264c56dd54c64b0dd5886b2ac0d80685_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

264c56dd54c64b0dd5886b2ac0d80685_JaffaCakes118
Size

2.4MB
MD5

264c56dd54c64b0dd5886b2ac0d80685
SHA1

9fb29355fd4c5927aa9e8b818ef5f6d740cded59
SHA256

34649b3bef2f00c721daea9b8ed7a5ddc27d27b68697f296a9d85cfc15d67c0d
SHA512

bd7cb001a3752eadeaaea8eb8459a5f84b5cd040f9196c641d77fdeec0f3e4b5bd3969825ab1cb776014c63c9fb146984c8aa4fdc61650218341a4c9641ae67a
SSDEEP

49152:GRx481x40uFHh0PaL077ywYPwgGwp7qJUXKhmAzo4YrTHSPPj8d:GR7duFHh0a077U0J8KhmAzo4YrzQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
264c56dd54c64b0dd5886b2ac0d80685_JaffaCakes118
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$TEMP/Detect64.exe
unpack001/ClearOptions.exe
unpack001/uninst.exe
unpack001/x64/DarkWave-Studio.exe
unpack001/x64/PlugIns/ES-CoreMachines.dll
unpack001/x86/DarkWave-Studio.exe
unpack001/x86/OpenAsio.dll
unpack001/x86/PlugIns/ES-CoreMachines.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

264c56dd54c64b0dd5886b2ac0d80685_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4e37e2ffbd35d63c4d78bd455882d145

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:23:31:69:2d:6e:07:82:a9:16:a3:c7:97:29:92:55:7d:34:70:e7
Signer

Actual PE Digest

97:23:31:69:2d:6e:07:82:a9:16:a3:c7:97:29:92:55:7d:34:70:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
WriteFile
DeleteFileW
GetCurrentThreadId
SetLastError
FlushInstructionCache
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetShortPathNameW
GetTempPathW
SetFilePointer
GetTickCount
CreateEventW
SetEvent
CreateProcessW
MoveFileExW
LoadLibraryExW
GlobalUnlock
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GlobalLock
GlobalAlloc
GetCurrentDirectoryA
GetFullPathNameA
Process32NextW
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileAttributesW
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
FileTimeToSystemTime
GetVersion
GetSystemInfo
GetVersionExW
GetTempFileNameW
GlobalFree
ReleaseSemaphore
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetErrorMode
lstrlenA
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
FindResourceExW
WideCharToMultiByte
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
GetStartupInfoA
InterlockedIncrement
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
FlushFileBuffers
CreateThread

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
socket
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

IsWindow
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetCursor
ReleaseCapture
TrackPopupMenu
GetCursorPos
PostMessageW
PostQuitMessage
KillTimer
SetTimer
UnregisterClassA
BeginPaint
DestroyMenu
NotifyWinEvent
FindWindowW
GetParent
GetAncestor
SetFocus
CreateDialogParamW
LoadImageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawTextW
ScreenToClient
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetCursor
ClientToScreen
GetWindowRect
SendDlgItemMessageW
EnableMenuItem
GetSystemMenu
EnableWindow
SetDlgItemTextW
MessageBoxW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
CharNextW
FillRect
InvalidateRect
GetAsyncKeyState
EndPaint
DrawFocusRect
GetForegroundWindow
ReleaseDC
GetDC
GetSysColorBrush
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW

gdi32

CreateSolidBrush
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
GdiFlush

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
RegDeleteValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyW
DuplicateTokenEx
GetUserNameW
RegEnumKeyW

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CLSIDFromProgID
CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
LoadRegTypeLi
SysFreeString
SysAllocStringLen
VariantInit
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPRD203CanLeaveOfferPage
OCPRD203CleanupProduct
OCPRD203Detach
OCPRD203FindGuidAndRunDialog
OCPRD203FindGuidAndRunDialogA
OCPRD203GetAsyncOfferStatus
OCPRD203GetBannerInfo
OCPRD203GetBannerInfoW
OCPRD203GetMsg
OCPRD203GetNoCandy
OCPRD203GetOfferState
OCPRD203GetOfferType
OCPRD203Init2A
OCPRD203Init2W
OCPRD203InnoAdjust
OCPRD203InnoRestore
OCPRD203InstallShieldAdjust
OCPRD203LoadOpenCandyDLL
OCPRD203LogDevModeMessage
OCPRD203LogDevModeMessageW
OCPRD203NSISAdjust
OCPRD203PreInit
OCPRD203PrepareDownload
OCPRD203RunDialog
OCPRD203SetClientAdvancedOptions
OCPRD203SetClientAdvancedOptionsW
OCPRD203SetCmdLineValues
OCPRD203SetCmdLineValuesW
OCPRD203SetCustomBrushColor
OCPRD203SetCustomBrushColorW
OCPRD203SetNoCandy
OCPRD203SetOCOfferEnabled
OCPRD203SetOfferData
OCPRD203SetOfferLocation
OCPRD203SetUseDefaultColorBkGrnd
OCPRD203Shutdown
OCPRD203SignalProductFailed
OCPRD203SignalProductInstalled
OCPRD203StartDLMgr2Download
OCPRD203StartDLMgr2DownloadRunasAdmin
_OCPRD203DLMgr2Check@16
_OCPRD203Display@16
_OCPRD203DownloadMgr2RecycleOffer@12
_OCPRD203MgrCheck@16
_OCPRD203MgrExec@16
_OCPRD203RestartDll@16
_OCPRD203RestartDllAsAdmin@16
_OCPRD203RunOpenCandyDLL@16

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Detect64.exe
.exe windows:4 windows x86 arch:x86

992ab6db8e72f53c636a3be579355ccf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
free
fwrite
memcpy
signal
vfprintf

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 220B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/ExperimentalScene.bmp
ClearOptions.exe
.exe windows:4 windows x86 arch:x86

adbd2c1c4b3ff1f324ba5fb0c509189b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenFile
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
free
fwrite
memcpy
signal
vfprintf

shell32

SHGetSpecialFolderPathA

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 220B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/20
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/36
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/48
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/62
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DarkWave.chm
.chm
Sample Projects/Arpeggiator.dwp
Sample Projects/Chemistry 101.dwp
Sample Projects/Chemistry 202.dwp
Sample Projects/Chemistry 303.dwp
Sample Projects/Crunch.dwp
Sample Projects/DrumDistort.dwp
Sample Projects/StereoSplitter.dwp
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/DarkWave-Studio.exe
.exe windows:4 windows x64 arch:x64

0f55302c52ee1390237ba0fb1d16c702

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControls

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GdiFlush
GetDeviceCaps
GetObjectA
GetStockObject
LineTo
MoveToEx
Polygon
Polyline
PtInRegion
Rectangle
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetTextColor

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeLibrary
FreeResource
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
OpenFile
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReleaseMutex
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_fdopen
_strupr
_write
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_lock
_onexit
_unlock
_vscprintf
_vsnprintf
abort
atan2
calloc
clearerr
exit
fclose
ferror
fflush
floor
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
ldexp
localeconv
log10
malloc
memcpy
memset
rand
realloc
signal
sprintf
strcat
strcmp
strcpy
strlen
strncat
strncmp
strncpy
vfprintf
vsprintf

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteA

user32

AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
CharLowerBuffA
ClientToScreen
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIcon
DrawIconEx
DrawTextA
EnableMenuItem
EnableWindow
EndDialog
EndPaint
FillRect
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItemTextA
GetFocus
GetMessageA
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InvalidateRect
InvertRect
IsWindow
KillTimer
LoadBitmapA
LoadCursorA
LoadImageA
LoadMenuA
MessageBoxA
MoveWindow
PostMessageA
PostQuitMessage
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetCursor
SetFocus
SetMenu
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow
ValidateRect
WindowFromPoint

winmm

midiInClose
midiInGetDevCapsA
midiInGetNumDevs
midiInOpen
midiInStart
midiOutClose
midiOutGetDevCapsA
midiOutGetNumDevs
midiOutOpen
midiOutShortMsg
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/PlugIns/ES-CoreMachines.dll
.dll windows:4 windows x64 arch:x64

4c4050dcf8e80394a350841ec897dbdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GdiFlush
GetDeviceCaps
GetObjectA
GetStockObject
LineTo
MoveToEx
Polygon
Polyline
Rectangle
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetTextColor

kernel32

AddAtomA
CloseHandle
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FindResourceA
FreeLibrary
FreeResource
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
OutputDebugStringA
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_fdopen
_strupr
_write
__dllonexit
__iob_func
__setusermatherr
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
_vscprintf
_vsnprintf
abort
calloc
clearerr
fclose
ferror
fflush
floor
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
ldexp
localeconv
log10
malloc
memcpy
memset
rand
realloc
signal
sprintf
srand
strcat
strcmp
strcpy
strlen
strncat
strncmp
strncpy
tan
vfprintf
vsprintf

shell32

ShellExecuteA

user32

AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
ClientToScreen
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DrawIconEx
DrawTextA
EnableMenuItem
EnableWindow
EndPaint
FillRect
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InvalidateRect
IsWindow
KillTimer
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxA
MoveWindow
PostMessageA
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetCursor
SetFocus
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
UpdateWindow
ValidateRect

Exports

Exports

DarkPlugInit

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 83B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/DarkWave-Studio.exe
.exe windows:4 windows x86 arch:x86

f7a0e586af34107439f6375ccf9219a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControls

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GdiFlush
GetDeviceCaps
GetObjectA
GetStockObject
LineTo
MoveToEx
Polygon
Polyline
PtInRegion
Rectangle
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetTextColor

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeLibrary
FreeResource
GetAtomNameA
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MultiByteToWideChar
OpenFile
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReleaseMutex
ReleaseSemaphore
ResumeThread
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_fdopen
_strupr
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
_vscprintf
_vsnprintf
_winmajor
abort
atan2
atexit
calloc
clearerr
cos
fclose
fflush
floor
fmod
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
localeconv
log10
malloc
memcpy
pow
rand
realloc
signal
sin
sprintf
sqrt
strcat
strcmp
strcpy
strlen
strncat
strncpy
vfprintf
vsprintf

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteA

user32

AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
CharLowerBuffA
ClientToScreen
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIcon
DrawIconEx
DrawTextA
EnableMenuItem
EnableWindow
EndDialog
EndPaint
FillRect
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItemTextA
GetFocus
GetMessageA
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InvalidateRect
InvertRect
IsWindow
KillTimer
LoadBitmapA
LoadCursorA
LoadImageA
LoadMenuA
MessageBoxA
MoveWindow
PostMessageA
PostQuitMessage
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetCursor
SetFocus
SetMenu
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow
ValidateRect
WindowFromPoint

winmm

midiInClose
midiInGetDevCapsA
midiInGetNumDevs
midiInOpen
midiInStart
midiOutClose
midiOutGetDevCapsA
midiOutGetNumDevs
midiOutOpen
midiOutShortMsg
waveOutClose
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/OpenAsio.dll
.dll windows:4 windows x86 arch:x86

bf1c8ed2e82e58ef28cf2bba1ed0cb57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
InterlockedDecrement
HeapDestroy
HeapCreate
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
InterlockedIncrement
GetACP
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LCMapStringA
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Exports

Exports

CreateOpenAsio

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/PlugIns/ES-CoreMachines.dll
.dll windows:4 windows x86 arch:x86

40a90085b758a031c30e8b184c458847

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GdiFlush
GetDeviceCaps
GetObjectA
GetStockObject
LineTo
MoveToEx
Polygon
Polyline
Rectangle
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetTextColor

kernel32

AddAtomA
CloseHandle
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FindResourceA
FreeLibrary
FreeResource
GetAtomNameA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
OutputDebugStringA
ReleaseMutex
ReleaseSemaphore
ResumeThread
SetLastError
SetThreadPriority
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_fdopen
_strupr
_write
__dllonexit
_errno
_iob
_vscprintf
_vsnprintf
_winmajor
abort
calloc
clearerr
cos
exp
fclose
fflush
floor
fmod
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
localeconv
log
log10
malloc
memcpy
pow
rand
realloc
sin
sprintf
sqrt
srand
strcat
strcmp
strcpy
strlen
strncat
strncpy
tan
vfprintf
vsprintf

shell32

ShellExecuteA

user32

AdjustWindowRectEx
AppendMenuA
BeginPaint
CallWindowProcA
ClientToScreen
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DrawIconEx
DrawTextA
EnableMenuItem
EnableWindow
EndPaint
FillRect
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InflateRect
InvalidateRect
IsWindow
KillTimer
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxA
MoveWindow
PostMessageA
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetCursor
SetFocus
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
UpdateWindow
ValidateRect

Exports

Exports

DarkPlugInit

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 83B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3.6MB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 102KB - Virtual size: 102KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 436B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

4e37e2ffbd35d63c4d78bd455882d145

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

97:23:31:69:2d:6e:07:82:a9:16:a3:c7:97:29:92:55:7d:34:70:e7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

ws2_32

msimg32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 102KB - Virtual size: 102KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

97:23:31:69:2d:6e:07:82:a9:16:a3:c7:97:29:92:55:7d:34:70:e7
Signer

.text
Size: 508KB - Virtual size: 508KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 31KB - Virtual size: 30KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 296B

.bss
Size: - Virtual size: 220B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 98KB - Virtual size: 98KB