0301d6e5c911ab02f5129107411f5cc5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0301d6e5c911ab02f5129107411f5cc5_JaffaCakes118
Size

21.0MB
MD5

0301d6e5c911ab02f5129107411f5cc5
SHA1

0760c293d64b858f278f7f690de394da496e5371
SHA256

e17bfcf4ec15343407996d4fd2596cea23f964d63eabfed21daa0036065c6ac0
SHA512

18ceadcad8bf72bdea74dea5488b22b27b769d66c3150c8cafe46efb51771a2afaa0f482a4159147dcdfe5a9e025dd2aec0188afbd7a5a49edae223dc316b4e9
SSDEEP

393216:OWOlN2a+7GUYk2a+7aWXQUlPsbF00ihTNmpr9AKhouNwyeld:gN+pfRUH0iuprKKCiwNd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/DEAD SPACE 2/extra/Black Glass Enhanced v0.5/BlackGlassEnhanced.exe	upx
static1/unpack001/DEAD SPACE 2/extra/Startmenu Animation 2/Startmenu Animation.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DEAD SPACE 2/DEAD SPACE 2/DEAD SPACE 2.msstyles
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/en-US/shellstyle.dll.mui
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup1.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup2.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup3.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup4.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle.dll
unpack001/DEAD SPACE 2/DEAD SPACE 2/en-US/Black Touch.msstyles.mui
unpack001/DEAD SPACE 2/extra/Black Glass Enhanced v0.5/BlackGlassEnhanced.exe
unpack002/out.upx
unpack001/DEAD SPACE 2/extra/Startmenu Animation 2/Startmenu Animation.exe
unpack001/DEAD SPACE 2/extra/TB Shadow/Bottom TB Shadow.exe
unpack001/DEAD SPACE 2/extra/TB Shadow/Top TB Shadow.exe
unpack004/TaskbarMeters/Microsoft.WindowsAPICodePack.Shell.dll
unpack004/TaskbarMeters/Microsoft.WindowsAPICodePack.dll
unpack004/TaskbarMeters/TaskbarCore.dll
unpack004/TaskbarMeters/TaskbarCpuMeter.exe
unpack004/TaskbarMeters/TaskbarDiskIOMeter.exe
unpack004/TaskbarMeters/TaskbarMemoryMeter.exe
unpack005/VistaGlazzSetup.exe
unpack001/DEAD SPACE 2/extra/VistaGlazzSetup.exe
unpack006/Drive Icon Changer.exe
unpack001/DEAD SPACE 2/extra/startorb/Windows7 Start Button Change/Windows 7 Start Button Changer.exe
unpack001/DEAD SPACE 2/extra/startorb/Windows7 Start Button Change/r.exe

Files

0301d6e5c911ab02f5129107411f5cc5_JaffaCakes118
.rar
DEAD SPACE 2/DEAD SPACE 2.theme
DEAD SPACE 2/DEAD SPACE 2/Cursors/AppStarting.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/Arrow.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/Hand.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/Handwriting.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/Help.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/IBeam.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/NO.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/SizeAll.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/SizeNESW.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/SizeNS.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/SizeNWSE.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/SizeWE.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/UpArrow.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/Wait.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/arrow_down.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/button.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/cross.ani
DEAD SPACE 2/DEAD SPACE 2/Cursors/install.inf
DEAD SPACE 2/DEAD SPACE 2/DEAD SPACE 2.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Media/windows balloon.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows battery critical.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows battery low.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows critical stop.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows ding.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows error.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows exclamation.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows fax error ding.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows fax sent tada.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows feed discovered.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows hardware fail.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows hardware insert.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows hardware remove.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows information bar.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows logoff sound.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows logon sound.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows navigation start.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows notify.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows pop-up blocked.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows print complete.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows recycle.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows ringin.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows shutdown.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows startup.wav
DEAD SPACE 2/DEAD SPACE 2/Media/windows user account control.wav
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/en-US/shellstyle.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 358KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup2.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup3.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle Backup4.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Shell/NormalColor/shellstyle.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/1.jpeg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/10.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/2.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/3.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/4.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/5.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/6.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/7.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/8.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/Wallpapers/9.jpg
.jpg
DEAD SPACE 2/DEAD SPACE 2/en-US/Black Touch.msstyles.mui
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/DEAD SPACE 2/en-US/bbosa.png
.png
DEAD SPACE 2/Themes - Shortcut.lnk
.lnk
DEAD SPACE 2/extra/Black Glass Enhanced v0.5/BlackGlassEnhanced.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/Black Glass Enhanced v0.5/DoReadMe.TXT
DEAD SPACE 2/extra/Black Glass Enhanced v0.5/bge.ini
DEAD SPACE 2/extra/Shell32 Replacement Images/632.bmp
DEAD SPACE 2/extra/Shell32 Replacement Images/633.bmp
DEAD SPACE 2/extra/Shell32 Replacement Images/634.bmp
DEAD SPACE 2/extra/Shell32 Replacement Images/635.bmp
DEAD SPACE 2/extra/Shell32 Replacement Images/Read Me!.txt
DEAD SPACE 2/extra/Startmenu Animation 2/1.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/10.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/11.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/12.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/13.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/14.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/15.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/16.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/17.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/18.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/19.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/2.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/20.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/3.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/4.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/5.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/6.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/7.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/8.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/9.png
.png
DEAD SPACE 2/extra/Startmenu Animation 2/README.txt
DEAD SPACE 2/extra/Startmenu Animation 2/Startmenu Animation.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DEAD SPACE 2/extra/Startmenu Animation 2/preview.jpg
.jpg
DEAD SPACE 2/extra/TB Shadow/Bottom TB Shadow.exe
.exe windows:4 windows x86 arch:x86

b5c5ba41bef834878b11ac9750c24ae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\desktopx3\DXAppSimple.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathGetArgsW
PathStripPathW

kernel32

SetEndOfFile
CreateFileA
MultiByteToWideChar
lstrlenA
CreateDirectoryW
lstrcpyW
lstrlenW
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateFileW
lstrcpynW
DeleteFileW
WriteFile
LockResource
LoadResource
SizeofResource
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
FindClose
lstrcmpW
FindNextFileW
FindFirstFileW
SetLastError
Sleep
GetSystemDirectoryW
MoveFileW
lstrcatW
GetModuleFileNameW
GetCommandLineW
HeapSize
GetLocaleInfoA
FindResourceW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ReadFile
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
SetStdHandle
FlushFileBuffers
WriteConsoleA

user32

DispatchMessageW
KillTimer
PostQuitMessage
wsprintfW
SetTimer
GetMessageW
TranslateMessage

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/TB Shadow/Top TB Shadow.exe
.exe windows:4 windows x86 arch:x86

b5c5ba41bef834878b11ac9750c24ae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\desktopx3\DXAppSimple.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathGetArgsW
PathStripPathW

kernel32

SetEndOfFile
CreateFileA
MultiByteToWideChar
lstrlenA
CreateDirectoryW
lstrcpyW
lstrlenW
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateFileW
lstrcpynW
DeleteFileW
WriteFile
LockResource
LoadResource
SizeofResource
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
FindClose
lstrcmpW
FindNextFileW
FindFirstFileW
SetLastError
Sleep
GetSystemDirectoryW
MoveFileW
lstrcatW
GetModuleFileNameW
GetCommandLineW
HeapSize
GetLocaleInfoA
FindResourceW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ReadFile
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryA
SetStdHandle
FlushFileBuffers
WriteConsoleA

user32

DispatchMessageW
KillTimer
PostQuitMessage
wsprintfW
SetTimer
GetMessageW
TranslateMessage

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/TaskbarMeters.rar
.rar
TaskbarMeters/Microsoft.WindowsAPICodePack.Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jkey\Downloads\WindowsAPICodePack (1)\WindowsAPICodePack\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskbarMeters/Microsoft.WindowsAPICodePack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jkey\Downloads\WindowsAPICodePack (1)\WindowsAPICodePack\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskbarMeters/TaskbarCore.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jkey\Documents\Visual Studio 2008\Projects\TaskbarCpuMeter\TaskbarCore\obj\Release\TaskbarCore.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskbarMeters/TaskbarCpuMeter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jkey\Documents\Visual Studio 2008\Projects\TaskbarCpuMeter\TaskbarCpuMeter\obj\Release\TaskbarCpuMeter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskbarMeters/TaskbarDiskIOMeter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jkey\Documents\Visual Studio 2008\Projects\TaskbarCpuMeter\TaskbarDiskIOMeter\obj\Release\TaskbarDiskIOMeter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskbarMeters/TaskbarMemoryMeter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jkey\Documents\Visual Studio 2008\Projects\TaskbarCpuMeter\TaskbarMemoryMeter\obj\Release\TaskbarMemoryMeter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/ThemePatcher.rar
.rar
VistaGlazzSetup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/VistaGlazzSetup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/Windows_7_Drive_Icon_Changer_by_FunnyFriend2010.zip
.zip
Drive Icon Changer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/rocktdoc skin/DEAD SPACE 2 BY bbosa/Background.ini
DEAD SPACE 2/extra/rocktdoc skin/DEAD SPACE 2 BY bbosa/DEAD SPACE 2.png
.png
DEAD SPACE 2/extra/rocktdoc skin/DEAD SPACE 2 BY bbosa/Separator.ini
DEAD SPACE 2/extra/rocktdoc skin/DEAD SPACE 2 BY bbosa/Separator.png
.png
DEAD SPACE 2/extra/startorb/DEAD SPACE 2 BY BBOSA.bmp
DEAD SPACE 2/extra/startorb/Windows7 Start Button Change/Must Read.txt
DEAD SPACE 2/extra/startorb/Windows7 Start Button Change/Windows 7 Start Button Changer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Visual Studio 2005\Projects\Windows 7 Start Button Changer\Windows 7 Start Button Changer\obj\Release\Windows 7 Start Button Changer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/startorb/Windows7 Start Button Change/r.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEAD SPACE 2/extra/takeownershipreg.rar
.rar
Take Ownership.reg
DEAD SPACE 2/extra/user frames/7013 (2).bmp
DEAD SPACE 2/extra/user frames/7013 (3).bmp
DEAD SPACE 2/extra/user frames/7013.bmp
DEAD SPACE 2/extra/user frames/UserFrame ReadMe.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 8B

.data Size: - Virtual size: 808B

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 512B - Virtual size: 110B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 120KB - Virtual size: 120KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 342KB - Virtual size: 344KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 358KB - Virtual size: 360KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 342KB - Virtual size: 344KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 342KB - Virtual size: 344KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 342KB - Virtual size: 344KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 342KB - Virtual size: 344KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 3KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 488KB

UPX1 Size: 264KB - Virtual size: 268KB

.rsrc Size: 58KB - Virtual size: 60KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 517KB - Virtual size: 517KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 91KB

.rsrc Size: 65KB - Virtual size: 65KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 452KB

UPX1 Size: 195KB - Virtual size: 196KB

.rsrc Size: 196KB - Virtual size: 200KB

b5c5ba41bef834878b11ac9750c24ae0

Headers

File Characteristics

PDB Paths

Imports

shlwapi

.rdata
Size: 512B - Virtual size: 8B

.data
Size: - Virtual size: 808B

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 512B - Virtual size: 110B

.rsrc
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 342KB - Virtual size: 344KB

.rsrc
Size: 358KB - Virtual size: 360KB

.rsrc
Size: 342KB - Virtual size: 344KB

.rsrc
Size: 342KB - Virtual size: 344KB

.rsrc
Size: 342KB - Virtual size: 344KB

.rsrc
Size: 342KB - Virtual size: 344KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 488KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 58KB - Virtual size: 60KB

.text
Size: 517KB - Virtual size: 517KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 91KB

.rsrc
Size: 65KB - Virtual size: 65KB

UPX0
Size: - Virtual size: 452KB

UPX1
Size: 195KB - Virtual size: 196KB

.rsrc
Size: 196KB - Virtual size: 200KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 613KB - Virtual size: 612KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 613KB - Virtual size: 612KB

.text
Size: 455KB - Virtual size: 455KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 864B