36a75a168e36bdcd57601a3494fdcc84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36a75a168e36bdcd57601a3494fdcc84_JaffaCakes118
Size

1.3MB
MD5

36a75a168e36bdcd57601a3494fdcc84
SHA1

99765c5cfd605bd745b737b2f05d8ef278de764b
SHA256

bf2f29009b84c4059a95f984e1b7784ad92eec47a1f6e0005ff1405d49e7d125
SHA512

9a34bafa562eb3c33116ba9158b0ae20ad516bb448f4cb41d6730d63452a9beec8ca6072bd7c12eae16f794414869cefa24a97568d6727a8944f1a7325ab71b1
SSDEEP

24576:Yyt1fSc6Qw2kF4KVcJagl7HlKB0KOg3+HapW23jEs3l7hrAVmOXtwVLgCayhutvT:J1fSd2/5JlY513CaZEs3dlAVV9wJ1ayg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Engines/lzzjz.exe	upx
static1/unpack001/Engines/piskvork/pbrain-pela.exe	upx
static1/unpack001/Engines/renjusolver/pbrain-RenjuSolver.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Engines/HForbid/pbrain-HForbid.exe
unpack001/Engines/HGarden/pbrain-HGarden.EXE
unpack001/Engines/Tito2010/pbrain-Tito2010.exe
unpack001/Engines/Yixin2012/pbrain-Yixin2012.exe
unpack001/Engines/hewer12/pbrain-hewer12.exe
unpack001/Engines/lzzjz.exe
unpack001/Engines/piskvork/pbrain-pela.exe
unpack003/out.upx
unpack001/Engines/renjusolver/pbrain-RenjuSolver.exe
unpack001/嘻嘻五子棋辅助.exe

Files

36a75a168e36bdcd57601a3494fdcc84_JaffaCakes118
.rar
Engines/HForbid/pbrain-HForbid.exe
.exe windows:4 windows x86 arch:x86

ff313b3b65d59f96c06c17eee17bdddb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
WaitForSingleObject
ResetEvent
GetTickCount
CreateThread
CreateEventA
GetSystemTimeAsFileTime
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetLastError
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
FlushFileBuffers
ReadFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
HeapSize
MultiByteToWideChar
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
RtlUnwind
InterlockedExchange
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
GetLocaleInfoA
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Engines/HGarden/pbrain-HGarden.EXE
.exe windows:4 windows x86 arch:x86

6f0464daa0a837ec2eb2e90fb432130a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
WaitForSingleObject
ResetEvent
GetTickCount
CreateThread
CreateEventA
GetTimeZoneInformation
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
MultiByteToWideChar
GetLocaleInfoA
HeapSize
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Engines/Tito2010/pbrain-Tito2010.exe
.exe windows:4 windows x86 arch:x86

e128cddb8049501d25eae7279a198192

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
GetModuleHandleA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

_stricmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
fflush
fputs
free
gets
malloc
memcpy
printf
puts
rand
signal
sprintf
srand
sscanf
vsprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Engines/Yixin2012/pbrain-Yixin2012.exe
.exe windows:5 windows x86 arch:x86

da71e35e3742992e08643d18fba70041

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Develop\编程工程\GoBang\GoBang\Release\GoBang.pdb

Imports

kernel32

WaitForSingleObject

msvcr90

getchar

msvcrt

malloc

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

IsWindow

advapi32

RegOpenKeyExA

Sections

.text
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 167.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 951KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Engines/hewer12/pbrain-hewer12.exe
.exe windows:5 windows x86 arch:x86

651d49d71221c06525e6752a3ce0a490

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo

kernel32

FlushFileBuffers
CreateDirectoryA
FindFirstFileA
FindClose
FindNextFileA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetTimeZoneInformation
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
WriteFile
GetConsoleCP
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetModuleFileNameA
SetFilePointer
CloseHandle
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryA
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Engines/lzzjz.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!rc!
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Engines/piskvork/pbrain-pela.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Engines/renjusolver/pbrain-RenjuSolver.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Engines/renjusolver/pu.lib
嘻嘻五子棋辅助.exe
.exe windows:4 windows x86 arch:x86

9e4cea6138cf1aaed57bb436ac9af860

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetLastError
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenProcess
PeekNamedPipe
ReadFile
ReadProcessMemory
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteFile
WritePrivateProfileStringA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
free
fwrite
rand
signal
srand
strcat
strcpy
time
vfprintf

shell32

ShellExecuteA

user32

CreateWindowExA
DialogBoxParamA
EnableWindow
EndDialog
EnumChildWindows
FindWindowA
GetClassNameA
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadIconA
MessageBoxA
PostMessageA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetTimer
SetWindowPos
ShowWindow
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff313b3b65d59f96c06c17eee17bdddb

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 336KB - Virtual size: 334KB

.data Size: 4KB - Virtual size: 275KB

6f0464daa0a837ec2eb2e90fb432130a

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 340KB - Virtual size: 339KB

.data Size: 8KB - Virtual size: 278KB

.rsrc Size: 4KB - Virtual size: 176B

e128cddb8049501d25eae7279a198192

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 124B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 81KB

.idata Size: 1KB - Virtual size: 1KB

da71e35e3742992e08643d18fba70041

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

msvcrt

iphlpapi

psapi

user32

advapi32

Sections

.text Size: 13KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 167.9MB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 16KB

.sedata Size: 951KB - Virtual size: 952KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

651d49d71221c06525e6752a3ce0a490

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 18KB

Headers

File Characteristics

Sections

UPX0 Size: 260KB - Virtual size: 260KB

UPX1 Size: 100KB - Virtual size: 100KB

.!rc! Size: 4KB - Virtual size: 4KB

.idata2 Size: 2KB - Virtual size: 4KB

.rsrc Size: 259KB - Virtual size: 258KB

Headers

File Characteristics

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 336KB - Virtual size: 334KB

.data
Size: 4KB - Virtual size: 275KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 340KB - Virtual size: 339KB

.data
Size: 8KB - Virtual size: 278KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 124B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 81KB

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 167.9MB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 16KB

.sedata
Size: 951KB - Virtual size: 952KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 18KB

UPX0
Size: 260KB - Virtual size: 260KB

UPX1
Size: 100KB - Virtual size: 100KB

.!rc!
Size: 4KB - Virtual size: 4KB

.idata2
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 259KB - Virtual size: 258KB

UPX0
Size: - Virtual size: 1.0MB

UPX1
Size: 9KB - Virtual size: 12KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 918B

.data
Size: 4KB - Virtual size: 1.0MB

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 127KB - Virtual size: 128KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 2KB - Virtual size: 1KB

.eh_fram
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.vmp0
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 10KB