4c9b6d6d947a7c7fc1b70774a0d5791a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c9b6d6d947a7c7fc1b70774a0d5791a_JaffaCakes118
Size

5.4MB
MD5

4c9b6d6d947a7c7fc1b70774a0d5791a
SHA1

4b7179bee2b7c156eee8490028fc57497fa8eb91
SHA256

c634b4572cfbea7308cade677ca4f00665e6b9de3f0e74834e5f3294118abe55
SHA512

0c9c95400869b55f33a653c3cd7955a76d4e0d26883a98893f75d6310eae32558021145ea130222561b6a835a145ece11ca67b6cf35b69c512724f14961e7ccc
SSDEEP

98304:qUwQGnZZetlp9j+LU11OW51qYRbPLzq7bV7dXT6qb2Tsb7adrxy:kQGatH9jRz5bqsbPL+7bV7Yqb2Thpc

Score

3^/10

Malware Config

Signatures

Unsigned PE 28 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EMCXT/EMCXT Libs/Appearance Pak.dll
unpack001/EMCXT/EMCXT Libs/RegEx.dll
unpack001/EMCXT/EMCXT Libs/Shell.dll
unpack001/EMCXT/EMCXT.exe
unpack001/EMCXT/bin/MD5Crypt.exe
unpack001/EMCXT/bin/SMBHash.exe
unpack001/EMCXT/bin/bzip2.exe
unpack001/EMCXT/bin/cat.exe
unpack001/EMCXT/bin/chown.exe
unpack001/EMCXT/bin/cp.exe
unpack001/EMCXT/bin/crc32sum.exe
unpack001/EMCXT/bin/cygcrypt-0.dll
unpack001/EMCXT/bin/cygiconv-2.dll
unpack001/EMCXT/bin/cygintl-8.dll
unpack001/EMCXT/bin/cygwin1.dll
unpack001/EMCXT/bin/cygz.dll
unpack001/EMCXT/bin/gmkdir.exe
unpack001/EMCXT/bin/hexalter.exe
unpack001/EMCXT/bin/jffs2dump.exe
unpack001/EMCXT/bin/mkfs.jffs2.exe
unpack001/EMCXT/bin/mksquashfs.exe
unpack001/EMCXT/bin/mkyaffs2image.exe
unpack001/EMCXT/bin/mount.exe
unpack001/EMCXT/bin/mv.exe
unpack001/EMCXT/bin/tar.exe
unpack001/EMCXT/bin/umount.exe
unpack001/EMCXT/bin/unsquashfs.exe
unpack001/EMCXT/bin/unyaffs.exe

Files

4c9b6d6d947a7c7fc1b70774a0d5791a_JaffaCakes118
.zip
EMCXT/EMCXT Libs/Appearance Pak.dll
.dll windows:4 windows x86 arch:x86

11e8c6e50b51b96c6baab7f0f93f3aba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\2009r5\REALbasic\REALbasic Visual Studio\release\Appearance Pak.pdb

Imports

kernel32

GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
CloseHandle
FlushFileBuffers
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
IsValidCodePage
GetACP
MultiByteToWideChar
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
MulDiv
GetVersionExA
Sleep
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind

user32

GetKeyState
CreatePopupMenu
AppendMenuA
AppendMenuW
ClientToScreen
TrackPopupMenu
DestroyMenu
SetRect
GetSysColor
InflateRect
FrameRect
FillRect
GetWindowRect
ScreenToClient
OffsetRect
DrawTextW
DrawTextA
DrawFocusRect
GetDC
ReleaseDC
GetParent
GetClassNameA

gdi32

CreateSolidBrush
GetStockObject
LineTo
CreatePen
SelectObject
MoveToEx
DeleteObject
CreateRectRgn
GetClipRgn
SelectClipRgn
CreateFontW
GetTextMetricsA
GetTextExtentPoint32W
GetTextExtentPoint32A
SetTextAlign
SetBkMode
SetTextColor
Polygon
GetDeviceCaps
SetPixelV

Exports

Exports

REALPluginMain

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/EMCXT Libs/RegEx.dll
.dll windows:4 windows x86 arch:x86

94ec982aec9490d794cdfba4f176e862

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\2009r5\REALbasic\REALbasic Visual Studio\release\RegEx.pdb

Imports

kernel32

HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
RtlUnwind
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

Exports

Exports

REALPluginMain

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/EMCXT Libs/Shell.dll
.dll windows:4 windows x86 arch:x86

eac21bf90f51097a1bf8906c87f4ee34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\2009r5\REALbasic\REALbasic Visual Studio\release\Shell.pdb

Imports

kernel32

InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetLastError
DeleteCriticalSection
GetWindowsDirectoryW
WriteFile
Sleep
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
GetStdHandle
SetStdHandle
PeekNamedPipe
SetNamedPipeHandleState
CreateProcessW
CreatePipe
GetModuleHandleA
GetCurrentProcess
GetCurrentDirectoryA
DuplicateHandle
GetTickCount
GetVersionExA
GetWindowsDirectoryA
CloseHandle
GetACP
IsValidCodePage
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
ExitProcess
GetModuleFileNameA
RaiseException
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetOEMCP
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA

user32

SetTimer
KillTimer
RegisterClassA
CreateWindowExA
DefWindowProcA

Exports

Exports

REALPluginMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/EMCXT.exe
.exe windows:4 windows x86 arch:x86

f721931590e8e6577ba50dbc8587d435

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\2009r5\REALbasic\REALbasic Visual Studio\release\X86RunHoudini.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ord17
ImageList_Destroy
ImageList_Add
InitCommonControlsEx
ImageList_Create

winmm

midiOutOpen
midiOutShortMsg
midiOutClose
mciSendStringA
mciSendStringW

iphlpapi

GetAdaptersInfo

kernel32

OutputDebugStringA
ExitProcess
GetUserDefaultLangID
CreateEventW
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
CreateFiber
GetACP
IsValidCodePage
MulDiv
GetVersion
GetLogicalDrives
InterlockedIncrement
InterlockedDecrement
SetCommBreak
GetCommProperties
EscapeCommFunction
ClearCommBreak
SetCommState
SetCommTimeouts
CreateEventA
GetCommModemStatus
GetOverlappedResult
ClearCommError
ResetEvent
GetCommState
WaitForSingleObject
GetCommandLineA
IsBadReadPtr
GetCurrentProcess
VirtualProtect
HeapFree
VirtualFree
GetProcessHeap
GetSystemDirectoryA
GetModuleHandleA
TlsGetValue
GetStartupInfoA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapReAlloc
GetFileType
SetStdHandle
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
RaiseException
GetStdHandle
HeapDestroy
HeapCreate
SetHandleCount
GetConsoleCP
GetConsoleMode
RtlUnwind
OutputDebugStringW
GetEnvironmentVariableW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetModuleFileNameA
LoadLibraryW
_lread
_lclose
VirtualAlloc
_lopen
_llseek
LoadResource
FindResourceA
LockResource
lstrcpyA
GetFileTime
CopyFileW
FindNextFileW
GetSystemDirectoryW
FindClose
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
SetFileAttributesW
SetFileTime
MoveFileW
DeleteFileW
GetCurrentThread
CreateDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFileAttributesW
GetLogicalDriveStringsW
RemoveDirectoryW
SetCurrentDirectoryW
GetShortPathNameW
FindFirstFileW
GetCurrentDirectoryW
GlobalSize
GlobalFree
GlobalAlloc
GlobalReAlloc
CreateFileA
GetCurrentProcessId
CompareFileTime
GetLocalTime
LocalFileTimeToFileTime
GetSystemTime
GetDateFormatA
FileTimeToLocalFileTime
GetTimeFormatA
SystemTimeToFileTime
GetTimeZoneInformation
TlsAlloc
FileTimeToSystemTime
SetEndOfFile
SetFilePointer
GetFileSize
GetTempFileNameW
CloseHandle
GetLastError
WriteFile
GetTempPathW
FlushFileBuffers
CreateFileW
ReadFile
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
GetVersionExA
Sleep
GetProcAddress
GetLocaleInfoW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetLocaleInfoA
IsDBCSLeadByteEx
GetStringTypeExA
CompareStringW
CompareStringA
GetModuleHandleW
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
HeapAlloc

user32

TrackMouseEvent
GetFocus
GetMenuState
TranslateMDISysAccel
EnumChildWindows
GetWindow
IsZoomed
GetTopWindow
BringWindowToTop
AdjustWindowRect
GetSystemMenu
GetClassInfoW
DestroyCursor
VkKeyScanA
CopyRect
CreateMenu
GetMenuItemCount
DrawEdge
InsertMenuW
EnableMenuItem
DeleteMenu
DestroyMenu
GetWindowTextLengthW
GetKeyState
EnableWindow
RemovePropA
SetWindowTextW
GetMessagePos
GetSubMenu
GetMenuStringW
GetMenuItemInfoW
OpenClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
wsprintfA
GetPropA
FrameRect
SetPropA
InvalidateRgn
SetParent
CreateWindowExW
BeginPaint
EndPaint
UpdateWindow
DragDetect
GetClassNameA
ValidateRect
ShowCursor
GetMonitorInfoA
EnumDisplayMonitors
RegisterClassA
SetTimer
KillTimer
GetMessageW
DispatchMessageW
SetCapture
RegisterWindowMessageA
MsgWaitForMultipleObjectsEx
WindowFromPoint
DrawFrameControl
DrawIconEx
SystemParametersInfoA
GetMenu
GetWindowLongA
GetActiveWindow
FindWindowW
CreateWindowExA
ChildWindowFromPointEx
DestroyWindow
CreateIconIndirect
DefWindowProcA
RedrawWindow
GetSystemMetrics
LoadImageA
CreateCursor
GetWindowTextW
GetWindowTextLengthA
MessageBoxW
ScreenToClient
MoveWindow
GetKeyNameTextW
MapVirtualKeyA
SetClipboardData
GetClipboardData
EmptyClipboard
CreateIconFromResource
CreateIconFromResourceEx
LoadIconA
InvertRect
DrawIcon
GetSysColorBrush
DrawFocusRect
DrawTextW
GetIconInfo
LoadCursorFromFileW
DestroyIcon
SendMessageW
GetParent
SetWindowPos
FillRect
SetForegroundWindow
DispatchMessageA
IsWindowVisible
MessageBoxA
EnumWindows
PeekMessageA
TranslateMessage
ClientToScreen
GetClientRect
GetWindowRect
CreatePopupMenu
GetForegroundWindow
TrackPopupMenu
GetCursorPos
SetWindowLongW
GetDC
PostMessageA
RegisterClassW
CreateMDIWindowW
IsIconic
SetScrollRange
GetScrollRange
SetScrollInfo
GetScrollPos
GetScrollInfo
SetScrollPos
PeekMessageW
SetWindowLongA
DefMDIChildProcW
CallWindowProcW
DefWindowProcW
GetWindowLongW
DefFrameProcW
ReleaseDC
SendMessageA
MessageBeep
GetDoubleClickTime
ScrollWindow
OffsetRect
SetRect
CloseClipboard
InvalidateRect
GetMenuItemID
SetMenuItemInfoW
CheckMenuItem
ShowWindow
DrawMenuBar
SetFocus
WindowFromDC
CharUpperBuffA
CharLowerBuffA
GetAsyncKeyState
LoadCursorA
SetMenu
GetMessageTime
SetCursor
GetSysColor
ReleaseCapture

gdi32

GetSystemPaletteEntries
Polygon
SetBrushOrgEx
SetTextAlign
CreateMetaFileW
CloseMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
EnumFontsW
EnumFontFamiliesExW
CreateRectRgn
CombineRgn
GetTextMetricsA
CreatePen
LineTo
SelectClipRgn
CreatePatternBrush
SetBkMode
SetPixelV
GetTextExtentPoint32W
CreateBitmap
CreateSolidBrush
GetFontLanguageInfo
MoveToEx
GetClipRgn
GetPixel
Rectangle
SetTextColor
RoundRect
GetTextMetricsW
GetEnhMetaFileW
EnumEnhMetaFile
CreateDIBitmap
DeleteMetaFile
GetEnhMetaFileHeader
GetMetaFileA
CreateFontIndirectA
SetViewportOrgEx
SetBkColor
GetEnhMetaFileA
SetMapMode
CreateFontW
CreateBrushIndirect
SetPixel
SetAbortProc
EndDoc
CreateICA
SetViewportExtEx
StartPage
SetWindowExtEx
EndPage
StartDocA
GetStockObject
CreateCompatibleDC
DeleteDC
StretchBlt
CreateCompatibleBitmap
RealizePalette
BitBlt
CreateDCA
StretchDIBits
SetDIBitsToDevice
SelectPalette
GetObjectA
GetDIBits
CreatePalette
CreateDIBSection
DeleteEnhMetaFile
DeleteObject
SelectObject
SetStretchBltMode
Ellipse
TranslateCharsetInfo
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorA
PageSetupDlgA
PrintDlgA

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
ImpersonateSelf
AccessCheck
MapGenericMask
OpenThreadToken
GetFileSecurityW
RevertToSelf
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

shell32

DragFinish
DragQueryFileW
Shell_NotifyIconW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
DragAcceptFiles

ole32

CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString
CoTaskMemFree
CoGetClassObject
OleUninitialize
OleInitialize
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
DoDragDrop

oleaut32

OleCreatePictureIndirect
SysFreeString
SysAllocString
OleLoadPicturePath

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EMCXT/bin/MD5Crypt.exe
.exe windows:4 windows x86 arch:x86

67b0bcf3e6b1c9e3fa205685c61e0a2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetVersionExA
GetShortPathNameW
WideCharToMultiByte
FindClose
FindFirstFileA
GetComputerNameA
CloseHandle
CreateFileA
GetLastError
FindNextFileA
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
LeaveCriticalSection
GetProcAddress
LoadLibraryA
InitializeCriticalSection
SetEnvironmentVariableA
DeleteCriticalSection
LoadLibraryExA
LockResource
LoadResource
FindResourceA
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
MultiByteToWideChar
ExitThread
FreeLibrary
EnterCriticalSection

user32

MessageBoxA

advapi32

GetUserNameA

msvcrt

localtime
vsprintf
free
malloc
strcmp
fprintf
_iob
fclose
strlen
fgets
fopen
sprintf
strcat
strcpy
getenv
wcslen
memcpy
memcmp
strchr
strstr
time
_ftol
_stat
atol
_pctype
_isctype
__mb_cur_max
atoi
fwrite
rand
srand
_close
_futime
_open_osfhandle
_errno
fread
strncpy
fflush
fputc
fputs
_rmdir
__p__environ
memset
perror
abort
_setjmp3
toupper
memmove
strrchr
wcscmp
_exit
_strdup
_mkdir
_getpid
_chmod
_strnicmp
_dup2
_fileno
_putenv
_initterm
_unlink
_stricmp
__dllonexit
_onexit
_adjust_fdiv
_XcptFilter
exit
__p___initenv
__getmainargs
__set_app_type
__setusermatherr
__p__commode
__p__fmode
_controlfp
_except_handler3
calloc

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EMCXT/bin/SMBHash.exe
.exe windows:4 windows x86 arch:x86

67b0bcf3e6b1c9e3fa205685c61e0a2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetVersionExA
GetShortPathNameW
WideCharToMultiByte
FindClose
FindFirstFileA
GetComputerNameA
CloseHandle
CreateFileA
GetLastError
FindNextFileA
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
LeaveCriticalSection
GetProcAddress
LoadLibraryA
InitializeCriticalSection
SetEnvironmentVariableA
DeleteCriticalSection
LoadLibraryExA
LockResource
LoadResource
FindResourceA
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
MultiByteToWideChar
ExitThread
FreeLibrary
EnterCriticalSection

user32

MessageBoxA

advapi32

GetUserNameA

msvcrt

localtime
vsprintf
free
malloc
strcmp
fprintf
_iob
fclose
strlen
fgets
fopen
sprintf
strcat
strcpy
getenv
wcslen
memcpy
memcmp
strchr
strstr
time
_ftol
_stat
atol
_pctype
_isctype
__mb_cur_max
atoi
fwrite
rand
srand
_close
_futime
_open_osfhandle
_errno
fread
strncpy
fflush
fputc
fputs
_rmdir
__p__environ
memset
perror
abort
_setjmp3
toupper
memmove
strrchr
wcscmp
_exit
_strdup
_mkdir
_getpid
_chmod
_strnicmp
_dup2
_fileno
_putenv
_initterm
_unlink
_stricmp
__dllonexit
_onexit
_adjust_fdiv
_XcptFilter
exit
__p___initenv
__getmainargs
__set_app_type
__setusermatherr
__p__commode
__p__fmode
_controlfp
_except_handler3
calloc

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EMCXT/bin/bzip2.exe
.exe windows:4 windows x86 arch:x86

f448af061de3206d24454a054168dd51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_fchown32
_fdopen64
_fopen64
_impure_ptr
_lstat64
_open64
_stat64
calloc
close
cygwin_internal
dll_crt0__FP11per_process
exit
fchmod
fclose
fflush
fgetc
fileno
fprintf
fputc
fread
free
fwrite
getenv
isatty
malloc
memset
perror
realloc
remove
rewind
setmode
signal
strcat
strcmp
strcpy
strerror
strlen
strncpy
strstr
ungetc
utime

kernel32

GetModuleHandleA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/cat.exe
.exe windows:4 windows x86 arch:x86

3778088b494266ae695a3d6ee7ed88e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__isnand
__main
__mb_cur_max
__signbitd
_ctype_
_exit
_fcntl64
_freopen64
_fstat64
_impure_ptr
_open64
abort
atexit
calloc
close
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fprintf
fputs
free
frexp
fwrite
getenv
getpagesize
isatty
iswprint
ldexp
malloc
mbrtowc
mbsinit
memcpy
memmove
memset
printf
putc_unlocked
read
realloc
setlocale
snprintf
sprintf
strchr
strcmp
strerror_r
strlen
strncmp
write

cygintl-8

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetModuleHandleA

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 600B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/chown.cmd
EMCXT/bin/chown.exe
.exe windows:4 windows x86 arch:x86

6f5ddf4e87e9f17032dd65b856373fd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__isnand
__main
__mb_cur_max
__signbitd
_chown32
_ctype_
_exit
_fchown32
_fcntl64
_fstat64
_getgrgid32
_getgrnam32
_getpwuid32
_impure_ptr
_lchown32
_lstat64
_open64
_stat64
abort
atexit
calloc
chdir
close
closedir
cygwin_internal
dirfd
dll_crt0__FP11per_process
endgrent
endpwent
exit
fchdir
fclose
fflush
fprintf
fputs
free
frexp
fwrite
getcwd
getenv
getpwnam
iswprint
ldexp
malloc
mbrtowc
mbsinit
memchr
memcpy
memmove
memset
opendir
printf
putc_unlocked
qsort
readdir
realloc
rmdir
setlocale
snprintf
sprintf
strchr
strcmp
strcpy
strerror_r
strlen
strncmp
strrchr
strspn
strtoul
unlink

cygintl-8

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetModuleHandleA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 616B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/copy_cont.cmd
EMCXT/bin/cp.exe
.exe windows:4 windows x86 arch:x86

8e9533b9e3739816b3f037464b5fef5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__isnand
__main
__mb_cur_max
__signbitd
_ctype_
_exit
_fchown32
_fcntl64
_fseeko64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgid32
_getuid32
_impure_ptr
_lchown32
_lseek64
_lstat64
_mknod32
_open64
_setregid32
_setreuid32
_stat64
abort
access
atexit
btowc
calloc
chdir
chmod
close
closedir
cygwin_conv_to_full_win32_path
cygwin_internal
dll_crt0__FP11per_process
dup
exit
fchdir
fchmod
fclose
fflush
fprintf
fputs
free
frexp
futimes
fwrite
getcwd
getenv
getline
getpagesize
iswalnum
iswctype
iswlower
iswprint
ldexp
link
malloc
mbrtowc
mbsinit
memchr
memcpy
memmove
mempcpy
memset
mkdir
mkfifo
nl_langinfo
opendir
pathconf
printf
putc_unlocked
putchar_unlocked
read
readdir
readlink
realloc
rename
rmdir
setlocale
snprintf
sprintf
strcasecmp
strchr
strcmp
strcpy
strerror_r
strlen
strncmp
strndup
strspn
symlink
towlower
towupper
umask
unlink
utimes
wcrtomb
wcscoll
wctype
write

cygintl-8

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetACP
GetModuleHandleA

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 952B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/crc32sum.exe
.exe windows:4 windows x86 arch:x86

f6b7124e322efc2e961f4a397b67e5cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
WriteFile
HeapFree
CloseHandle
ReadFile
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
SetFilePointer
CreateFileA
SetStdHandle
GetProcAddress
LoadLibraryA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/cygcrypt-0.dll
.dll windows:4 windows x86 arch:x86

3c9ae2ce6ce416cbf1d6fe405217e535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

abort
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
free
malloc
pthread_atfork
realloc

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Exports

Exports

crypt
encrypt
setkey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 106B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/cygiconv-2.dll
.dll windows:4 windows x86 arch:x86

d6815f70e4b598ad6bc5152d381fb692

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
__mb_cur_max
_impure_ptr
abort
calloc
cygwin_conv_to_posix_path
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
free
getenv
malloc
mbrtowc
memcpy
nl_langinfo
qsort
realloc
sprintf
strchr
strcmp
strcpy
strdup
strlen
strncmp
wcrtomb

kernel32

GetACP
GetModuleFileNameA
GetModuleHandleA

Exports

Exports

_libiconv_version
aliases2_lookup
aliases_lookup
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 882KB - Virtual size: 882KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/bin/cygintl-8.dll
.dll windows:4 windows x86 arch:x86

0d01d49f07abc3d0f36ceb5379525b7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
_ctype_
_fopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getuid32
_impure_ptr
_mmap64
_open64
abort
argz_count
argz_next
argz_stringify
bsearch
calloc
close
cygwin_conv_to_posix_path
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fclose
fgets
free
fwrite
getcwd
getenv
malloc
memcpy
mempcpy
munmap
nl_langinfo
pthread_mutex_lock
pthread_mutex_unlock
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
putc
qsort
read
realloc
sprintf
strcasecmp
strchr
strcmp
strcpy
strcspn
strdup
strlen
strncmp
strstr
strtoul
tsearch

cygiconv-2

libiconv
libiconv_open
libiconv_set_relocation_prefix

kernel32

GetACP
GetModuleFileNameA
GetModuleHandleA

Exports

Exports

_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_msg
_nl_language_preferences_default
_nl_load_domain
_nl_locale_name
_nl_locale_name_default
_nl_locale_name_posix
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
_nl_state_lock
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_hash_string
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_once_singlethreaded
libintl_relocate
libintl_set_relocation_prefix
libintl_textdomain
libintl_version
locale_charset
ngettext
textdomain

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/bin/cygwin1.dll
.dll windows:4 windows x86 arch:x86

400661656de0b22c9631b8a6779c390b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey

kernel32

AllocConsole
BackupWrite
ClearCommBreak
ClearCommError
CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMailslotA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetBinaryTypeA
GetCommModemStatus
GetCommState
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetLogicalDrives
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetTapeStatus
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenMutexA
OpenProcess
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetMailslotInfo
SetNamedPipeHandleState
SetPriorityClass
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WriteProcessMemory
WriteTapemark

Exports

Exports

__argc
__argv
__argz_add
__argz_add_sep
__argz_append
__argz_count
__argz_create
__argz_create_sep
__argz_delete
__argz_extract
__argz_insert
__argz_next
__argz_replace
__argz_stringify
__assert
__assertfail
__check_rhosts_file
__cygwin_environ
__cygwin_user_data
__envz_add
__envz_entry
__envz_get
__envz_merge
__envz_remove
__envz_strip
__eprintf
__errno
__f_atan2
__f_atan2f
__f_exp
__f_expf
__f_frexp
__f_frexpf
__f_ldexp
__f_ldexpf
__f_log
__f_log10
__f_log10f
__f_logf
__f_pow
__f_powf
__f_tan
__f_tanf
__fpclassifyd
__fpclassifyf
__getdelim
__getline
__getreent
__infinity
__isinfd
__isinff
__isnand
__isnanf
__main
__mb_cur_max
__mempcpy
__opendir_with_d_ino
__progname
__rcmd_errstr
__signbitd
__signbitf
__signgam
__srget
__srget_r
__swbuf
__swbuf_r
_abort
_abs
_access
_acl
_acl32
_aclcheck
_aclcheck32
_aclfrommode
_aclfrommode32
_aclfrompbits
_aclfrompbits32
_aclfromtext
_aclfromtext32
_aclsort
_aclsort32
_acltomode
_acltomode32
_acltopbits
_acltopbits32
_acltotext
_acltotext32
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_alphasort
_asctime
_asctime_r
_asin
_asinf
_asinh
_asinhf
_asprintf
_asprintf_r
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_check_for_executable
_chmod
_chown
_chown32
_chroot
_clearerr
_clock
_close
_closedir
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_ctime_r
_ctype_
_cuserid
_cwait
_daylight
_difftime
_dirfd
_div
_dll_crt0@0
_drand48
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_endutent
_erand48
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_f_atan2
_f_atan2f
_f_exp
_f_expf
_f_frexp
_f_frexpf
_f_ldexp
_f_ldexpf
_f_log
_f_log10
_f_log10f
_f_logf
_f_pow
_f_powf
_f_tan
_f_tanf
_fabs
_fabsf
_facl
_facl32
_fchdir
_fchmod
_fchown
_fchown32
_fclose
_fcloseall
_fcloseall_r
_fcntl
_fcntl64
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_fdopen64
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgetpos64
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fnmatch
_fopen
_fopen64
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_freopen64
_frexp
_frexpf
_fscanf
_fscanf_r
_fseek
_fseeko
_fseeko64
_fsetpos
_fsetpos64
_fstat
_fstat64
_fstatfs
_fsync
_ftell
_ftello
_ftello64
_ftime
_ftok
_ftruncate
_ftruncate64
_fwrite
_gamma
_gamma_r
_gammaf
_gammaf_r
_gcvt
_gcvtf
_get_osfhandle
_getc
_getc_unlocked
_getchar
_getchar_unlocked
_getcwd
_getdomainname
_getdtablesize
_getegid
_getegid32
_getenv
_geteuid
_geteuid32
_getgid
_getgid32
_getgrent
_getgrent32
_getgrgid
_getgrgid32
_getgrnam
_getgrnam32
_getgroups
_getgroups32
_gethostname
_getlogin
_getmntent
_getmode
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getpwuid32
_getpwuid_r32
_getrlimit
_getrusage
_gets
_gettimeofday
_getuid
_getuid32
_getutent
_getutid
_getutline
_getw
_getwd
_glob
_globfree
_gmtime
_gmtime_r
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_impure_ptr
_index
_infinity
_infinityf
_initgroups32
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_j0
_j0f
_j1
_j1f
_jn
_jnf
_jrand48
_kill
_labs
_lacl
_lchown
_lchown32
_lcong48
_ldexp
_ldexpf
_ldiv
_lgamma
_lgamma_r
_lgammaf
_lgammaf_r
_link
_localeconv
_localtime
_localtime_r
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lrand48
_lseek
_lseek64
_lstat
_lstat64
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mknod32
_mkstemp
_mktemp
_mktime
_mmap64
_modf
_modff
_mount
_nan
_nanf
_nanosleep
_nextafter
_nextafterf
_nice
_nl_langinfo
_nrand48
_ntohl
_ntohs
_open
_open64
_openlog
_pathconf
_pclose
_perror
_pipe
_poll
_popen
_pow
_powf
_printf
_pthread_cleanup_pop
_pthread_cleanup_push
_putc
_putc_unlocked
_putchar
_putchar_unlocked
_putenv
_puts
_pututline
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scandir
_scanf
_scanf_r
_seed48
_seekdir
_seekdir64
_select
_setbuf
_setdtablesize
_setegid
_setegid32
_setenv
_seteuid
_seteuid32
_setgid
_setgid32
_setgrent
_setgroups
_setgroups32
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setregid
_setregid32
_setreuid
_setreuid32
_setrlimit
_setsid
_settimeofday
_setuid
_setuid32

Sections

.text
Size: 1014KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 16B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/cygz.dll
.dll windows:4 windows x86 arch:x86

65c8ec8346a8fb72d22986e4f66a9c69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
_fdopen64
_fopen64
_impure_ptr
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fclose
fflush
fprintf
fputc
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
realloc
sprintf
strcat
strcpy
strerror
strlen
vsnprintf

kernel32

GetModuleHandleA

Exports

Exports

_dist_code
_length_code
_tr_align
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gzclearerr
gzclose
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflatePrime
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
inflate_copyright
inflate_fast
inflate_table
uncompress
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EMCXT/bin/delcont.cmd
EMCXT/bin/dojffs2.cmd
EMCXT/bin/doyaffs2.cmd
EMCXT/bin/etc/group
EMCXT/bin/etc/passwd
EMCXT/bin/gmkdir.exe
.exe windows:4 windows x86 arch:x86

8aeb3b01a1150947f92bc8705b380bec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__isnand
__main
__mb_cur_max
__signbitd
_chown32
_ctype_
_exit
_fchown32
_fcntl64
_fstat64
_impure_ptr
_lchown32
_open64
_stat64
abort
atexit
calloc
chdir
chmod
close
cygwin_internal
dll_crt0__FP11per_process
exit
fchdir
fchmod
fclose
fflush
fork
fprintf
fputs
free
frexp
fwrite
getenv
iswprint
ldexp
malloc
mbrtowc
mbsinit
memcpy
memset
mkdir
printf
putc_unlocked
raise
realloc
setlocale
snprintf
sprintf
strchr
strcmp
strerror_r
strlen
strncmp
umask
waitpid

cygintl-8

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetModuleHandleA

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 552B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/hexalter.exe
.exe windows:4 windows x86 arch:x86

3b391e8db126faa73e5218139b5c932c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
fclose
fopen
free
fseek
ftell
fwrite
malloc
memset
printf
puts
signal
strlen

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/htpasswd.exe
.js
EMCXT/bin/jffs2dump.exe
.exe windows:4 windows x86 arch:x86

d0aba4e07c85faf85d59f6f4bfedfd44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__getreent
__main
_chown32
_fopen64
_impure_ptr
_mknod32
abort
atoi
calloc
chmod
cygwin_internal
dll_crt0__FP11per_process
fclose
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
memchr
memcpy
memmove
memset
mkdir
perror
printf
pthread_atfork
pthread_create
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific
realloc
strcmp
strlen
symlink

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/mkfs.jffs2.exe
.exe windows:4 windows x86 arch:x86

577d801c363f49eec9e16fc4501a0688

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_fopen64
_fstat64
_impure_ptr
_lseek64
_lstat64
_open64
abort
alphasort
asprintf
basename
calloc
chdir
close
cygwin_internal
dirname
dll_crt0__FP11per_process
exit
fclose
fflush
fileno
fprintf
free
fwrite
getc
getcwd
getopt_long
isatty
malloc
memcpy
memmove
memset
optarg
perror
printf
pthread_atfork
putc
puts
read
readlink
realloc
scandir
sprintf
sscanf
strcmp
strdup
strerror
strlen
strncmp
strspn
strtol
time
vfprintf
vsprintf
write

cygz

deflate
deflateEnd
deflateInit_
inflate
inflateEnd
inflateInit_

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/mksquashfs.exe
.exe windows:4 windows x86 arch:x86

bfe2c604b044047e5437c59444afa349

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_fopen64
_ftruncate64
_getgid32
_getgrgid32
_getgrnam32
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_lstat64
_open64
_stat64
calloc
close
closedir
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fprintf
free
fscanf
fwrite
getenv
getpwnam
longjmp
malloc
memcpy
memmove
memset
opendir
perror
printf
putchar
puts
qsort
read
readdir
readlink
realloc
setjmp
signal
sprintf
strcat
strcmp
strcpy
strdup
strerror
strlen
strncpy
strtol
strtoll
time
unlink
write

cygz

compress2
uncompress

kernel32

GetModuleHandleA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/mkyaffs2image.exe
.exe windows:4 windows x86 arch:x86

8d01b3b5f392aaf466abbf6dc15e4c20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_impure_ptr
_lstat64
_open64
_stat64
bsearch
calloc
close
cygwin_internal
dll_crt0__FP11per_process
exit
free
fwrite
malloc
memset
opendir
perror
printf
puts
qsort
read
readdir
readlink
realloc
sprintf
strncpy
write

kernel32

GetModuleHandleA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 234KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/mount.exe
.exe windows:4 windows x86 arch:x86

6050cdf188753d12149c1e460d899866

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_impure_ptr
_stat64
calloc
cygwin_conv_to_win32_path
cygwin_internal
dll_crt0__FP11per_process
endmntent
exit
fprintf
free
getmntent
getopt_long
malloc
mount
opendir
optarg
optind
printf
readdir
realloc
setmntent
strcat
strcmp
strcpy
strdup
strerror
strlen
strpbrk
strrchr
strstr

kernel32

GetDriveTypeA
GetModuleHandleA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/mv.exe
.exe windows:4 windows x86 arch:x86

f1174ec5261bb5bfc74e46ccf2f0ba62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__isnand
__main
__mb_cur_max
__signbitd
_ctype_
_exit
_fchown32
_fcntl64
_fseeko64
_fstat64
_ftruncate64
_getegid32
_geteuid32
_getgid32
_getgroups32
_getuid32
_impure_ptr
_lchown32
_lseek64
_lstat64
_mknod32
_open64
_setregid32
_setreuid32
_stat64
abort
access
atexit
btowc
calloc
chdir
chmod
close
closedir
cygwin_conv_to_full_win32_path
cygwin_internal
dirfd
dll_crt0__FP11per_process
dup
exit
fchdir
fchmod
fclose
fflush
fprintf
fputs
free
frexp
futimes
fwrite
getcwd
getenv
getline
getpagesize
isatty
iswalnum
iswctype
iswlower
iswprint
ldexp
link
longjmp
malloc
mbrtowc
mbsinit
memchr
memcpy
memmove
mempcpy
memset
mkdir
mkfifo
nl_langinfo
opendir
pathconf
printf
putc_unlocked
putchar_unlocked
read
readdir
readlink
realloc
rename
rewinddir
rmdir
setjmp
setlocale
snprintf
sprintf
strcasecmp
strchr
strcmp
strcpy
strerror_r
strlen
strncmp
strndup
strspn
symlink
towlower
towupper
umask
unlink
utimes
wcrtomb
wcscoll
wctype
write

cygintl-8

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

GetACP
GetModuleHandleA

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/tar.cmd
EMCXT/bin/tar.exe
.exe windows:4 windows x86 arch:x86

89ff44ce6180f8505cc463b470d0d8de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__main
__mb_cur_max
_chown32
_ctype_
_exit
_fcntl64
_fdopen64
_fopen64
_freopen64
_fstat64
_ftruncate64
_geteuid32
_getgid32
_getgrgid32
_getgrnam32
_getpwuid32
_getuid32
_impure_ptr
_lchown32
_lseek64
_lstat64
_mknod32
_open64
_setgid32
_setuid32
_stat64
_tzname
abort
access
atoi
atol
bsearch
btowc
calloc
chdir
chmod
clock_gettime
close
closedir
cygwin_internal
dll_crt0__FP11per_process
dup
execl
execlp
execv
exit
fchdir
fclose
fflush
fileno
flockfile
fork
fprintf
fputc
fputs
free
fscanf
fseek
fsync
funlockfile
futimes
fwrite
getc_unlocked
getcwd
getenv
getline
getpagesize
getpid
getpwnam
gettimeofday
gmtime
ioctl
iswalnum
iswctype
iswlower
iswprint
kill
link
localeconv
localtime
localtime_r
malloc
mbrtowc
mbsinit
mbsrtowcs
memchr
memcpy
memmove
mempcpy
memset
mkdir
mkdtemp
mkfifo
nl_langinfo
opendir
pathconf
pipe
putc_unlocked
qsort
read
readdir
readlink
realloc
rename
rmdir
setenv
setlocale
signal
sleep
snprintf
sprintf
strcasecmp
strcat
strchr
strcmp
strcpy
strdup
strerror
strerror_r
strlen
strncmp
strncpy
strndup
strrchr
strspn
strtoimax
strtok
strtoul
strtoumax
symlink
time
towlower
towupper
umask
unlink
unsetenv
utimes
vfprintf
vsnprintf
waitpid
wcrtomb
wcscat
wcscoll
wcslen
wctype
wmemchr
wmemcpy
write

cygiconv-2

libiconv
libiconv_open

cygintl-8

libintl_bindtextdomain
libintl_dgettext
libintl_gettext
libintl_ngettext
libintl_textdomain

kernel32

GetACP
GetModuleHandleA

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/tar2.cmd
EMCXT/bin/tarbz2.cmd
EMCXT/bin/umount.exe
.exe windows:4 windows x86 arch:x86

b1349639907ec97d8cafc99699037c3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_impure_ptr
calloc
cygwin_internal
cygwin_umount
dll_crt0__FP11per_process
endmntent
exit
fprintf
free
getmntent
getopt_long
malloc
optind
printf
realloc
setmntent
strerror
strrchr
strstr

kernel32

GetModuleHandleA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 80B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/unjffs2.cmd
EMCXT/bin/unpack.cmd
EMCXT/bin/unsquashfs.exe
.exe windows:4 windows x86 arch:x86

c1677bed721d1dceff1325e46da08014

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__main
_chown32
_fopen64
_ftruncate64
_geteuid32
_getgrgid32
_getpwuid32
_impure_ptr
_lchown32
_lseek64
_mknod32
_open64
calloc
chmod
close
ctime
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fnmatch
fprintf
fputc
free
fscanf
fwrite
gettimeofday
ioctl
link
localtime
malloc
memcpy
memset
mkdir
posix_regcomp
posix_regerror
posix_regexec
posix_regfree
printf
putc
putchar
puts
read
realloc
setitimer
sigaddset
sigemptyset
signal
sigprocmask
sprintf
strcat
strcmp
strcpy
strdup
strerror
strlen
strncpy
strtol
symlink
umask
unlink
utime
write
_fopen64
_ftruncate64
_geteuid32
_getgrgid32
_getpwuid32
_lchown32
_lseek64
_mknod32
_open64
posix_regcomp
posix_regerror
posix_regexec
posix_regfree
floor
log10
__getreent
pthread_cond_broadcast
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock

cygz

uncompress

kernel32

GetModuleHandleA

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 704KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/untar.cmd
EMCXT/bin/untar2.cmd
EMCXT/bin/untarbz2.cmd
EMCXT/bin/unyaffs.exe
.exe windows:4 windows x86 arch:x86

d9aa620add5eaaaf8cbf54a2ff4ab347

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__getreent
__main
_impure_ptr
_open64
calloc
close
creat
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
link
malloc
memcpy
memset
mkdir
perror
printf
read
realloc
strcat
strcpy
strlen
symlink
write

kernel32

GetModuleHandleA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EMCXT/bin/unyaffs2.cmd
EMCXT/lang/Deutsch.lang
EMCXT/lang/English.lang
EMCXT/lang/Espaol.lang
EMCXT/lang/Franais.lang
EMCXT/lang/Italiano.lang
EMCXT/lang/Portugus.lang

Sharing

General

Malware Config

Signatures

Files

11e8c6e50b51b96c6baab7f0f93f3aba

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 248B

.reloc Size: 12KB - Virtual size: 9KB

94ec982aec9490d794cdfba4f176e862

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

eac21bf90f51097a1bf8906c87f4ee34

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 6KB

f721931590e8e6577ba50dbc8587d435

Headers

File Characteristics

PDB Paths

Imports

version

comctl32

winmm

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 224KB - Virtual size: 222KB

.data Size: 268KB - Virtual size: 411KB

.rsrc Size: 292KB - Virtual size: 290KB

67b0bcf3e6b1c9e3fa205685c61e0a2f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 248B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 224KB - Virtual size: 222KB

.data
Size: 268KB - Virtual size: 411KB

.rsrc
Size: 292KB - Virtual size: 290KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 520KB - Virtual size: 517KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 600B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 616B

.idata
Size: 2KB - Virtual size: 2KB

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 952B

.idata
Size: 3KB - Virtual size: 3KB