winamp503[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

winamp503.exe
Size

4.2MB
MD5

ffb08081efe3c1e9c5fec20a95f9751f
SHA1

f52736a32ac6de0a1d95f1d585dcd6cda0a2dffa
SHA256

64f8f3da8c2044d84f0556330e2b87d3e5a3d81e0b0af3b4d1c479469a3db207
SHA512

a1e49cc1fec06d3b0937b6b5ad3f1802602cbd8f325e5578bb6b013c19e06c13391b34dada4985b30fc82bc271fc6d3420a046572a188a69c3891c46963cf4d2
SSDEEP

98304:N4tzQeRHvlu9fzDqWSbxZ7+Ym/sKeD/lXXmaOV3FgkOP:2zdu9fy3mv/sKydHmhVVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/Plugins/gen_ff.dll
unpack001/Plugins/gen_ml.dll
unpack001/Plugins/gen_tray.dll
unpack001/Plugins/in_mp3.dll
unpack001/Plugins/jpgload.wac
unpack001/Plugins/out_wave.dll
unpack001/winamp.exe
unpack001/winampa.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

winamp503.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:5f:2d:b1:dd:9f:05:1f:4f:e4:a9:36:22:07:9a:7a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

09/12/2003, 00:00

Not After

08/12/2004, 23:59

Subject

CN=AOL\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=AOL Music,O=AOL\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/opt2page.ini
$PLUGINSDIR/opt3page.ini
Plugins/BarcodeFont.ttf
Plugins/BarcodeFont.txt
Plugins/about.maki
Plugins/about.xml
.xml
Plugins/background.png
.png
Plugins/button-font-normal.png
.png
Plugins/button-font-small.png
.png
Plugins/buttons.png
.png
Plugins/checkbox.xml
.xml
Plugins/combobox.xml
.xml
Plugins/debug.sym
Plugins/default-font.png
.png
Plugins/dropdownlist.xml
.xml
Plugins/gen_ff.dll
.dll windows:4 windows x86 arch:x86

50ca92777cd6c4f8fb22f342f8e19963

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcpynA
CloseHandle
GetTickCount
GetModuleFileNameA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetProcAddress
LoadLibraryA
LoadResource
GetPrivateProfileStringA
FindResourceA
WritePrivateProfileStringA
FreeResource
GetPrivateProfileIntA
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrcmpA
GlobalAlloc
GlobalLock
HeapDestroy
GetACP
lstrlenA
GlobalUnlock
FlushInstructionCache
SetProcessWorkingSetSize
GetStringTypeExW
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FindAtomA
GetThreadPriority
InitializeCriticalSection
GetModuleHandleA
GetCurrentProcess
lstrcpyA
lstrcatA
LockResource
DuplicateHandle
MultiByteToWideChar
GetTempFileNameA
SizeofResource
ExitProcess
DeleteAtom
AddAtomA
GetFileAttributesA
OutputDebugStringA
CreateDirectoryA
GetTempPathA
GetLastError
GetWindowsDirectoryA
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetCurrentDirectoryA
QueryPerformanceCounter
SetCurrentDirectoryA
QueryPerformanceFrequency
Sleep
lstrlenW
lstrcmpiA
lstrcatW

user32

ReleaseCapture
GetCapture
GetParent
GetAsyncKeyState
BeginPaint
DefWindowProcA
GetUpdateRect
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
SetActiveWindow
CreateWindowExA
GetFocus
InvalidateRgn
ValidateRect
ValidateRgn
GetUpdateRgn
SetWindowRgn
ClientToScreen
ScreenToClient
SetCapture
GetActiveWindow
OffsetRect
RegisterClassA
GetClassInfoA
GetForegroundWindow
FindWindowA
LockWindowUpdate
DrawTextA
GetDesktopWindow
DrawEdge
PtInRect
DrawFocusRect
SubtractRect
SetRect
DestroyIcon
CreateIconIndirect
InvalidateRect
EnumWindows
GetWindowRgn
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
GetWindowTextLengthA
GetDC
EndPaint
CreateAcceleratorTableA
GetCursorPos
IntersectRect
CharPrevA
SetWindowTextA
EnableWindow
DestroyMenu
CreatePopupMenu
SetDlgItemTextA
UpdateWindow
GetMenuItemCount
InsertMenuA
InsertMenuItemA
RemoveMenu
GetMenuItemInfoA
TrackPopupMenu
ModifyMenuA
LoadCursorA
SetCursor
GetMessagePos
DialogBoxParamA
EndDialog
GetDlgItem
SetParent
GetClientRect
SetFocus
GetWindowLongA
LoadImageA
KillTimer
GetSubMenu
CheckMenuItem
IsIconic
LoadMenuA
EnableMenuItem
SetWindowLongA
SetTimer
PostMessageA
IsWindowVisible
wsprintfA
IsWindow
CallWindowProcA
SetForegroundWindow
GetWindowRect
SetWindowPos
ShowWindow
SendMessageA
GetSysColor
GetWindow
GetWindowTextA
ReleaseDC
DrawFrameControl
FillRect
WindowFromPoint
CreateDialogParamA
DeferWindowPos
EndDeferWindowPos
RedrawWindow
IsChild
GetSystemMetrics
GetDlgItemInt
IsDlgButtonChecked
EnumChildWindows
GetClassNameA
MessageBoxA
DestroyWindow
GetDoubleClickTime
SystemParametersInfoA
CheckDlgButton
MoveWindow
GetKeyState
PeekMessageA
BeginDeferWindowPos

gdi32

GetTextExtentPoint32A
CreateFontA
SetTextColor
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
GetObjectA
CreatePen
MoveToEx
Rectangle
SelectClipRgn
GetClipBox
LineTo
StretchBlt
CreateCompatibleBitmap
InvertRgn
GetRegionData
GetRgnBox
OffsetRgn
PtInRegion
ExtCreateRegion
SetRectRgn
SetROP2
GetFontData
CreateDIBSection
TextOutA
SetStretchBltMode
GetClipRgn
SetBkColor
SetBkMode
AddFontResourceA
RemoveFontResourceA
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
FillRgn
SaveDC
RestoreDC
GetDeviceCaps

ole32

OleUninitialize
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
OleInitialize
CoGetMalloc
RevokeDragDrop
CoCreateInstance
RegisterDragDrop
CoCreateGuid

msvcrt

_CIacos
_read
_open
isspace
ispunct
fputs
asctime
mbstowcs
wcstombs
_setjmp3
floor
fflush
_CIasin
strtod
calloc
strtol
longjmp
fprintf
_iob
__dllonexit
_onexit
_initterm
_adjust_fdiv
?terminate@@YAXXZ
memcmp
strlen
strtok
strftime
localtime
fgets
_access
vfprintf
ftell
fwrite
fread
fopen
fseek
fclose
atof
sprintf
_except_handler3
isalpha
vsprintf
_stati64
srand
time
rand
strncpy
strchr
tolower
strstr
isdigit
realloc
strncmp
_msize
ceil
memmove
sscanf
_CIpow
free
malloc
toupper
atoi
_ftol
__CxxFrameHandler
_purecall
??2@YAPAXI@Z
_isctype
qsort
strcpy
memset
strcmp
memcpy
_tell
_close
_lseek
fputc
abort

olepro32

ord253

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryPoint
DragQueryFileA
ShellExecuteA

oleaut32

SysStringLen
SysFreeString
VariantClear
LoadRegTypeLi
SysAllocString
DispCallFunc
SysAllocStringLen

Exports

Exports

_DllMain@12
winampGetGeneralPurposePlugin

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/gen_ml.dll
.dll windows:4 windows x86 arch:x86

893696b904a4b41139873a82044a2bbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

InitCommonControlsEx

kernel32

GetTempFileNameA
GetTempPathA
MulDiv
GlobalAlloc
GetVolumeInformationA
GetCurrentDirectoryA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersion
DeleteCriticalSection
CreateDirectoryA
GlobalFree
GetLogicalDrives
lstrcatA
GlobalReAlloc
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
SetCurrentDirectoryA
DisableThreadLibraryCalls
InitializeCriticalSection
EnterCriticalSection
Sleep
LeaveCriticalSection
FindNextFileA
GetTickCount
FindFirstFileA
GetFileTime
GetLastError
lstrlenW
FindClose
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetProcAddress
LocalAlloc
lstrcpynA
lstrlenA
lstrcpyA
lstrcmpiA
LocalFree
WaitForSingleObject
WideCharToMultiByte
CreateThread
ReadFile
WriteFile
GetFileSize
CopyFileA
GetCurrentProcessId
MoveFileA
CloseHandle
OutputDebugStringA
CreateFileA
GetCurrentThreadId
DeleteFileA
GetDriveTypeA
GetSystemTime
GetFullPathNameA

user32

ReleaseCapture
ClientToScreen
ScreenToClient
IsWindowVisible
GetParent
GetCapture
DestroyWindow
FindWindowExA
GetWindowTextA
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
DrawTextA
KillTimer
GetCursorPos
GetWindowRect
SetTimer
DialogBoxParamA
PostMessageA
CharNextA
GetClientRect
CopyRect
IsWindow
CreateDialogParamA
ShowWindow
SetDlgItemTextA
UpdateWindow
EndDialog
SetCapture
PeekMessageA
TrackPopupMenu
GetDlgItem
EnableWindow
SendMessageA
wsprintfA
CheckMenuItem
DefWindowProcA
GetNextDlgTabItem
CreateWindowExA
EnableMenuItem
CharPrevA
GetMenuItemInfoA
DeleteMenu
RemovePropA
SetPropA
GetScrollPos
PtInRect
SetRect
GetSubMenu
OffsetRect
MapWindowPoints
GetWindowDC
GetPropA
GetWindow
GetScrollInfo
SetScrollPos
SetScrollInfo
MessageBoxA
ShowScrollBar
UnhookWindowsHookEx
RemoveMenu
DestroyMenu
GetMenuItemCount
InsertMenuItemA
SetWindowsHookExA
SetFocus
GetMessagePos
RegisterClassA
LoadMenuA
GetForegroundWindow
SetForegroundWindow
SetCursor
WindowFromPoint
LoadCursorA
IsChild
GetWindowThreadProcessId
GetClassNameA
EndPaint
CallNextHookEx
BeginPaint
GetDlgCtrlID
GetFocus
SubtractRect
TrackPopupMenuEx
CreatePopupMenu
AppendMenuA
GetUpdateRect
IsWindowEnabled
GetWindowLongA
ValidateRect
GetDC
FillRect
CallWindowProcA
ReleaseDC
InvalidateRect
BeginDeferWindowPos
SetWindowLongA
EnumChildWindows
InvalidateRgn
DeferWindowPos
EndDeferWindowPos
SetWindowPos
GetDlgItemInt
SetDlgItemInt
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetAsyncKeyState
SendDlgItemMessageA
RegisterWindowMessageA
InsertMenuA
GetSysColor

gdi32

DeleteObject
SelectObject
CreatePen
MoveToEx
CombineRgn
CreateRectRgn
SetTextColor
StretchBlt
CreateCompatibleDC
DeleteDC
SetBkMode
CreateBrushIndirect
CreateSolidBrush
GetClipRgn
CreateRectRgnIndirect
SelectClipRgn
SetBkColor
GetNearestColor
GetPixel
SetStretchBltMode
FillRgn
BitBlt
ExtTextOutA
PatBlt
CreateFontA
UnrealizeObject
CreatePatternBrush
SetBrushOrgEx
GetTextMetricsA
Rectangle
CreateBitmap
GetStockObject
LineTo

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
DragQueryPoint
SHGetPathFromIDListA

ole32

CoCreateInstance
CoCreateGuid
OleRun
CoInitialize
CLSIDFromString

oleaut32

SysAllocStringLen
GetErrorInfo
SysFreeString

wsock32

htons
WSACleanup
WSAStartup
connect
WSAGetLastError
select
__WSAFDIsSet
send
recv
shutdown
closesocket
socket
inet_ntoa
ioctlsocket
gethostbyname
gethostbyaddr

msvcrt

fseek
strncmp
wcstombs
fgets
isupper
tolower
islower
toupper
strlen
fprintf
strcmp
memcpy
strcpy
realloc
_ftol
_purecall
fread
isalnum
fwrite
time
localtime
strstr
mktime
strncpy
strchr
calloc
memmove
atoi
fopen
getc
??2@YAPAXI@Z
_splitpath
sprintf
fclose
malloc
free
_makepath
_mkdir
rand
memset
memcmp
strtoul
strcat
strftime
fputs
isalpha
ftell
qsort
__dllonexit
_onexit
_initterm
_adjust_fdiv
_CxxThrowException
_strcmpi
_stricmp
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_access
_unlink
_strdup
_strnicmp

Exports

Exports

winampGetGeneralPurposePlugin

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/gen_tray.dll
.dll windows:4 windows x86 arch:x86

a23bec82e3df24ed2d9c4864f980b908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
WritePrivateProfileStringA

user32

CallWindowProcA
SendMessageA
GetKeyState
DialogBoxParamA
LoadIconA
wsprintfA
SetWindowTextA
SetDlgItemTextA
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetWindowLongA
SetForegroundWindow

shell32

Shell_NotifyIconA

Exports

Exports

winampGetGeneralPurposePlugin

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 669B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/guiobjects.xml
.xml
Plugins/historyeditbox.m
Plugins/historyeditbox.maki
Plugins/historyeditbox.xml
.xml
Plugins/in_mp3.dll
.dll windows:4 windows x86 arch:x86

c1cac1e962f94d2bc90c3cc9ad5b42dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
GetModuleFileNameA
EnterCriticalSection
GetTickCount
GetLastError
GetPrivateProfileStringA
LeaveCriticalSection
CloseHandle
SetFilePointer
ReadFile
lstrcmpiA
WriteFile
CreateFileA
SetEndOfFile
GetFileAttributesA
MulDiv
FindClose
InitializeCriticalSection
DeleteCriticalSection
CreateThread
WaitForSingleObject
Sleep
SetThreadPriority
GetProcAddress
LoadLibraryA
GetVersion
WideCharToMultiByte
FindNextFileW
lstrcmpA
GetPrivateProfileIntA
MoveFileA
DeleteFileA
FindFirstFileA
GetFileSize
DisableThreadLibraryCalls

user32

MessageBoxA
GetAsyncKeyState
GetDlgItemTextA
IsDlgButtonChecked
wsprintfA
SetDlgItemTextA
CheckDlgButton
SendDlgItemMessageA
SendMessageA
GetDlgItem
GetDlgItemInt
SetWindowTextA
DialogBoxParamA
SetDlgItemInt
PostMessageA
SendMessageTimeoutA
EndDialog
CharPrevA
GetWindowTextA
GetWindowLongA
SetWindowLongA
EnableWindow
KillTimer
SetTimer

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

PropertySheetA

wsock32

gethostbyaddr
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
ioctlsocket
closesocket
htons
socket
__WSAFDIsSet
shutdown
connect
WSAGetLastError
select
recv
send

msvcrt

_strnicmp
strcpy
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
printf
_CxxThrowException
_stricmp
wcsncpy
wcslen
time
_ftol
_CIpow
wcscpy
strchr
mbstowcs
strcmp
isdigit
_strdup
_itoa
strncpy
atoi
strlen
memcmp
_except_handler3
memmove
malloc
memcpy
strstr
memset
??2@YAPAXI@Z
strcat
strncmp
__CxxFrameHandler
free
??3@YAXPAX@Z
_purecall

Exports

Exports

CreateAudioDecoder
aacGetBitBuffer
aacGetDecoderInterfaces
winampGetExtendedFileInfo
winampGetInModule2
winampSetExtendedFileInfo
winampWriteExtendedFileInfo

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/jpgload.wac
.dll windows:4 windows x86 arch:x86

7299c18596773224d87ac2768acc8fad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteAtom
ExitProcess
AddAtomA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcmpiA
QueryPerformanceFrequency
DisableThreadLibraryCalls

user32

MessageBoxA
CharPrevA
wsprintfA

msvcrt

memmove
realloc
_adjust_fdiv
_initterm
__dllonexit
_purecall
_onexit
free
longjmp
malloc
_setjmp3
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
isdigit
vsprintf
_msize
strncpy

Exports

Exports

WAC_enumComponent
WAC_getVersion
WAC_init

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/menubutton.m
Plugins/menubutton.maki
Plugins/menubutton.xml
.xml
Plugins/msgbox.xml
.xml
Plugins/out_wave.dll
.dll windows:4 windows x86 arch:x86

894f6275a76aec036cb170727f301e94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
Sleep
LeaveCriticalSection
MulDiv
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalAlloc
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
CloseHandle
WaitForSingleObject
SetEvent
SetThreadPriority
GetCurrentThread
CreateThread
CreateEventA

user32

MessageBoxA
SetTimer
SendMessageA
EndDialog
KillTimer
SendDlgItemMessageA
EnableWindow
GetDlgItem
SetDlgItemTextA
GetWindowLongA
wsprintfA
DialogBoxParamA

winmm

waveOutGetNumDevs
waveOutGetDevCapsA
waveOutWrite
waveOutPrepareHeader
waveOutRestart
waveOutPause
waveOutUnprepareHeader
timeGetTime
waveOutReset
waveOutGetVolume
waveOutGetErrorTextA
waveOutOpen
waveOutSetVolume
waveOutClose

Exports

Exports

winampGetOutModule

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/pathpicker.xml
.xml
Plugins/popupitem.m
Plugins/popupitem.maki
Plugins/popupmenu.xml
.xml
Plugins/seekbar-button-pressed.png
.png
Plugins/seekbar-button.png
.png
Plugins/seekbar-left.png
.png
Plugins/seekbar-middle.png
.png
Plugins/seekbar-right.png
.png
Plugins/selbar.png
.png
Plugins/standardframe.m
Plugins/standardframe.maki
Plugins/statusbar.xml
.xml
Plugins/tabsheet.xml
.xml
Plugins/text_bg.png
.png
Plugins/title.png
.png
Plugins/titlebar-font.png
.png
Plugins/titlebar.m
Plugins/titlebar.maki
Plugins/titlebox.xml
.xml
Plugins/tooltips-elements.png
.png
Plugins/tooltips-elements.xml
Plugins/tooltips.m
Plugins/tooltips.maki
Plugins/tooltips.xml
.xml
Plugins/wasabi.png
.png
Plugins/wasabi.xml
.xml
Plugins/window-elements.png
.png
demo.mp3
whatsnew.txt
winamp.exe
.exe windows:4 windows x86 arch:x86

677294043d1ebf69c9f26397ca35e6db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetPriorityClass
GetLogicalDrives
GetShortPathNameA
lstrcmpA
GetSystemTimeAsFileTime
GlobalUnlock
CreateEventA
CreateSemaphoreA
LoadLibraryExA
GlobalReAlloc
MultiByteToWideChar
RemoveDirectoryA
CreateDirectoryA
LeaveCriticalSection
SetEndOfFile
GetDriveTypeA
ExitProcess
CopyFileA
GetLastError
ReleaseSemaphore
ReadFile
GetFullPathNameA
MoveFileA
GlobalLock
EnterCriticalSection
GetStartupInfoA
FreeLibrary
CreateProcessA
Sleep
CreateThread
WaitForSingleObject
CloseHandle
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
MulDiv
GetTickCount
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriority
FindFirstFileA
FindNextFileA
FindClose
WritePrivateProfileStructA
GetPrivateProfileStructA
lstrcatA
lstrcpyA
CreateFileA
SetFilePointer
WriteFile
GetFileSize
lstrcmpiA
GetTempFileNameA
lstrcpynA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetLocalTime
DeleteFileA
GetTempPathA
GetPrivateProfileIntA
GlobalFree
GetSystemTime
GetModuleHandleA
SystemTimeToFileTime

user32

MessageBoxA
KillTimer
GetClassInfoA
IsDlgButtonChecked
RegisterClassA
IsWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
SendDlgItemMessageA
SetTimer
GetForegroundWindow
EndDialog
GetParent
SetDlgItemTextA
EndPaint
CheckMenuItem
GetWindowTextA
SetWindowTextA
GetWindowDC
ReleaseDC
DestroyWindow
CreateDialogParamA
CheckDlgButton
FindWindowA
DefWindowProcA
CreateWindowExA
BeginPaint
PostMessageA
FillRect
GetUpdateRect
GetDlgItem
GetWindowRect
SetWindowLongA
LoadCursorA
ClientToScreen
ScreenToClient
SetCursor
FindWindowExA
GetCursorPos
IsChild
SetCapture
TrackPopupMenu
ReleaseCapture
SetParent
GetWindowLongA
GetSubMenu
SetWindowPos
InvalidateRect
SendMessageA
GetDlgItemTextA
DrawTextA
SetForegroundWindow
ShowWindow
LoadImageA
wsprintfA
GetAsyncKeyState
EnableWindow
GetSystemMetrics
PeekMessageA
CallWindowProcA
GetKeyState
GetWindowRgn
EnumDisplaySettingsA
SetRect
CharPrevA
TranslateAcceleratorA
DestroyIcon
DestroyCursor
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetWindowRgn
wvsprintfA
CharNextA
SetDlgItemInt
GetDlgItemInt
EnableMenuItem
SetCursorPos
DrawIconEx
SetFocus
WindowFromPoint
SystemParametersInfoA
DialogBoxParamA
GetMenuItemRect
CreatePopupMenu
GetMenuItemCount
ModifyMenuA
SendMessageTimeoutA
GetFocus
DestroyMenu
UpdateWindow
GetMessagePos
PostQuitMessage
InsertMenuA
LoadMenuA
GetSystemMenu
InsertMenuItemA
GetMenuItemInfoA
SetMenuItemInfoA
RegisterWindowMessageA
LoadIconA
SetClassLongA
RemoveMenu
LoadStringA
LoadAcceleratorsA
GetClientRect
GetClassLongA
GetDC
RegisterClipboardFormatA
DeleteMenu

gdi32

UpdateColors
SelectPalette
BitBlt
CreateDIBSection
CreatePalette
GetDeviceCaps
CreateBrushIndirect
GetNearestColor
GetPixel
GetTextMetricsA
CreateFontA
CreateCompatibleBitmap
StretchBlt
ExtSelectClipRgn
Rectangle
IntersectClipRect
SetBkColor
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
EnumFontsA
CreateRectRgn
CreatePolyPolygonRgn
CreatePen
CreateSolidBrush
SetPixel
GetObjectA
RoundRect
GetBkColor
GetTextColor
MoveToEx
LineTo
RealizePalette
SetBkMode
CreateCompatibleDC
SetTextColor
GetDIBits
GetDIBColorTable
SelectObject
DeleteObject
DeleteDC

advapi32

RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetMalloc
DragQueryPoint
DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA

comctl32

ord17

ole32

CoCreateGuid
CoRevokeClassObject
RevokeDragDrop
OleUninitialize
OleInitialize
RegisterDragDrop
CoRegisterClassObject
CoInitialize
CoCreateInstance

comdlg32

GetSaveFileNameA
GetOpenFileNameA

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamOpen
acmStreamConvert
acmStreamClose
acmFormatSuggest
acmFormatDetailsA
acmFormatTagDetailsA
acmFormatChooseA

msvcrt

exit
_onexit
__dllonexit
_exit
isalnum
tolower
strstr
strchr
fwrite
strtol
ceil
__mb_cur_max
qsort
_pctype
srand
_isctype
fseek
ftell
_except_handler3
strncmp
strncpy
realloc
memcmp
fgets
fputc
__CxxFrameHandler
_XcptFilter
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
strcmp
time
localtime
strftime
toupper
sprintf
atoi
strlen
malloc
fprintf
free
sqrt
sin
pow
memset
strcat
fopen
fread
fclose
strcpy
_mbsstr
memcpy
_CIpow
rand
__getmainargs
_initterm
_acmdln
_adjust_fdiv
__p__commode
__setusermatherr
__set_app_type
__p__fmode
_strnicmp
_strdup
_stricmp
_ftol
_controlfp

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winamp.lks
winamp.m3u
winampa.exe
.exe windows:4 windows x86 arch:x86

efb91844dadf329591b1a2e18f510f8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
CloseHandle
SetFilePointer
ReadFile
LoadLibraryExA
FreeLibrary
GetPrivateProfileStringA
lstrcatA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
lstrcmpA
lstrcmpiA
lstrlenA
CreateFileA
GetTickCount
lstrcpyA

user32

CreatePopupMenu
SendMessageA
SetForegroundWindow
GetCursorPos
GetWindowTextA
FindWindowA
DispatchMessageA
GetMessageA
MessageBoxA
CreateWindowExA
InsertMenuItemA
RegisterWindowMessageA
LoadImageA
DestroyIcon
DefWindowProcA
DestroyWindow
PostQuitMessage
SetTimer
wsprintfA
RegisterClassA
DestroyMenu
TrackPopupMenu

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winampmb.htm
.html

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

0a:5f:2d:b1:dd:9f:05:1f:4f:e4:a9:36:22:07:9a:7aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 5KB - Virtual size: 8KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

50ca92777cd6c4f8fb22f342f8e19963

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

msvcrt

olepro32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 348KB - Virtual size: 347KB

.data Size: 137KB - Virtual size: 276KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 197KB - Virtual size: 196KB

893696b904a4b41139873a82044a2bbf

Headers

File Characteristics

Imports

comctl32

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

0a:5f:2d:b1:dd:9f:05:1f:4f:e4:a9:36:22:07:9a:7a
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 348KB - Virtual size: 347KB

.data
Size: 137KB - Virtual size: 276KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 197KB - Virtual size: 196KB

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 25KB - Virtual size: 47KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 669B

.data
Size: 512B - Virtual size: 248B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 228B

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 25KB - Virtual size: 119KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 2KB