07f880fab4a8c0ff4629ada1fd3bec6334dd5d73aeb30647d8a3acf1daaaec29

Sharing

Copy URL Twitter E-mail

General

Target

07f880fab4a8c0ff4629ada1fd3bec6334dd5d73aeb30647d8a3acf1daaaec29
Size

1.5MB
MD5

e8173b5bff59a8cd8006001ea2186abc
SHA1

4e6d51b86d7d9e52ec122183fae1c597072360c6
SHA256

07f880fab4a8c0ff4629ada1fd3bec6334dd5d73aeb30647d8a3acf1daaaec29
SHA512

642e527e9ca367d8cab55aba2e9d2024fda968bdc48ad32bb0d9142f44631732e7ffc9b577eed8071b941cf029bd1219dabe70b63d70bd840a0f6d05a66b3365
SSDEEP

24576:QB2beBSX9hvhm05ev6nFluouxR2n8TV6YSOgGKOCuELsF3DO+e+X8R8Av:QBYeMXK2FqQ5vrcDa+MOQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Modules/d3d8to9.dll
unpack001/WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEApp.exe
unpack001/WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEDll.dll
unpack001/WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEUpdater.exe
unpack001/WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Launcher.exe

Files

07f880fab4a8c0ff4629ada1fd3bec6334dd5d73aeb30647d8a3acf1daaaec29
.zip
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Language.xml
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Localisation.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Modules/d3d8to9.dll
.dll windows:6 windows x86 arch:x86

17eae39f06667a396e40a3a79a222ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d9

Direct3DCreate9

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

user32

GetDC
ReleaseDC

gdi32

GetDeviceCaps

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Strxfrm
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
_Strcoll

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memset
_CxxThrowException
__current_exception_context
memmove
memcpy
strchr
__CxxFrameHandler3
__std_exception_destroy
memchr
__std_terminate
__std_exception_copy
__current_exception

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_initterm
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-math-l1-1-0

ceil

Exports

Exports

Direct3DCreate8

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Profiles/Platform.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Profiles/WFE.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Profiles/WFEConfigBase.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/ReadMe.txt
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Sounds/wfe_closed.wav
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/Sounds/wfe_started.wav
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFE.mpq
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEApp.exe
.exe windows:6 windows x86 arch:x86

2610cd5d8ffbefa205703d83296f5c5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Files\Work Files\Programming\C++\WFEUpdate\Release\WFEApp.pdb

Imports

api-ms-win-crt-stdio-l1-1-0

fgets
__stdio_common_vfprintf_s
fclose
fopen
fopen_s

api-ms-win-crt-string-l1-1-0

isspace
tolower
strncpy
_stricmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
abort
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_execute_onexit_table
_initialize_onexit_table
_register_onexit_function

vcruntime140

memmove
__current_exception_context
__FrameUnwindFilter
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
memset
__current_exception
strchr

kernel32

GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
K32GetModuleFileNameExA
GetCurrentProcessId
Sleep
WideCharToMultiByte
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
OpenProcess
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
Module32Next
GetLastError
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First

user32

FindWindowA
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetKeyState
GetAsyncKeyState

advapi32

RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

msvcp140

?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoul
strtof

mscoree

_CorExeMain

Exports

Exports

??0INIReader@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Get@INIReader@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@00@Z
?GetBoolean@INIReader@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?GetFloat@INIReader@@QBEMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0M@Z
?GetInteger@INIReader@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetLong@INIReader@@QBEJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetReal@INIReader@@QBENABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0N@Z
?GetUInteger@INIReader@@QBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetULong@INIReader@@QBEKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?MakeKey@INIReader@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z
?ParseError@INIReader@@QBEHXZ
?ValueHandler@INIReader@@CAHPAXPBD11@Z
EnableDebugPrivEx
GetExePath
GetExePathByName
GetProcessIdByName
InjectToProcess
InjectToProcessByName
InjectToWindowByNameEx
InjectToWindowEx

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEAppStyleDefault.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEDll.dll
.dll windows:6 windows x86 arch:x86

7c693f05bb2f0f7dac3c7b4df2a8639a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Files\Work Files\Programming\C++\WFEUpdate\Release\WFEDll.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

WriteConsoleW
HeapSize
SetStdHandle
GetModuleHandleA
GetLastError
CloseHandle
GetStdHandle
GetConsoleWindow
FreeConsole
AllocConsole
SetConsoleTitleA
K32GetProcessMemoryInfo
GetCurrentProcess
GetCurrentThread
WriteFile
ReadFile
VirtualProtect
FlushInstructionCache
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetTickCount64
TlsGetValue
GetFileAttributesA
LoadLibraryA
DisableThreadLibraryCalls
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
GetFileType
HeapFree
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FormatMessageA
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
LocalFree
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
Sleep
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue
TlsFree
CreateThread

user32

ClipCursor
BlockInput
MapVirtualKeyA
DefWindowProcA
ShowWindow
SendInput
SetCursorPos
ScreenToClient
GetCursorPos
GetWindowPlacement
GetKeyState
SetWindowPlacement
SetWindowLongA
GetWindowLongA
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetForegroundWindow
GetActiveWindow
FindWindowA
SetTimer
KillTimer
SendMessageA
SetWindowPos

Exports

Exports

??0INIReader@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Get@INIReader@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@00@Z
?GetBoolean@INIReader@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?GetFloat@INIReader@@QBEMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0M@Z
?GetInteger@INIReader@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetLong@INIReader@@QBEJABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetReal@INIReader@@QBENABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0N@Z
?GetUInteger@INIReader@@QBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?GetULong@INIReader@@QBEKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0J@Z
?MakeKey@INIReader@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z
?ParseError@INIReader@@QBEHXZ
?ValueHandler@INIReader@@CAHPAXPBD11@Z

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEGameColours.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFESettings.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFESettingsBase.ini
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/WFEUpdater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WFEUpdater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Application/icon.ico
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\1\Winform Projects\WFE Launcher\obj\Release\Launcher.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/[0]请务必使用Launcher启动WFE，减少被平台检测的几率.txt
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/[必看1]WFE本体使用说明.txt
WFE v3.1.11.68(重大更新，请仔细阅读使用说明)/[必看2]Launcher使用说明.txt

Sharing

General

Malware Config

Signatures

Files

17eae39f06667a396e40a3a79a222ead

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

2610cd5d8ffbefa205703d83296f5c5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

vcruntime140

kernel32

user32

advapi32

msvcp140

api-ms-win-crt-convert-l1-1-0

mscoree

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 3KB - Virtual size: 13KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 2KB - Virtual size: 2KB

7c693f05bb2f0f7dac3c7b4df2a8639a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

Exports

Exports

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 9KB - Virtual size: 75KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 42KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 3KB - Virtual size: 13KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 9KB - Virtual size: 75KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 42KB

.text
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 550KB - Virtual size: 549KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 12B