echo[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

echo.7z
Size

11.4MB
MD5

4818accedc08bbb6f350a96a7dc11871
SHA1

96b90dd9099b689127c5c965eb1518acbef9bf9e
SHA256

a00dc4b646318db993937ca9006bf9bcd361947ce53946b8b308c14c06c2bbe9
SHA512

19548b09f6b58cbc2913eb35187dacb8b216f057fcd2359a06a98d73a2fd4f9d3b64a8b6cc6cc24f8fe5f22b0c32c93def611882f723a8db4043e044105cb285
SSDEEP

196608:3U6ke4SKN+wM9xEA1uA3eCnyBNSz6vBaVXBqK4s0/lrCpFrhGM4kuSb0n:3ULecNJKTyBNoQKwKhGM4/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1058352281.exe
unpack001/echo/EchoMirage.exe
unpack001/echo/EchoMirageHooks32.dll
unpack001/echo/EchoMirageHooks64.dll
unpack001/echo/EchoMirageUnelevated.exe
unpack001/echo/unins000.exe
unpack001/ollydbg/OLLYDBG 9in1.EXE
unpack001/ollydbg/OLLYDBG.exe
unpack001/ollydbg/RAMHELP.DLL
unpack001/ollydbg/cw3230mt.dll
unpack001/ollydbg/plugin/API_Break.dll
unpack001/ollydbg/plugin/HideDebugger.dll
unpack001/ollydbg/plugin/NonaWrite.dll
unpack001/ollydbg/plugin/ODbgScript.dll
unpack001/ollydbg/plugin/OllyDump.dll
unpack001/ollydbg/plugin/OllyMoreMenu.dll
unpack001/ollydbg/plugin/PhantOm.dll
unpack001/ollydbg/plugin/Poison.dll
unpack001/ollydbg/plugin/StrongOD.dll
unpack001/ollydbg/plugin/analyzethis.dll
unpack001/ollydbg/plugin/bookmarks2.dll
unpack001/ollydbg/plugin/cmdbar.dll
unpack001/ollydbg/plugin/hidedbg.dll
unpack001/ollydbg/plugin/ustrref.dll

Files

echo.7z
.7z
1058352281.exe
.exe windows:4 windows x86 arch:x86

41aa9a1f4bf6f9462a4e644e00d744cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxW

advapi32

RegisterEventSourceA

mscoree

_CorExeMain

comctl32

CreateStatusWindowA

shell32

PathMakeUniqueName

Sections

CODE
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
echo/EchoMirage.chm
.chm
echo/EchoMirage.exe
.exe windows:5 windows x64 arch:x64

00487aa74c91a4dc86982f2621e35a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
VariantInit
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
GetKernelObjectSecurity

user32

MessageBoxA
CharNextW
LoadStringW
SetWindowLongPtrA
GetWindowLongPtrA
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharBuffW
OemToCharA
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDlgButtonChecked
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AttachThreadInput
CharLowerBuffA
CharLowerA
CharUpperA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenA
lstrlenW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiW
lstrcmpA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OpenProcess
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryA
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfoExW
GetCPInfo
GetBinaryTypeW
GetACP
FreeResource
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringW
CloseHandle
Beep
Sleep
MulDiv
GetSystemWow64DirectoryW
OpenThread

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetMetaFileBitsEx
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetCharABCWidthsA
GetCharABCWidthsW
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
GetRandomRgn

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoLockObjectExternal
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHGetFileInfoW
ShellExecuteExA
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW
DragQueryPoint
DragQueryFileA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

shfolder

SHGetFolderPathW

comdlg32

PrintDlgW
ReplaceTextW
FindTextW
ChooseColorW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

msvcrt

isxdigit
isspace
ispunct
isprint
isgraph
iscntrl
isalpha
isalnum
strchr
strncmp
strcmp
memset
memmove
memcpy
memcmp

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

oleacc

LresultFromObject

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
sndPlaySoundW

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillEllipseI
GdipFillPolygonI
GdipDrawPolygonI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenWidth
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientI
GdipCreateLineBrushI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

madTraceProcess

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 133KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageHooks32.dll
.dll windows:5 windows x86 arch:x86

d366e396ccbec601ae4b65ac499b8bff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
GetKernelObjectSecurity

user32

MessageBoxA
CharNextW
LoadStringW
TranslateMessage
PeekMessageW
OpenInputDesktop
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
LoadStringW
GetUserObjectInformationA
GetThreadDesktop
GetSystemMetrics
DispatchMessageW
CloseDesktop
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
OpenProcess
OpenMutexA
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GetVersionExW
GetVersion
GetThreadLocale
GetThreadContext
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
InterlockedExchangeAdd
FreeLibrary
FormatMessageA
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
Sleep

wsock32

getsockopt
getsockname
getpeername

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageHooks64.dll
.dll windows:5 windows x64 arch:x64

26af301f7989ba106062d39730b88f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid

user32

MessageBoxA
CharNextW
LoadStringW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
DispatchMessageW
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
OpenProcess
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GetVersionExW
GetVersion
GetThreadLocale
GetThreadContext
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
Sleep

wsock32

getsockopt
getsockname
getpeername

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageUnelevated.exe
.exe windows:5 windows x64 arch:x64

7e3983ddd94510c54f769279fc03c4b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
SetEvent
SetEnvironmentVariableW
ResetEvent
LocalFree
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileAttributesW
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
FormatMessageW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CloseHandle

shell32

ShellExecuteW

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 416B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/License.txt
echo/unins000.dat
echo/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/Lib/MFC42.Lib
ollydbg/Lib/mfc71.Lib
ollydbg/OLLYDBG 9in1.EXE
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/OLLYDBG.HLP
ollydbg/OLLYDBG.exe
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 702KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/RAMHELP.DLL
.dll windows:5 windows x86 arch:x86

515ee46e8930abe46e0569a1a18643ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_initterm
_adjust_fdiv
__dllonexit
_except_handler3
wcscmp
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_strnicmp
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
_onexit
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
SuspendThread
GetThreadSelectorEntry
GetCurrentThreadId
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/cw3230mt.dll
.dll windows:1 windows x86 arch:x86

6d6178dd454728ac71fabaaca3f58db6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStringTypeA
CompareStringA
GetConsoleMode
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
GetStringTypeW
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
GetSystemDefaultLangID
CompareStringW
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
DuplicateHandle
Beep
EnterCriticalSection
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetCommandLineW
CreateMutexA
CloseHandle
GetConsoleScreenBufferInfo
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
IsBadReadPtr
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
MoveFileA
MoveFileW
MultiByteToWideChar
OutputDebugStringA
PeekConsoleInputA
RaiseException
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
RtlUnwind
ScrollConsoleScreenBufferA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocalTime
SetStdHandle
SetThreadLocale
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
GetStdHandle

user32

wsprintfW
MessageBoxA
LoadStringA
EnumThreadWindows
CharUpperW
CharLowerW

Exports

Exports

@$badd$qpxcrx6string
@$bdele$qpv
@$bdiv$qdrx7complex
@$bdiv$qrx7complext1
@$bdla$qpv
@$blsh$qr7ostreamrx3bcd
@$blsh$qr7ostreamrx6string
@$blsh$qr7ostreamrx7complex
@$bmul$qrx7complext1
@$bnew$qui
@$bnew$quipv
@$bnwa$qui
@$bnwa$quipv
@$brsh$qr7istreamr3bcd
@$brsh$qr7istreamr6string
@$brsh$qr7istreamr7complex
@TDiagBase@Message$qpxct1t1t1ul
@TDiagBase@Out
@TDiagBase@Output$qpxc
@TDiagBase@Trace$qpxct1t1ul
@TDiagBase@Warn$qpxct1t1ul
@TDiagGroupDef@Flags
@TDiagGroupDef@Name
@TDiagGroupDef@Trace$qucpxct2ul
@TDiagGroupDef@Warn$qucpxct2ul
@TRegexp@$basg$qpxc
@TRegexp@$basg$qrx7TRegexp
@TRegexp@$bctr$qpxc
@TRegexp@$bctr$qrx7TRegexp
@TRegexp@$bdtr$qv
@TRegexp@copy_pattern$qrx7TRegexp
@TRegexp@find$xqrx6stringpuiui
@TRegexp@gen_pattern$qpxc
@TRegexp@maxpat
@TRegexp@status$qv
@TStringRef@$bctr$qcui
@TStringRef@$bctr$qp11HINSTANCE__uii
@TStringRef@$bctr$qpxcuit1uiui
@TStringRef@$bdtr$qv
@TStringRef@check_freeboard$qv
@TStringRef@grow_to$qui
@TStringRef@read_to_delim$qr7istreamc
@TStringRef@read_token$qr7istream
@TStringRef@reserve$qui
@TStringRef@round_capacity$qui
@TStringRef@splice$quiuipxcui
@TSubString@$basg$qrx6string
@TSubString@$bcall$qui
@TSubString@$beql$xqpxc
@TSubString@assert_element$xqui
@TSubString@to_lower$qv
@TSubString@to_upper$qv
@_CatchCleanup$qv
@_ReThrowException$quipuc
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1
@__DynamicCast$qpvt1t1t1i
@__DynamicCastVCLptr$qqrpvt1
@__DynamicCastVCLref$qqrpvt1
@__GetTypeInfo$qpvt1t1t1
@__ThrowExceptionName$qv
@__ThrowFileName$qv
@__ThrowLineNumber$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
@_cast_memptr$qpvt1uiuiui
@_vector_apply_$qpvt1uiuiuit1
@_vector_vapply_$qpvt1uiuiuit1
@_wmemchr$qpviui
@_wmemchr$qpxviui
@abs$qrx7complex
@acos$qrx7complex
@arg$qrx7complex
@asin$qrx7complex
@atan$qrx7complex
@complex@$brdiv$qrx7complex
@complex@$brmul$qrx7complex
@conbuf@$bctr$qv
@conbuf@current
@conbuf@makeActive$qv
@conbuf@makeInactive$qv
@conbuf@overflow$qi
@conbuf@swap$qv
@constream@$bctr$qv
@constream@isCon_
@cos$qrx7complex
@cosh$qrx7complex
@dec$qr3ios
@endl$qr7ostream
@ends$qr7ostream
@exp$qrx7complex
@filebuf@$bctr$qi
@filebuf@$bctr$qipci
@filebuf@$bctr$qv
@filebuf@$bdtr$qv
@filebuf@attach$qi
@filebuf@close$qv
@filebuf@lock$qv
@filebuf@open$qpxcii
@filebuf@openprot
@filebuf@overflow$qi
@filebuf@seekoff$ql12ios@seek_diri
@filebuf@setbuf$qpci
@filebuf@sync$qv
@filebuf@underflow$qv
@filebuf@unlock$qv
@flush$qr7ostream
@fstream@$bctr$qi
@fstream@$bctr$qipci
@fstream@$bctr$qpxcii
@fstream@$bctr$qv
@fstream@$bdtr$qv
@fstreambase@$bctr$qi
@fstreambase@$bctr$qipci
@fstreambase@$bctr$qpxcii
@fstreambase@$bctr$qv
@fstreambase@$bdtr$qv
@fstreambase@attach$qi
@fstreambase@close$qv
@fstreambase@open$qpxcii
@fstreambase@setbuf$qpci
@getline$qr7istreamr6string
@getline$qr7istreamr6stringc
@hex$qr3ios
@ifstream@$bctr$qi
@ifstream@$bctr$qipci
@ifstream@$bctr$qpxcii
@ifstream@$bctr$qv
@ifstream@$bdtr$qv
@ios@$bctr$qp9streambuf
@ios@$bctr$qv
@ios@$bdtr$qv
@ios@adjustfield
@ios@basefield
@ios@bitalloc$qv
@ios@clear$qi
@ios@flags$ql
@ios@floatfield
@ios@init$qp9streambuf
@ios@iword$qi
@ios@nextbit
@ios@pword$qi
@ios@setf$ql
@ios@setf$qll
@ios@setstate$qi
@ios@skip$qi
@ios@stdioflush
@ios@sync_with_stdio$qv
@ios@tie$qp7ostream
@ios@unsetf$ql
@ios@usercount
@ios@usersize$qi
@ios@xalloc$qv
@iostream@$bctr$qp9streambuf
@iostream@$bctr$qv
@iostream@$bdtr$qv
@iostream_withassign@$basg$qp9streambuf
@iostream_withassign@$basg$qr3ios
@iostream_withassign@$bctr$qv
@iostream_withassign@$bdtr$qv
@istream@$bctr$qiip7ostream
@istream@$bctr$qipci
@istream@$bctr$qp9streambuf
@istream@$bctr$qp9streambufip7ostream
@istream@$bctr$qv
@istream@$bdtr$qv
@istream@$brsh$qp9streambuf
@istream@$brsh$qpc
@istream@$brsh$qpqr3ios$r3ios
@istream@$brsh$qr4bool
@istream@$brsh$qrc
@istream@$brsh$qrd
@istream@$brsh$qrf
@istream@$brsh$qrg
@istream@$brsh$qri
@istream@$brsh$qrj
@istream@$brsh$qrl
@istream@$brsh$qrs
@istream@$brsh$qruc
@istream@$brsh$qrui
@istream@$brsh$qruj
@istream@$brsh$qrul
@istream@$brsh$qrus
@istream@$brsh$qrzc
@istream@do_get$qv
@istream@eatwhite$qv
@istream@get$qpcic
@istream@get$qr9streambufc
@istream@get$qrc
@istream@get$qruc
@istream@get$qrzc
@istream@get$qv
@istream@getline$qpcic
@istream@ignore$qii
@istream@ipfx$qi
@istream@putback$qc
@istream@read$qpci
@istream@seekg$ql
@istream@seekg$ql12ios@seek_dir
@istream@tellg$qv
@istream_withassign@$basg$qp9streambuf
@istream_withassign@$basg$qr7istream
@istream_withassign@$bctr$qv
@istream_withassign@$bdtr$qv
@istrstream@$bctr$qpc
@istrstream@$bctr$qpci
@istrstream@$bctr$qpuc
@istrstream@$bctr$qpuci
@istrstream@$bctr$qpzc
@istrstream@$bctr$qpzci
@istrstream@$bdtr$qv
@lock$qr3ios
@log$qrx7complex
@log10$qrx7complex
@memchr$qpviui
@memchr$qpxviui
@norm$qrx7complex
@oct$qr3ios
@ofstream@$bctr$qi
@ofstream@$bctr$qipci
@ofstream@$bctr$qpxcii
@ofstream@$bctr$qv
@ofstream@$bdtr$qv
@ostream@$bctr$qi
@ostream@$bctr$qipc
@ostream@$bctr$qp9streambuf
@ostream@$bctr$qv
@ostream@$bdtr$qv
@ostream@$blsh$q4bool
@ostream@$blsh$qc
@ostream@$blsh$qd
@ostream@$blsh$qg
@ostream@$blsh$qj
@ostream@$blsh$ql
@ostream@$blsh$qp9streambuf
@ostream@$blsh$qpqr3ios$r3ios
@ostream@$blsh$qpv
@ostream@$blsh$quj
@ostream@$blsh$qul
@ostream@do_opfx$qv
@ostream@do_osfx$qv
@ostream@flush$qv
@ostream@outstr$qpxct1
@ostream@seekp$ql
@ostream@seekp$ql12ios@seek_dir
@ostream@tellp$qv
@ostream@write$qpxci
@ostream_withassign@$basg$qp9streambuf
@ostream_withassign@$basg$qr7ostream
@ostream_withassign@$bctr$qv
@ostream_withassign@$bdtr$qv
@ostrstream@$bctr$qpcii
@ostrstream@$bctr$qpucii
@ostrstream@$bctr$qpzcii
@ostrstream@$bctr$qv
@ostrstream@$bdtr$qv
@pow$qdrx7complex
@pow$qrx7complexd
@pow$qrx7complext1
@resetiosflags$ql
@set_new_handler$qpqv$v
@setbase$qi
@setfill$qi
@setiosflags$ql
@setprecision$qi
@setw$qi
@sin$qrx7complex
@sinh$qrx7complex
@sqrt$qrx7complex
@std@$blsh$qr7ostreamrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@$brsh$qr7istreamr74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$basg$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxcrx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxct1rx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qpxcuirx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiuirx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bctr$quicrx18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$brplu$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@$bsubs$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@append$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$qrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@assign$quic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@at$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@at$xqui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@c_str$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@capacity$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@clobber$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqpcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqpcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@compare$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@copy$qpcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@copy$xqv
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_not_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_first_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_not_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@find_last_of$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@getRep$quiuir18std@%allocator$tc%
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$qpcpxct2
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$qpcuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quipxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quipxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quirx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@insert$quiuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@npos
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@remove$qpc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@remove$qpct1
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxct3
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1pxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$qpct1uic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuipxc
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuipxcuiuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace$quiuiuic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@replace_aux$quiuirx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%uiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@reserve$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@resize$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@resize$quic
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqpxcui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqpxcuiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@rfind$xqrx74std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%ui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@substr$xquiui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@unSafeClone$qui
@std@%basic_string$tc$t27std@%string_char_traits$tc%$t18std@%allocator$tc%%@unSafeClone$qv
@std@%numeric_limits$t4bool%@digits
@std@%numeric_limits$t4bool%@digits10
@std@%numeric_limits$t4bool%@has_denorm
@std@%numeric_limits$t4bool%@has_infinity
@std@%numeric_limits$t4bool%@has_quiet_NaN
@std@%numeric_limits$t4bool%@has_signaling_NaN
@std@%numeric_limits$t4bool%@is_bounded
@std@%numeric_limits$t4bool%@is_exact
@std@%numeric_limits$t4bool%@is_iec559
@std@%numeric_limits$t4bool%@is_integer
@std@%numeric_limits$t4bool%@is_modulo
@std@%numeric_limits$t4bool%@is_signed
@std@%numeric_limits$t4bool%@is_specialized
@std@%numeric_limits$t4bool%@max_exponent
@std@%numeric_limits$t4bool%@max_exponent10
@std@%numeric_limits$t4bool%@min_exponent
@std@%numeric_limits$t4bool%@min_exponent10
@std@%numeric_limits$t4bool%@radix
@std@%numeric_limits$t4bool%@round_style
@std@%numeric_limits$t4bool%@tinyness_before
@std@%numeric_limits$t4bool%@traps
@std@%numeric_limits$tb%@digits
@std@%numeric_limits$tb%@digits10
@std@%numeric_limits$tb%@has_denorm
@std@%numeric_limits$tb%@has_infinity
@std@%numeric_limits$tb%@has_quiet_NaN
@std@%numeric_limits$tb%@has_signaling_NaN
@std@%numeric_limits$tb%@is_bounded
@std@%numeric_limits$tb%@is_exact
@std@%numeric_limits$tb%@is_iec559
@std@%numeric_limits$tb%@is_integer
@std@%numeric_limits$tb%@is_modulo
@std@%numeric_limits$tb%@is_signed
@std@%numeric_limits$tb%@is_specialized
@std@%numeric_limits$tb%@max$qv
@std@%numeric_limits$tb%@max_exponent
@std@%numeric_limits$tb%@max_exponent10
@std@%numeric_limits$tb%@min$qv
@std@%numeric_limits$tb%@min_exponent
@std@%numeric_limits$tb%@min_exponent10
@std@%numeric_limits$tb%@radix
@std@%numeric_limits$tb%@round_style
@std@%numeric_limits$tb%@tinyness_before
@std@%numeric_limits$tb%@traps
@std@%numeric_limits$tc%@digits
@std@%numeric_limits$tc%@digits10
@std@%numeric_limits$tc%@has_denorm
@std@%numeric_limits$tc%@has_infinity
@std@%numeric_limits$tc%@has_quiet_NaN
@std@%numeric_limits$tc%@has_signaling_NaN
@std@%numeric_limits$tc%@is_bounded
@std@%numeric_limits$tc%@is_exact
@std@%numeric_limits$tc%@is_iec559
@std@%numeric_limits$tc%@is_integer
@std@%numeric_limits$tc%@is_modulo
@std@%numeric_limits$tc%@is_signed
@std@%numeric_limits$tc%@is_specialized
@std@%numeric_limits$tc%@max_exponent
@std@%numeric_limits$tc%@max_exponent10
@std@%numeric_limits$tc%@min_exponent
@std@%numeric_limits$tc%@min_exponent10
@std@%numeric_limits$tc%@radix
@std@%numeric_limits$tc%@round_style
@std@%numeric_limits$tc%@tinyness_before
@std@%numeric_limits$tc%@traps
@std@%numeric_limits$td%@denorm_min$qv
@std@%numeric_limits$td%@digits
@std@%numeric_limits$td%@digits10
@std@%numeric_limits$td%@has_denorm
@std@%numeric_limits$td%@has_infinity
@std@%numeric_limits$td%@has_quiet_NaN
@std@%numeric_limits$td%@has_signaling_NaN
@std@%numeric_limits$td%@infinity$qv
@std@%numeric_limits$td%@is_bounded
@std@%numeric_limits$td%@is_exact
@std@%numeric_limits$td%@is_iec559
@std@%numeric_limits$td%@is_integer
@std@%numeric_limits$td%@is_modulo
@std@%numeric_limits$td%@is_signed
@std@%numeric_limits$td%@is_specialized
@std@%numeric_limits$td%@max_exponent
@std@%numeric_limits$td%@max_exponent10
@std@%numeric_limits$td%@min_exponent
@std@%numeric_limits$td%@min_exponent10
@std@%numeric_limits$td%@quiet_NaN$qv
@std@%numeric_limits$td%@radix
@std@%numeric_limits$td%@round_error$qv
@std@%numeric_limits$td%@round_style
@std@%numeric_limits$td%@signaling_NaN$qv
@std@%numeric_limits$td%@tinyness_before
@std@%numeric_limits$td%@traps
@std@%numeric_limits$tf%@denorm_min$qv
@std@%numeric_limits$tf%@digits
@std@%numeric_limits$tf%@digits10
@std@%numeric_limits$tf%@has_denorm
@std@%numeric_limits$tf%@has_infinity
@std@%numeric_limits$tf%@has_quiet_NaN
@std@%numeric_limits$tf%@has_signaling_NaN
@std@%numeric_limits$tf%@infinity$qv
@std@%numeric_limits$tf%@is_bounded
@std@%numeric_limits$tf%@is_exact
@std@%numeric_limits$tf%@is_iec559
@std@%numeric_limits$tf%@is_integer
@std@%numeric_limits$tf%@is_modulo
@std@%numeric_limits$tf%@is_signed
@std@%numeric_limits$tf%@is_specialized
@std@%numeric_limits$tf%@max_exponent
@std@%numeric_limits$tf%@max_exponent10
@std@%numeric_limits$tf%@min_exponent
@std@%numeric_limits$tf%@min_exponent10
@std@%numeric_limits$tf%@quiet_NaN$qv
@std@%numeric_limits$tf%@radix
@std@%numeric_limits$tf%@round_error$qv
@std@%numeric_limits$tf%@round_style
@std@%numeric_limits$tf%@signaling_NaN$qv
@std@%numeric_limits$tf%@tinyness_before
@std@%numeric_limits$tf%@traps
@std@%numeric_limits$tg%@denorm_min$qv
@std@%numeric_limits$tg%@digits
@std@%numeric_limits$tg%@digits10
@std@%numeric_limits$tg%@has_denorm
@std@%numeric_limits$tg%@has_infinity
@std@%numeric_limits$tg%@has_quiet_NaN
@std@%numeric_limits$tg%@has_signaling_NaN
@std@%numeric_limits$tg%@infinity$qv
@std@%numeric_limits$tg%@is_bounded
@std@%numeric_limits$tg%@is_exact
@std@%numeric_limits$tg%@is_iec559
@std@%numeric_limits$tg%@is_integer
@std@%numeric_limits$tg%@is_modulo
@std@%numeric_limits$tg%@is_signed
@std@%numeric_limits$tg%@is_specialized
@std@%numeric_limits$tg%@max_exponent
@std@%numeric_limits$tg%@max_exponent10
@std@%numeric_limits$tg%@min_exponent
@std@%numeric_limits$tg%@min_exponent10
@std@%numeric_limits$tg%@quiet_NaN$qv
@std@%numeric_limits$tg%@radix
@std@%numeric_limits$tg%@round_error$qv
@std@%numeric_limits$tg%@round_style
@std@%numeric_limits$tg%@signaling_NaN$qv
@std@%numeric_limits$tg%@tinyness_before
@std@%numeric_limits$tg%@traps
@std@%numeric_limits$ti%@digits
@std@%numeric_limits$ti%@digits10
@std@%numeric_limits$ti%@has_denorm
@std@%numeric_limits$ti%@has_infinity
@std@%numeric_limits$ti%@has_quiet_NaN
@std@%numeric_limits$ti%@has_signaling_NaN
@std@%numeric_limits$ti%@is_bounded
@std@%numeric_limits$ti%@is_exact

Sections

CODE
Size: 206KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ollydbg/ini/A.ini
ollydbg/ollydbg.ini
ollydbg/plugin/API_Break.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

CODE
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/plugin/HideDebugger.dll
.dll windows:4 windows x86 arch:x86

558e8575b92177e8d36a209ca3536ec9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetWindowTextA
EndDialog
DialogBoxParamA
CheckDlgButton

kernel32

lstrcpyA
lstrcmpiA
WriteProcessMemory
WritePrivateProfileStringA
CloseHandle
ContinueDebugEvent
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetVersionExA
OpenProcess
ReadProcessMemory
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForDebugEvent

ollydbg.exe

ord88
ord53
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/HideDebugger.ini
ollydbg/plugin/NonaWrite.dll
.dll windows:4 windows x86 arch:x86

2d00b380b59ce2b14107701e803ee850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
RtlMoveMemory
lstrlenA
lstrcpyA
lstrcatA
WriteFile
VirtualAlloc
RtlZeroMemory
ReadFile
GetModuleHandleA
CreateFileA
CloseHandle

user32

SetCursor
SendMessageA
SendDlgItemMessageA
MessageBoxA
LoadIconA
LoadCursorA
GetDlgItemTextA
GetDlgItem
BeginPaint
CallWindowProcA
CharLowerA
CharUpperA
CheckDlgButton
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyRect
CreateCaret
CreateWindowExA
DefWindowProcA
DestroyCaret
DestroyCursor
DrawTextA
DrawTextExA
EmptyClipboard
EndPaint
FillRect
GetAsyncKeyState
GetCaretPos
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetFocus
GetParent
SetDlgItemTextA
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindowLongA
GetWindowTextA
HideCaret
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsClipboardFormatAvailable
IsDlgButtonChecked
KillTimer
LoadBitmapA
MessageBeep
MoveWindow
OpenClipboard
PostMessageA
RegisterClassExA
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollWindow
SetCapture
SetCaretPos
SetClipboardData
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowWindow
UpdateWindow
WindowFromPoint
EndDialog
DialogBoxParamA
DestroyWindow
wsprintfA
GetScrollInfo
SetFocus
GetKeyState

shlwapi

StrToIntExA

ollydbg.exe

ord2
ord88
ord89
ord117
ord4
ord30

comdlg32

GetSaveFileNameA
GetOpenFileNameA

comctl32

ImageList_Add
ImageList_Create
ImageList_Draw
ImageList_Destroy
InitCommonControls

ole32

OleUninitialize
OleInitialize
RegisterDragDrop
DoDragDrop
RevokeDragDrop

gdi32

CreateCompatibleBitmap
DeleteDC
SetBkMode
SetPixel
CreateCompatibleDC
CreateSolidBrush
CreatePen
CreateRectRgn
BitBlt
TextOutA
SetTextColor
SelectClipRgn
DeleteObject
GetTextExtentPoint32A
GetTextMetricsA
LineTo
MoveToEx
SelectObject

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/ODbgScript.dll
.dll windows:4 windows x86 arch:x86

4bdd368c341bf07492c1eb2d8cd5cb70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord27
ord60
ord160
ord45
ord144
ord75
ord61
ord42
ord79
ord44
ord142
ord129
ord19
ord23
ord175
ord149
ord24
ord165
ord77
ord46
ord169
ord25
ord117
ord5
ord32
ord174
ord48
ord13
ord31
ord4
ord161
ord124
ord102
ord141
ord109
ord106
ord10
ord3
ord157
ord33
ord186
ord11
ord131
ord78
ord74
ord1
ord89
ord107
ord87
ord113
ord114
ord28
ord73
ord71
ord92
ord2
ord12
ord100
ord105
ord104
ord93
ord108
ord88
ord101
ord53
ord172
ord90

user32

GetDlgItem
DestroyWindow
GetWindowRect
CreateMenu
PostMessageA
CloseWindow
DialogBoxParamA
GetKeyState
SetForegroundWindow
LoadIconA
SetFocus
SendMessageA
EnumThreadWindows
InvalidateRect
EndDialog
SetWindowPos
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
GetDlgItemTextA
SetDlgItemTextA
GetClassNameA
GetParent
ChildWindowFromPoint
MessageBoxA
GetDesktopWindow
AppendMenuA
IsWindowVisible

shlwapi

StrCmpNIA
PathFileExistsA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

kernel32

CreateFileW
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
RaiseException
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapDestroy
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteProcessMemory
LoadLibraryExA
VirtualAllocEx
GetProcAddress
VirtualFreeEx
FreeLibrary
GetThreadContext
GetFullPathNameA
LocalFree
CloseHandle
QueryPerformanceFrequency
GetModuleHandleA
GetLastError
ReadFile
HeapCreate
WriteFile
FormatMessageA
GetTickCount
HeapFree
QueryPerformanceCounter
HeapAlloc
SetFilePointer
GetFileSize
CreateFileA
FlushFileBuffers
RtlUnwind
Sleep
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
InterlockedExchange
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode

Exports

Exports

ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/OllyDump.dll
.dll windows:4 windows x86 arch:x86

5a3ef0fd287f0ec4556b6cfd980bb4f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Deleteruntrace
_Disasm
_Findmemory
_Findmodule
_Findthread
_Getcputhreadid
_Getstatus
_Plugingetvalue
_Readmemory
_Sendshortcut
_Setcpu
_Settracecondition
_Startruntrace
_Updatelist

comdlg32

GetSaveFileNameA

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
IsBadStringPtrA
LCMapStringA
LoadLibraryA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA

user32

CallWindowProcA
ClientToScreen
DestroyMenu
DialogBoxParamA
EndDialog
EnumThreadWindows
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetSubMenu
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
LoadMenuA
MessageBoxA
MoveWindow
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
TrackPopupMenu
UpdateWindow
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
___CPPdebugHook

Sections

.text
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/plugin/OllyMoreMenu.dll
.dll windows:4 windows x86 arch:x86

9ba7bd6554e5f90c1b1f058b87342154

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ReleaseDC
RegisterHotKey
ModifyMenuA
MessageBoxA
IsDlgButtonChecked
InsertMenuItemA
GetWindowTextA
GetWindowLongA
GetSysColorBrush
GetSysColor
GetMenuStringA
GetMenuItemCount
GetMenu
RemoveMenu
GetDlgItem
GetDesktopWindow
GetDC
EndDialog
DrawTextA
DrawMenuBar
DrawIconEx
DrawCaption
DialogBoxParamA
DestroyIcon
CreatePopupMenu
CheckDlgButton
CallWindowProcA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
UnregisterHotKey
SystemParametersInfoA
GetDlgItemTextA
SetWindowLongA
AppendMenuA
wsprintfA

kernel32

lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WritePrivateProfileStringA
WritePrivateProfileSectionA
SetCurrentDirectoryA
RtlZeroMemory
LocalAlloc
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetCurrentDirectoryA
DeleteFileA
CopyFileA

gdi32

SetTextColor
SetBkMode
SelectObject
PatBlt
GetTextExtentPoint32A
DeleteObject
CreateFontIndirectA

comctl32

ImageList_Create
ImageList_GetIcon
ImageList_AddIcon

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA
SHGetFileInfoA

shlwapi

PathRemoveExtensionA
PathRemoveFileSpecA
PathStripPathA
StrStrA

ollydbg.exe

ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/PhantOm.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

CODE
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/plugin/PhantOm.txt
ollydbg/plugin/Poison.dll
.dll windows:4 windows x86 arch:x86

308548d53372ce06e4aaffea029adf02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
VirtualAllocEx
VirtualProtect
ReadProcessMemory
WriteProcessMemory
lstrcmpiA
lstrcpyA
Process32Next
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentProcess
ExitThread
CreateToolhelp32Snapshot
CreateThread
VirtualProtectEx
CloseHandle

user32

MessageBoxA
GetDlgItem
EndDialog
DialogBoxParamA
SendMessageA

ollydbg.exe

ord53
ord54
ord2
ord23
ord179
ord114
ord92
ord89
ord88
ord117

Exports

Exports

Aggresive
BreakPoints
Hide
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/ReadMeSO.txt
ollydbg/plugin/StrongOD.dll
.dll windows:4 windows x86 arch:x86

4f0b910e7c074e89fbec58bdf4953fba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord90
ord31
ord78
ord93
ord59
ord23
ord53
ord170
ord185
ord89
ord117
ord179
ord38
ord79
ord36
ord186
ord76
ord99
ord115
ord46
ord85
ord2
ord45
ord84
ord92
ord172
ord101
ord73
ord54
ord107
ord60
ord88
ord104
ord44
ord114

kernel32

VirtualProtect
CreateToolhelp32Snapshot
CloseHandle
GetCommandLineA
ExitProcess
CreateFileA
SetFilePointer
CreateProcessA
HeapAlloc
ReadFile
HeapFree
WaitForSingleObject
GetLastError
GetProcessHeap
VirtualProtectEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQueryEx
GlobalAlloc
Sleep
SizeofResource
MultiByteToWideChar
LockResource
DeviceIoControl
GetCurrentProcessId
GetFileSize
GetTempPathA
FindResourceA
DeleteFileA
LoadResource
QueryDosDeviceA
ReadProcessMemory
GetLogicalDriveStringsA
LocalAlloc
GetSystemInfo
LocalFree
CreateRemoteThread
VirtualAllocEx
GlobalFree
OpenThread
lstrcmpiA
VirtualFreeEx
GetModuleFileNameA
GetThreadContext
ContinueDebugEvent
SetThreadContext
WaitForDebugEvent
GetVersionExA
GlobalUnlock
SuspendThread
ResumeThread
GlobalLock
CreateThread
GetModuleHandleA
SetEndOfFile
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
OpenProcess
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
GetStdHandle
WriteFile
HeapReAlloc
Process32Next
LoadLibraryA
VirtualAlloc
GetTickCount
GetProcAddress
DeleteCriticalSection
VirtualFree
Process32First
GetCurrentProcess
WriteProcessMemory
HeapCreate
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DebugActiveProcess
VirtualQuery
GetCurrentThreadId

user32

DefWindowProcA
BeginPaint
SendMessageA
EndPaint
CreateMDIWindowA
PostMessageA
OpenClipboard
EnableWindow
CloseClipboard
SetClipboardData
DialogBoxParamA
GetClipboardData
RegisterClassA
EmptyClipboard
GetKeyState
SendDlgItemMessageA
DrawTextExA
GetDC
ReleaseDC
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetComboBoxInfo
SetWindowTextA
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
UpdateWindow
GetUserObjectSecurity
CloseDesktop
SetProcessWindowStation
OpenDesktopA
OpenWindowStationA
MessageBoxA
SetUserObjectSecurity
CloseWindowStation
GetProcessWindowStation
wsprintfA
ScreenToClient
GetWindowRect
GetSysColor
ShowWindow
FillRect
GetWindowTextA
MoveWindow
DrawTextA
SetWindowLongA
InvalidateRect
IsWindowVisible
CreateWindowExA
FindWindowExA
GetClientRect
CallWindowProcA
GetDlgItem

gdi32

CreateSolidBrush
SetTextColor
SetBkColor
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

BuildExplicitAccessWithNameA
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
RevertToSelf
CreateProcessAsUserA
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
AdjustTokenPrivileges
LookupPrivilegeValueA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService
OpenSCManagerA
StartServiceA
CreateServiceA
MakeAbsoluteSD
GetKernelObjectSecurity
GetTokenInformation
ImpersonateLoggedOnUser
LsaClose
DuplicateTokenEx
GetSecurityDescriptorDacl
GetAce
LsaFreeMemory
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaOpenPolicy
LogonUserA
GetLengthSid
SetSecurityDescriptorDacl
CopySid
CreateRestrictedToken
SetKernelObjectSecurity
GetAclInformation
SetEntriesInAclA
AddAce

netapi32

NetUserAdd
NetUserDel

shlwapi

StrCmpNIA

imagehlp

CheckSumMappedFile

psapi

GetModuleFileNameExA
EnumProcessModules
GetMappedFileNameA

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fengyue
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/analyzethis.dll
.dll windows:4 windows x86 arch:x86

956130e061c0bad0300f5a3b3d487781

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Analysecode
_Error
_Findmodule
_Getdisassemblerrange
_Plugingetvalue

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
___CPPdebugHook

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/plugin/bookmarks2.dll
.dll windows:1 windows x86 arch:x86

bb0ad052b1fc9c0b1915c24fb849dbfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ollydbg.exe

_Addsorteddata
_Addtolist
_Createsorteddata
_Deletesorteddata
_Deletesorteddatarange
_Destroysorteddata
_Disasm
_Finddecode
_Findmemory
_Findmodule
_Findname
_Findsorteddata
_Getsortedbyselection
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Quicktablewindow
_Readmemory
_Registerpluginclass
_Setcpu
_Tablefunction
_Unregisterpluginclass

kernel32

GetVersion
LocalAlloc
LocalFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

user32

AppendMenuA
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
DialogBoxParamA
EndDialog
GetDlgItemTextA
GetKeyState
InvalidateRect
MessageBoxA
SetDlgItemTextA

cw3230mt

@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ErrorMessage
__ExceptionHandler
___debuggerDisableTerminateCallback
__flushall
__free_heaps
__splitpath
__startupd
_abort
_memcpy
_memset
_sprintf
_strcat
_strcmp
_strcpy
_strlen

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
__DebuggerHookData

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/plugin/cmdbar.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/hidedbg.dll
.dll windows:4 windows x86 arch:x86

2141d75527eccaabca6b24c263555ad6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtectEx
lstrcpyA
GetProcAddress
GetModuleHandleA

user32

MessageBoxA

ollydbg.exe

ord88
ord117
ord53
ord2
ord101
ord60

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/plugin/ollyadvanced (v1.25, outdated).chm
.chm
ollydbg/plugin/readme.txt
ollydbg/plugin/ustrref.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/readme RAMODBG.txt
ollypack/OBSIDIUM 1.061 VB ONLY [loveboom].txt
ollypack/OBSIDIUM 1.1.1.4.txt
ollypack/Obsidium 1.061 OEP Finder v0.1 (for VB only).txt
ollypack/Obsidium 1.1.1.4 Unpack (not for VB).txt
ollypack/Obsidium 1.2.5.0 Fix IAT.txt
ollypack/Obsidium 1.2.5.0 OEP Finder.txt
ollypack/Obsidium 1.3.0.x OEP Finder + Find Stolen Code + Fix IAT .txt
.js
ollypack/Obsidium 1.3.4.2 IAT Repair.txt
ollypack/Obsidium 1.3.4.2 OEP Finder (Virtual Protect).txt
ollypack/Obsidium 1.3.4.2 OEP Finder.txt
ollypack/Obsidium 1.3.x.x Unpacking Script.txt
ollypack/Obsidium 1.4.x.x OEP Finder + IAT Repair v0.2.txt
ollypack/Obsidium114.txt

Sharing

General

Malware Config

Signatures

Files

41aa9a1f4bf6f9462a4e644e00d744cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

mscoree

comctl32

shell32

Sections

CODE Size: - Virtual size: 11.5MB

.rdata Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.text Size: 103KB - Virtual size: 104KB

00487aa74c91a4dc86982f2621e35a8b

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

shell32

shfolder

comdlg32

wsock32

msvcrt

winspool.drv

oleacc

winmm

gdiplus

ntdll

Exports

Exports

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.data Size: 473KB - Virtual size: 473KB

.bss Size: - Virtual size: 133KB

.idata Size: 30KB - Virtual size: 29KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 81B

.tls Size: - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 235KB - Virtual size: 235KB

.rsrc Size: 505KB - Virtual size: 505KB

d366e396ccbec601ae4b65ac499b8bff

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wsock32

Sections

.text Size: 378KB - Virtual size: 377KB

.itext Size: 4KB - Virtual size: 4KB

.data Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 20KB

.idata Size: 5KB - Virtual size: 4KB

.didata Size: 512B - Virtual size: 340B

.reloc Size: 29KB - Virtual size: 29KB

.rsrc Size: 9KB - Virtual size: 9KB

26af301f7989ba106062d39730b88f65

Headers

File Characteristics

Imports

CODE
Size: - Virtual size: 11.5MB

.rdata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 103KB - Virtual size: 104KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 473KB - Virtual size: 473KB

.bss
Size: - Virtual size: 133KB

.idata
Size: 30KB - Virtual size: 29KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 81B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 235KB - Virtual size: 235KB

.rsrc
Size: 505KB - Virtual size: 505KB

.text
Size: 378KB - Virtual size: 377KB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 5KB - Virtual size: 4KB

.didata
Size: 512B - Virtual size: 340B

.reloc
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 543KB - Virtual size: 543KB

.data
Size: 59KB - Virtual size: 58KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 6KB - Virtual size: 6KB

.didata
Size: 512B - Virtual size: 448B

.reloc
Size: 20KB - Virtual size: 20KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 16KB - Virtual size: 16KB

.bss
Size: - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 264B

.tls
Size: - Virtual size: 416B

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 97KB - Virtual size: 97KB

CODE
Size: 607KB - Virtual size: 607KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 34KB

.rsrc
Size: 153KB - Virtual size: 153KB

.text
Size: 698KB - Virtual size: 700KB

.data
Size: 116KB - Virtual size: 364KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 214KB - Virtual size: 216KB