LordPE/SDK/SoftSnoop/PluginExp2/BUILD.PIF
LordPE/SDK/SoftSnoop/PluginExp2/MsgHook.ASM
LordPE/SDK/SoftSnoop/PluginExp2/RESOURCE.INC
LordPE/SDK/SoftSnoop/PluginExp2/Rsrc.res
LordPE/SDK/SoftSnoop/PluginExp3/PluginExp3.dpr
LordPE/SDK/SoftSnoop/PluginExp3/RSRC.RES
LordPE/SDK/SoftSnoop/Plugins.tXt
LordPE/SDK/SoftSnoop/SSPlugin.INC
LordPE/SDK/SoftSnoop/SSPlugin.pas
.js
LordPE/SDK/SoftSnoop/SSplugin.h
LordPE/SDK/procsDLL/examples/EXP1Out.BAT
LordPE/SDK/procsDLL/examples/UseProcs1.exe
.exe windows:4 windows x86 arch:x86

65d36d8a9354e322365bcbf93be3d18c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetStdHandle
ReadConsoleA
_lwrite
lstrlenA

user32

wsprintfA

procs

GetNumberOfProcesses
GetProcessIDList
GetProcessPath
GetProcessBaseSize
GetNumberOfModules
GetModuleHandleList
GetModulePath
GetModuleSize

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/SDK/procsDLL/examples/useprocs1/CONSOLE.INC
LordPE/SDK/procsDLL/examples/useprocs1/MAKE.BAT
LordPE/SDK/procsDLL/examples/useprocs1/MAKE.PIF
LordPE/SDK/procsDLL/examples/useprocs1/UseProcs1.ASM
LordPE/SDK/procsDLL/examples/useprocs2.exe
.exe windows:4 windows x86 arch:x86

e2f259fab986c39d43d603ee27c60f81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA

user32

wsprintfA
MessageBoxA

procs

GetModuleHandleEx
GetProcessPathID

msvcrt

_initterm
_adjust_fdiv
__p__commode
__setusermatherr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__p__fmode
_controlfp
__set_app_type
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/SDK/procsDLL/examples/useprocs2/USEPROCS.C
LordPE/SDK/procsDLL/examples/useprocs2/UseProcs2.dsw
LordPE/SDK/procsDLL/examples/useprocs2/useprocs2.dsp
LordPE/SDK/procsDLL/procs.INC
LordPE/SDK/procsDLL/procs.chm
.chm
LordPE/SDK/procsDLL/procs.h
LordPE/SDK/procsDLL/procs.lib
LordPE/SDK/realignDLL/Realign.h
LordPE/SDK/realignDLL/realign.lib
LordPE/Thief/PE Explorer.tXt
LordPE/Thief/TDS_Adjuster.jpg
.jpg
LordPE/TrapDll.exe
.exe windows:4 windows x86 arch:x86

2c66707ee126f64a912ba629873148d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
WriteFile
SetFilePointer
FreeLibrary
CreateFileA
CloseHandle
CreateFileMappingA
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
GetCommandLineA
SetThreadPriority
LoadLibraryA
OutputDebugStringA

user32

MessageBoxA
wsprintfA

imagehlp

ImageRvaToVa
ImageNtHeader

msvcrt

strstr

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LordPE/URLs/.NET Framework.URL
LordPE/URLs/16Edit FX-package.url
LordPE/URLs/yoda's home.url
LordPE/docs/EndOfCommerce.tXt
LordPE/docs/History.tXt
LordPE/docs/LDE.tXt
LordPE/docs/LDS.tXt
LordPE/docs/License.tXt
LordPE/docs/LordPE.tXt
LordPE/docs/ToDo.tXt
olly/BOOKMARK.DLL
.dll windows:4 windows x86 arch:x86

da6b10b05e8674fb7aecee87da89a0b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addsorteddata
_Addtolist
_Createsorteddata
_Deletesorteddata
_Deletesorteddatarange
_Destroysorteddata
_Disasm
_Finddecode
_Findmemory
_Findname
_Findsorteddata
_Flash
_Getsortedbyselection
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Quicktablewindow
_Readmemory
_Registerpluginclass
_Setcpu
_Tablefunction
_Unregisterpluginclass

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

AppendMenuA
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
EnumThreadWindows
GetKeyState
InvalidateRect
MessageBoxA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
olly/Cmdline.dll
.dll windows:4 windows x86 arch:x86

579abc59a4397386f6b066abf5b0a808

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Animate
_Assemble
_Broadcast
_Createwatchwindow
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletenamerange
_Dumpbackup
_Expression
_Findalldllcalls
_Findlabel
_Findmemory
_Findthread
_Getcputhreadid
_Getstatus
_Go
_Hardbreakpoints
_Insertname
_Insertwatch
_OpenEXEfile
_Plugingetvalue
_Pluginreadintfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Registerpluginclass
_Runtracesize
_Sendshortcut
_Setbreakpoint
_Setcpu
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Startruntrace
_Unregisterpluginclass
_Writememory

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

gdi32

CreateSolidBrush
DeleteObject

user32

BeginPaint
CallWindowProcA
ChildWindowFromPoint
CreateWindowExA
DefWindowProcA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetSysColor
GetSystemMetrics
GetWindowRect
GetWindowTextA
MessageBoxA
SendMessageA
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowTextA
WinHelpA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
olly/HDSentinel.udd
olly/ODbgScript.dll
.dll windows:5 windows x86 arch:x86

9dc65eadff077816f7e7fca07fceda80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord27
ord160
ord170
ord45
ord144
ord75
ord61
ord42
ord44
ord142
ord128
ord129
ord19
ord23
ord175
ord149
ord24
ord165
ord77
ord127
ord169
ord25
ord117
ord5
ord32
ord174
ord48
ord13
ord31
ord4
ord161
ord124
ord39
ord102
ord141
ord109
ord106
ord10
ord3
ord157
ord33
ord186
ord60
ord11
ord131
ord78
ord74
ord1
ord79
ord89
ord107
ord87
ord113
ord114
ord46
ord28
ord73
ord71
ord92
ord2
ord12
ord100
ord65
ord105
ord104
ord93
ord108
ord88
ord101
ord53
ord172
ord90

kernel32

HeapAlloc
QueryPerformanceCounter
GetCurrentProcess
SetFilePointer
GetFileSize
CreateFileA
GetTickCount
FormatMessageA
WriteFile
HeapCreate
ReadFile
GetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
QueryPerformanceFrequency
CloseHandle
LocalFree
GetFullPathNameA
IsBadCodePtr
GetThreadContext
lstrlenA
lstrcpynA
LocalAlloc
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetSystemTimeAsFileTime
WriteProcessMemory
GetCurrentProcessId
GetCurrentThreadId
VirtualAllocEx
VirtualFreeEx
GetCurrentThread
FreeLibrary
HeapFree

user32

GetClassNameA
SetDlgItemTextA
DestroyWindow
GetWindowRect
CreateMenu
PostMessageA
DialogBoxParamA
GetKeyState
SetForegroundWindow
LoadIconA
SetFocus
SendMessageA
InvalidateRect
GetDlgItem
EndDialog
SetWindowPos
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
GetParent
FindWindowExA
ChildWindowFromPoint
MessageBoxA
GetDesktopWindow
AppendMenuA
IsWindowVisible
EnumThreadWindows
GetDlgItemTextA

shlwapi

StrCmpNIA
PathFileExistsA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

mfc42

ord1168
ord826
ord269
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord825
ord823

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0out_of_range@std@@QAE@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0logic_error@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1out_of_range@std@@UAE@XZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

msvcrt

strtoul
strncat
strncmp
ceil
strstr
_stricmp
_itoa
wcsncpy
strtok
fopen
_ultoa
toupper
realloc
_splitpath
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_CxxThrowException
_callnewh
memset
memcpy
__lconv_init
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
??0exception@@QAE@ABV0@@Z
strncpy
tolower
strchr
malloc
free
sscanf
sprintf
_strupr
__CxxFrameHandler
strrchr

Exports

Exports

DebugScript
ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
olly/ODbgScript.txt
.js
olly/ODbgScript_Win2k.dll
.dll windows:4 windows x86 arch:x86

04b7acc0b2dd9525f19ad40dd0881d64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord825

msvcp60

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Bios_base@std@@QBEPAXXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?fail@ios_base@std@@QBE_NXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?eof@ios_base@std@@QBE_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
__lconv_init
wcsncpy
strtok
fopen
_ultoa
_strupr
_splitpath
realloc
toupper
_itoa
_stricmp
_ftol
ceil
strstr
strncat
__CxxFrameHandler
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
strncpy
malloc
sscanf
strtoul
sprintf
tolower
strrchr
strchr
strncmp

ollydbg.exe

ord23
ord27
ord106
ord77
ord25
ord24
ord169
ord109
ord42
ord175
ord160
ord61
ord131
ord157
ord33
ord32
ord13
ord31
ord39
ord19
ord127
ord128
ord11
ord78
ord165
ord161
ord48
ord102
ord129
ord174
ord124
ord170
ord117
ord45
ord3
ord186
ord4
ord5
ord75
ord149
ord44
ord10
ord142
ord144
ord141
ord28
ord1
ord100
ord87
ord71
ord113
ord107
ord74
ord79
ord65
ord114
ord92
ord105
ord73
ord2
ord12
ord104
ord89
ord60
ord53
ord108
ord172
ord101
ord88
ord90
ord93
ord46

kernel32

GetModuleFileNameA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
HeapFree
HeapAlloc
HeapCreate
ReadFile
GetFileSize
LocalFree
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
lstrcpynA
lstrlenA
FreeLibrary
GetThreadContext
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetFullPathNameA
IsBadCodePtr
LoadLibraryExA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetLastError
FormatMessageA
GetModuleHandleA

user32

GetDesktopWindow
GetParent
EnumThreadWindows
FindWindowExA
SetFocus
SetForegroundWindow
EndDialog
GetDlgItem
SetWindowPos
SetDlgItemTextA
GetDlgItemTextA
ChildWindowFromPoint
DestroyMenu
CreatePopupMenu
InvalidateRect
DefMDIChildProcA
SendMessageA
LoadIconA
CreateMenu
GetWindowRect
DialogBoxParamA
DestroyWindow
PostMessageA
GetClassNameA
MessageBoxA
IsWindowVisible
GetKeyState
AppendMenuA

shlwapi

PathFileExistsA
StrCmpNIA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

Exports

Exports

DebugScript
ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
olly/OLLYDBG.EXE
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
olly/OLLYDBG.HLP
olly/license.txt
olly/logapicall.osc
olly/ollydbg.ini
olly/readme.txt
olly/register.txt
olly/sample.osc
olly/ultraedit/odbgscript.uew

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 289KB - Virtual size: 741KB

Size: 137KB - Virtual size: 208KB

Size: 1024B - Virtual size: 10KB

Size: 15KB - Virtual size: 28KB

Size: 512B - Virtual size: 252B

Size: 8KB - Virtual size: 279KB

Size: 1KB - Virtual size: 2KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 280KB - Virtual size: 280KB

.themida Size: - Virtual size: 71.5MB

.boot Size: 33.3MB - Virtual size: 33.3MB

.reloc Size: 16B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

cd4f4f57932a96a8ea7047435b5053ea

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 130B

Headers

File Characteristics

Sections

CODE Size: - Virtual size: 52KB

DATA Size: 24KB - Virtual size: 24KB

.rsrc Size: 871B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: - Virtual size: 12KB

DATA Size: 2KB - Virtual size: 4KB

.rsrc Size: 278B - Virtual size: 4KB

af5a2557d1d5daaaf732f8a12ba06a54

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

procs

realign

16edit

imagehlp

Sections

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 280KB - Virtual size: 280KB

.themida
Size: - Virtual size: 71.5MB

.boot
Size: 33.3MB - Virtual size: 33.3MB

.reloc
Size: 16B - Virtual size: 4KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 130B

CODE
Size: - Virtual size: 52KB

DATA
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 871B - Virtual size: 4KB

CODE
Size: - Virtual size: 12KB

DATA
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 278B - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 92KB - Virtual size: 91KB

.text
Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 3KB - Virtual size: 2KB