echo[.]7z | Triage

Resubmissions

21-05-2024 15:59

240521-tfcgdabb36 7

21-05-2024 15:51

240521-takwkaba8w 7

Sharing

Copy URL

Twitter E-mail

General

Target

echo.7z
Size

17.3MB
MD5

e0499900323a2a13e715c79df240c8cc
SHA1

aab068f2af116efa533c46e42424f16f3eef90b6
SHA256

4b246be91cb37f662827dbfb616b3a0cea66c9ee8db0eeff3808bf057b2b4738
SHA512

f3b2d599431082f4a0591888ba12ccbf9dd518da64004092ee8dbe8fbff75fadee119694b766dff8cfcebb722600b46b950134304ead0d05069ad588a82d0cfb
SSDEEP

393216:URxIrNnI6f7uzW4RyQZecNoTyBNoQKwKhGM4/kOh3Kv:qI6qqzW4RyncN2wNRKoM4de

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
static1/unpack001/ollydbg/Plugins/idaficator.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/ollydbg/Plugins/idaficator.dll	upx

Unsigned PE 38 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1058352281.exe
unpack001/echo/EchoMirage.exe
unpack001/echo/EchoMirageHooks32.dll
unpack001/echo/EchoMirageHooks64.dll
unpack001/echo/EchoMirageUnelevated.exe
unpack001/echo/unins000.exe
unpack001/ollydbg/OllyDbg.exe
unpack001/ollydbg/OllyPath.dll
unpack002/bin/OllyPath.dll
unpack001/ollydbg/Plugins/Asm2Clipboard.dll
unpack001/ollydbg/Plugins/ClearUDD.dll
unpack001/ollydbg/Plugins/CmdBar.dll
unpack001/ollydbg/Plugins/DataRipper.dll
unpack001/ollydbg/Plugins/HiddenThreads.dll
unpack001/ollydbg/Plugins/ICanAttach2.dll
unpack001/ollydbg/Plugins/MnemonicHelp.dll
unpack001/ollydbg/Plugins/ModuleBCL.dll
unpack001/ollydbg/Plugins/ODBJscript.dll
unpack001/ollydbg/Plugins/ODbgScript.dll
unpack001/ollydbg/Plugins/OllyCopy.dll
unpack001/ollydbg/Plugins/OllyFlow.dll
unpack001/ollydbg/Plugins/OllyWow64_0.2.dll
unpack001/ollydbg/Plugins/RemoveCriticality.dll
unpack001/ollydbg/Plugins/SehSpy.dll
unpack001/ollydbg/Plugins/SigMaker.dll
unpack001/ollydbg/Plugins/StollyStruct.dll
unpack001/ollydbg/Plugins/StrongOD.dll
unpack001/ollydbg/Plugins/TLSCatch.dll
unpack001/ollydbg/Plugins/X_CRYPTO.dll
unpack001/ollydbg/Plugins/analyzeThis.dll
unpack001/ollydbg/Plugins/ida_sigs.dll
unpack001/ollydbg/Plugins/idaficator.dll
unpack004/out.upx
unpack001/ollydbg/Plugins/multiasm_odbg.dll
unpack001/ollydbg/Plugins/oDump.dll
unpack001/ollydbg/dumpsig.exe
unpack001/ollydbg/loaddll.exe
unpack001/ollydbg/wingraph32.exe

Files

echo.7z
.7z
1058352281.exe
.exe windows:4 windows x86 arch:x86

41aa9a1f4bf6f9462a4e644e00d744cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxW

advapi32

RegisterEventSourceA

mscoree

_CorExeMain

comctl32

CreateStatusWindowA

shell32

PathMakeUniqueName

Sections

CODE
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
echo/EchoMirage.chm
.chm
echo/EchoMirage.exe
.exe windows:5 windows x64 arch:x64

00487aa74c91a4dc86982f2621e35a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
VariantInit
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
GetKernelObjectSecurity

user32

MessageBoxA
CharNextW
LoadStringW
SetWindowLongPtrA
GetWindowLongPtrA
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharBuffW
OemToCharA
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDlgButtonChecked
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AttachThreadInput
CharLowerBuffA
CharLowerA
CharUpperA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenA
lstrlenW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiW
lstrcmpA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OpenProcess
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTime
GetSystemInfo
GetSystemDirectoryA
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfoExW
GetCPInfo
GetBinaryTypeW
GetACP
FreeResource
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringW
CloseHandle
Beep
Sleep
MulDiv
GetSystemWow64DirectoryW
OpenThread

msimg32

TransparentBlt
GradientFill
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetMetaFileBitsEx
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetCharABCWidthsA
GetCharABCWidthsW
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc
GetRandomRgn

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoLockObjectExternal
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHGetFileInfoW
ShellExecuteExA
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW
DragQueryPoint
DragQueryFileA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

shfolder

SHGetFolderPathW

comdlg32

PrintDlgW
ReplaceTextW
FindTextW
ChooseColorW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

msvcrt

isxdigit
isspace
ispunct
isprint
isgraph
iscntrl
isalpha
isalnum
strchr
strncmp
strcmp
memset
memmove
memcpy
memcmp

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

oleacc

LresultFromObject

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
sndPlaySoundW

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillEllipseI
GdipFillPolygonI
GdipDrawPolygonI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenWidth
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientI
GdipCreateLineBrushI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

madTraceProcess

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 133KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageHooks32.dll
.dll windows:5 windows x86 arch:x86

d366e396ccbec601ae4b65ac499b8bff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
GetKernelObjectSecurity

user32

MessageBoxA
CharNextW
LoadStringW
TranslateMessage
PeekMessageW
OpenInputDesktop
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
LoadStringW
GetUserObjectInformationA
GetThreadDesktop
GetSystemMetrics
DispatchMessageW
CloseDesktop
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
OpenProcess
OpenMutexA
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GetVersionExW
GetVersion
GetThreadLocale
GetThreadContext
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
InterlockedExchangeAdd
FreeLibrary
FormatMessageA
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
Sleep

wsock32

getsockopt
getsockname
getpeername

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageHooks64.dll
.dll windows:5 windows x64 arch:x64

26af301f7989ba106062d39730b88f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid

user32

MessageBoxA
CharNextW
LoadStringW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
DispatchMessageW
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
OpenProcess
OpenFileMappingA
OpenFileMappingW
OpenEventA
OpenEventW
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GetVersionExW
GetVersion
GetThreadLocale
GetThreadContext
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CompareStringW
CloseHandle
Sleep

wsock32

getsockopt
getsockname
getpeername

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/EchoMirageUnelevated.exe
.exe windows:5 windows x64 arch:x64

7e3983ddd94510c54f769279fc03c4b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
SetEvent
SetEnvironmentVariableW
ResetEvent
LocalFree
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileAttributesW
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
FormatMessageW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CloseHandle

shell32

ShellExecuteW

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 416B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
echo/License.txt
echo/unins000.dat
echo/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/OllyDbg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ollydbg/OllyDbg.hlp
ollydbg/OllyPath.dll
.dll windows:4 windows x86 arch:x86

cf629ac1f9b4db24ba83bced5269379f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateDirectoryA
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualQuery
WritePrivateProfileStringA

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memcpy
sprintf

Exports

Exports

dummy

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 120B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Patches/OllyPath_mod.rar
.rar
OllyPath.cbp
.xml
bin/OllyPath.dll
.dll windows:4 windows x86 arch:x86

cf629ac1f9b4db24ba83bced5269379f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateDirectoryA
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualQuery
WritePrivateProfileStringA

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memcpy
sprintf

Exports

Exports

dummy

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 120B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.cpp
main.h
ollydbg/Patches/patches.txt
ollydbg/Patches/plugin_patches.txt
ollydbg/Patches/replace_icons.rar
.rar
BITMAP/APPEAR.bmp
BITMAP/BREAKS.bmp
BITMAP/CLOSE.bmp
BITMAP/CPU.bmp
BITMAP/GOTO.bmp
BITMAP/HANDLES.bmp
BITMAP/HELP.bmp
BITMAP/LOG.bmp
BITMAP/MEMORY.bmp
BITMAP/MODULES.bmp
BITMAP/OPEN.bmp
BITMAP/OPTIONS.bmp
BITMAP/PATCHES.bmp
BITMAP/PAUSE.bmp
BITMAP/REFERS.bmp
BITMAP/RESTART.bmp
BITMAP/RUN.bmp
BITMAP/SOURCE.bmp
BITMAP/STACK.bmp
BITMAP/STEPIN.bmp
BITMAP/STEPOVER.bmp
BITMAP/THREADS.bmp
BITMAP/TILLRET.bmp
BITMAP/TRACE.bmp
BITMAP/TRIN.bmp
BITMAP/TROVER.bmp
BITMAP/WINDOWS.bmp
ICON_ENTRY/10.ico
ICON_ENTRY/11.ico
ICON_ENTRY/12.ico
ICON_ENTRY/13.ico
ICON_ENTRY/14.ico
ICON_ENTRY/15.ico
ICON_ENTRY/16.ico
ICON_ENTRY/17.ico
ICON_ENTRY/18.ico
ICON_ENTRY/19.ico
ICON_ENTRY/20.ico
ICON_ENTRY/21.ico
ICON_ENTRY/22.ico
ICON_ENTRY/23.ico
ICON_ENTRY/24.ico
ICON_ENTRY/3.ico
ICON_ENTRY/4.ico
ICON_ENTRY/5.ico
ICON_ENTRY/6.ico
ICON_ENTRY/7.ico
ICON_ENTRY/8.ico
ICON_ENTRY/9.ico
ollydbg/Plugins/Asm2Clipboard.dll
.dll windows:4 windows x86 arch:x86

e61f2f894125bb9afbf614ac34b38d66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

user32

wsprintfA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
MessageBoxA

ollydbg.exe

ord88
ord101
ord44
ord38
ord31
ord12
ord1
ord49
ord46
ord114
ord30
ord28
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/BYTES.OEP
ollydbg/Plugins/ClearUDD.dll
.dll windows:4 windows x86 arch:x86

71f56675c7d53187466580a02b7dbac8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CloseHandle
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
WriteFile
CreateFileA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

MessageBoxA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/CmdBar.dll
.dll windows:4 windows x86 arch:x86

740c796cfe9487e35921d7ec5aad2eb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Animate
_Assemble
_Broadcast
_Createwatchwindow
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletenamerange
_Disasm
_Dumpbackup
_Expression
_Findalldllcalls
_Findlabel
_Findmemory
_Findthread
_Getcputhreadid
_Getstatus
_Go
_Hardbreakpoints
_Insertname
_Insertwatch
_OpenEXEfile
_Plugingetvalue
_Pluginsaverecord
_Registerpluginclass
_Runtracesize
_Sendshortcut
_Setbreakpoint
_Setcpu
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Startruntrace
_Unregisterpluginclass
_Writememory

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrlenA

comdlg32

ChooseFontA

gdi32

CreateFontIndirectA
CreateSolidBrush
DeleteObject

user32

BeginPaint
CallWindowProcA
CreateWindowExA
DefWindowProcA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetSysColor
GetWindow
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
MessageBoxA
MoveWindow
ScreenToClient
SendMessageA
SetFocus
SetWindowLongA
SetWindowTextA
ShowWindow
WinHelpA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/Plugins/CmdBar.ini
ollydbg/Plugins/DataRipper.dll
.dll windows:4 windows x86 arch:x86

2d429d7c8db97ba30fcda6b5923d28c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetStockObject
MoveToEx
ExtFloodFill
DeleteObject
LineTo
GetPixel
SelectObject
CreatePen
DeleteDC
CreateSolidBrush
CreateCompatibleDC

user32

UpdateWindow
GetDC
SetMenu
SetFocus
SetDlgItemTextA
SetDlgItemInt
GetMenuItemInfoA
SendMessageA
RegisterClassExA
PostQuitMessage
MoveWindow
MessageBoxA
LoadMenuA
TranslateMessage
LoadCursorA
LoadBitmapA
GetWindowTextLengthA
GetWindowTextA
GetSystemMetrics
GetSysColor
GetSubMenu
GetMessageA
GetDlgItem
GetCursorPos
GetClientRect
EndDialog
DispatchMessageA
DialogBoxParamA
TrackPopupMenu
SetWindowTextA
ShowWindow
GetDlgItemInt
LoadIconA
SetMenuItemInfoA
DefWindowProcA
CreateWindowExA
CallWindowProcA
wsprintfA
SetWindowLongA

kernel32

GetFileSize
lstrlenA
lstrcpyA
lstrcmpA
lstrcatA
WriteFile
WinExec
ReadFile
OpenFile
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCurrentDirectoryA
DeleteFileA
CreateFileA
CloseHandle

comctl32

InitCommonControls
CreateStatusWindowA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

DragQueryFileA
ShellExecuteA

oleaut32

SysAllocStringByteLen
SysFreeString

ollydbg.exe

ord89
ord92
ord2
ord101

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginuddrecord

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/HiddenThreads.dll
.dll windows:4 windows x86 arch:x86

fdc6cfbe54d6146201c4e82915b9fe6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

ntdll

ZwQueryInformationThread
strcpy

ollydbg.exe

ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 623B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ICanAttach2.dll
.dll windows:4 windows x86 arch:x86

538e5ff3792b43ef5760ef69b48a08d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualProtectEx
GetModuleHandleA
GetProcAddress
VirtualAllocEx
VirtualProtect

user32

MessageBoxA

ollydbg.exe

ord2

ntdll

strcpy

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 767B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/MnemonicHelp.dll
.dll windows:5 windows x86 arch:x86

8916a878f46c8ed1ce079322140be7e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
lstrcpyA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetTickCount
CreateFileA
Sleep
InterlockedExchange

user32

SendDlgItemMessageA
MessageBeep
wsprintfA
SendMessageA
MessageBoxA
EndDialog
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
WinHelpA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

ollydbg.exe

ord89
ord44
ord101
ord2
ord31
ord88
ord92
ord38
ord93
ord90

msvcr90

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
sscanf_s
__lconv_init
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
memset

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginshortcut

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ModuleBCL.dll
.dll windows:5 windows x86 arch:x86

1878dc81f51673807650130c4df2a97d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\NetShared\C_Development\ModuleBCL\Release\ModuleBCL.pdb

Imports

ollydbg.exe

ord46
ord84
ord99
ord71
ord45
ord102
ord88
ord185
ord2
ord101
ord6

kernel32

GetFileSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
CreateFileA
InterlockedExchange
lstrcmpA
VirtualFree
FormatMessageA
WriteFile
ReadFile
GetLastError
VirtualAlloc
CloseHandle
DeleteFileA
lstrcpyA
Sleep

user32

MoveWindow
SetDlgItemTextA
DialogBoxParamA
GetDlgItemTextA
EndDialog
InvalidateRect
MessageBoxA
SendMessageA
wsprintfA
LoadIconA
GetWindowRect

msvcr90

sscanf
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
sprintf
memset
free
malloc
strtoul
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ODBJscript.chm
.chm
ollydbg/Plugins/ODBJscript.dll
.dll windows:5 windows x86 arch:x86

b2ba925dcc01a3b446c80b49b70db66d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
lstrlenA
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualFreeEx
VirtualAllocEx
lstrcpyA
CreateThread
CreateEventA
CloseHandle
WaitForSingleObject
PulseEvent
VirtualProtect
GetSystemInfo
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

SendMessageA
PostMessageA
wsprintfA
SetDlgItemTextA
GetDlgItemTextA
CreateDialogParamA
GetKeyState
MessageBoxA
EndDialog

ollydbg.exe

ord27
ord170
ord7
ord12
ord1
ord138
ord55
ord121
ord142
ord140
ord63
ord141
ord62
ord177
ord183
ord79
ord147
ord150
ord144
ord67
ord68
ord145
ord149
ord152
ord25
ord123
ord116
ord182
ord83
ord59
ord155
ord112
ord33
ord65
ord143
ord82
ord81
ord171
ord136
ord41
ord43
ord156
ord97
ord96
ord95
ord94
ord125
ord133
ord132
ord23
ord45
ord3
ord124
ord161
ord174
ord179
ord2
ord172
ord60
ord53
ord107
ord5
ord88
ord117
ord44
ord101
ord77
ord176
ord135
ord134
ord47
ord48
ord52
ord139
ord20
ord127
ord128
ord17
ord19
ord110
ord126
ord54
ord130
ord158
ord102
ord181
ord166
ord168
ord167
ord8
ord180
ord4
ord164
ord34
ord84
ord99
ord115
ord78
ord35
ord85
ord73
ord93
ord90
ord6
ord186
ord39
ord74
ord129
ord165
ord10
ord11
ord157
ord31
ord32
ord46
ord42
ord169
ord24
ord108
ord109
ord185
ord106

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA

msvcr90

??_V@YAXPAX@Z
tan
sin
sqrt
pow
log
exp
cos
ceil
_copysign
atan2
atan
asin
acos
fabs
isalpha
fmod
localeconv
strcpy
_HUGE
log10
_purecall
memcmp
strchr
isxdigit
tolower
_fstat64i32
getc
fopen
memmove
realloc
calloc
_fpclass
malloc
strlen
strcmp
strncmp
_finite
_isnan
floor
isspace
_tzset
_localtime64
sprintf
strftime
_set_invalid_parameter_handler
strstr
_setjmp3
getenv
isprint
bsearch
_errno
exit
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
__lconv_init
_itoa_s
__iob_func
fprintf
abort
fgets
ferror
feof
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??_U@YAPAXI@Z
strtoul
memset
memcpy_s
sprintf_s
fprintf_s
strcpy_s
fopen_s
fwrite
fclose
memcpy
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_fileno
abs
vfprintf
fflush
free
isdigit

msvcp90

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?max@?$numeric_limits@I@std@@SAIXZ

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
_SNDG_Pluginaction
_SNDG_Pluginclose
_SNDG_Plugindata
_SNDG_Plugininit
_SNDG_Pluginmenu

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ODbgScript.chm
.chm
ollydbg/Plugins/ODbgScript.dll
.dll windows:5 windows x86 arch:x86

9dc65eadff077816f7e7fca07fceda80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord27
ord160
ord170
ord45
ord144
ord75
ord61
ord42
ord44
ord142
ord128
ord129
ord19
ord23
ord175
ord149
ord24
ord165
ord77
ord127
ord169
ord25
ord117
ord5
ord32
ord174
ord48
ord13
ord31
ord4
ord161
ord124
ord39
ord102
ord141
ord109
ord106
ord10
ord3
ord157
ord33
ord186
ord60
ord11
ord131
ord78
ord74
ord1
ord79
ord89
ord107
ord87
ord113
ord114
ord46
ord28
ord73
ord71
ord92
ord2
ord12
ord100
ord65
ord105
ord104
ord93
ord108
ord88
ord101
ord53
ord172
ord90

kernel32

HeapAlloc
QueryPerformanceCounter
GetCurrentProcess
SetFilePointer
GetFileSize
CreateFileA
GetTickCount
FormatMessageA
WriteFile
HeapCreate
ReadFile
GetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
QueryPerformanceFrequency
CloseHandle
LocalFree
GetFullPathNameA
IsBadCodePtr
GetThreadContext
lstrlenA
lstrcpynA
LocalAlloc
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetSystemTimeAsFileTime
WriteProcessMemory
GetCurrentProcessId
GetCurrentThreadId
VirtualAllocEx
VirtualFreeEx
GetCurrentThread
FreeLibrary
HeapFree

user32

GetClassNameA
SetDlgItemTextA
DestroyWindow
GetWindowRect
CreateMenu
PostMessageA
DialogBoxParamA
GetKeyState
SetForegroundWindow
LoadIconA
SetFocus
SendMessageA
InvalidateRect
GetDlgItem
EndDialog
SetWindowPos
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
GetParent
FindWindowExA
ChildWindowFromPoint
MessageBoxA
GetDesktopWindow
AppendMenuA
IsWindowVisible
EnumThreadWindows
GetDlgItemTextA

shlwapi

StrCmpNIA
PathFileExistsA

comdlg32

GetOpenFileNameA

shell32

ShellExecuteA

mfc42

ord1168
ord826
ord269
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord825
ord823

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0out_of_range@std@@QAE@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0logic_error@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1out_of_range@std@@UAE@XZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

msvcrt

strtoul
strncat
strncmp
ceil
strstr
_stricmp
_itoa
wcsncpy
strtok
fopen
_ultoa
toupper
realloc
_splitpath
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_CxxThrowException
_callnewh
memset
memcpy
__lconv_init
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
??0exception@@QAE@ABV0@@Z
strncpy
tolower
strchr
malloc
free
sscanf
sprintf
_strupr
__CxxFrameHandler
strrchr

Exports

Exports

DebugScript
ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ODbgScript.txt
.js
ollydbg/Plugins/OllyCopy.dll
.dll windows:5 windows x86 arch:x86

e677f079ced7565adfb8787cea524604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\rewrite\trunk\OllyCopy\Release\OllyCopy.pdb

Imports

ollydbg.exe

ord88
ord45
ord31
ord89
ord93
ord92
ord90
ord101

kernel32

GlobalAlloc
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalLock
EncodePointer
GlobalUnlock
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

MessageBoxA
EmptyClipboard
SetWindowsHookExA
OpenClipboard
CallNextHookEx
DialogBoxParamA
GetKeyState
SetWindowLongA
GetWindowLongA
CallWindowProcA
CloseClipboard
SetDlgItemTextA
GetDlgItemTextA
EndDialog
GetDlgItem
SendMessageA
GetDlgItemInt
SetClipboardData

msvcr100

sprintf
memcpy
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_unlock
__dllonexit
_lock

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/OllyFlow.dll
.dll windows:4 windows x86 arch:x86

506afa0cf48ee2fe0ef045543f83b1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
CreateFileA
GetTempFileNameA
GetTempPathA
GetPrivateProfileStringA
CloseHandle
WriteFile
FindClose
GetLastError
FindNextFileA
DeleteFileA
FindFirstFileA
GetModuleFileNameA
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc

user32

MessageBoxA

shell32

ShellExecuteA

ollydbg.exe

ord46
ord101
ord32
ord134
ord53
ord172
ord45
ord35
ord135
ord38
ord157
ord33
ord31
ord88
ord147
ord6
ord60
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/OllyFlow.ini
ollydbg/Plugins/OllyWow64_0.2.dll
.dll windows:4 windows x86 arch:x86

1d254aa36703c1c16d4c10056b9be62a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect

user32

MessageBoxA

ollydbg.exe

ord2

ntdll

strcpy

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/RemoveCriticality.dll
.dll windows:4 windows x86 arch:x86

bcff1c10d7554700edf51ff5bd2d4e6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord2

ntdll

ZwSetInformationProcess
strcpy

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/SehSpy.dll
.dll windows:4 windows x86 arch:x86

5174b6384cee56822c87f9a7b6e907b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord73
ord179
ord2
ord53
ord101
ord60

kernel32

HeapDestroy
FlushFileBuffers
CloseHandle
CreateFileA
GetThreadContext
GetModuleHandleW
HeapSize
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

MessageBoxW
EndDialog
DialogBoxParamW
SetDlgItemTextW

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/SigMaker.dll
.dll windows:5 windows x86 arch:x86

49d3ab3032ba61265825996cdb83ac8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord78
ord31
ord2
ord101
ord98
ord107
ord45
ord92
ord89

kernel32

RtlUnwind
GetProcessHeap
SetEndOfFile
HeapSize
ReadFile
Sleep
CreateThread
GlobalLock
FormatMessageA
GlobalAlloc
GlobalUnlock
LocalFree
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
CreateFileA
LoadLibraryA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
CloseHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount

user32

EndDialog
GetDlgItem
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
MessageBoxA
SendMessageA
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
IsDlgButtonChecked
CheckDlgButton
SetWindowTextA

shell32

ShellExecuteA

Exports

Exports

_ODBG_Paused
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/StollyStruct.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/StrongOD.dll
.dll windows:5 windows x86 arch:x86

4f46924c60bdf59293c42b8f6fa50dd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord179
ord92
ord98
ord78
ord59
ord38
ord93
ord27
ord185
ord89
ord186
ord76
ord85
ord2
ord45
ord84
ord99
ord115
ord46
ord90
ord31
ord25
ord4
ord161
ord79
ord175
ord73
ord117
ord172
ord171
ord75
ord106
ord101
ord124
ord152
ord173
ord180
ord108
ord164
ord167
ord169
ord155
ord5
ord42
ord23
ord53
ord170
ord174
ord109
ord60
ord104
ord114
ord91
ord54
ord107
ord88
ord44
ord36

kernel32

VirtualFree
OpenProcess
lstrcmpiA
GetProcAddress
VirtualAlloc
Process32Next
GetModuleHandleA
VirtualProtect
CreateToolhelp32Snapshot
CloseHandle
ExitProcess
CreateFileA
SetFilePointer
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
GetCommandLineA
ReadProcessMemory
CreateProcessA
ReadFile
FlushInstructionCache
GetLastError
VirtualProtectEx
VirtualAllocEx
ResumeThread
MapViewOfFile
UnmapViewOfFile
VirtualQueryEx
GlobalAlloc
CreateFileMappingA
GetFileSize
Sleep
MultiByteToWideChar
DeviceIoControl
GetModuleFileNameA
GetCurrentProcessId
GetTempPathA
DeleteFileA
Process32First
HeapCreate
HeapSize
LoadLibraryA
QueryDosDeviceA
WideCharToMultiByte
TerminateThread
IsBadWritePtr
GlobalFree
OpenThread
LocalAlloc
GetSystemInfo
GetCurrentThreadId
OutputDebugStringA
LocalFree
GetTickCount
CreateThread
DebugActiveProcess
GetThreadContext
SetThreadContext
MoveFileExA
GlobalLock
GetCurrentThread
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
LeaveCriticalSection
GlobalUnlock
CopyFileA
EnterCriticalSection
ContinueDebugEvent
WaitForDebugEvent
GetVersionExA
WinExec
SuspendThread
WriteFile
MoveFileA
GetCurrentDirectoryA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlUnwind
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStdHandle
GetModuleHandleW
DeleteCriticalSection
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
InitializeCriticalSection
VirtualQuery

user32

GetDesktopWindow
EnumChildWindows
PostMessageA
OpenClipboard
MessageBoxW
EmptyClipboard
SetForegroundWindow
SetClipboardData
CreateMDIWindowA
GetClipboardData
DialogBoxParamA
InSendMessage
GetClassLongA
GetWindowLongA
GetWindowLongW
GetForegroundWindow
GetClassLongW
LoadImageA
MoveWindow
GetWindow
GetKeyState
CloseClipboard
EnableWindow
CallWindowProcA
SetWindowTextA
DeferWindowPos
ShowWindow
GetSysColor
DefWindowProcA
CreateWindowExA
InvalidateRect
SetWindowLongA
GetWindowTextA
BeginPaint
DestroyWindow
GetMessageA
SetTimer
PostQuitMessage
TranslateMessage
UnregisterClassA
SetWindowPos
DispatchMessageA
GetSystemMetrics
LoadCursorA
RegisterClassA
SendDlgItemMessageA
DrawTextExA
ReleaseDC
GetDlgItem
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetComboBoxInfo
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
UpdateWindow
SetProcessWindowStation
OpenDesktopA
CloseWindowStation
GetProcessWindowStation
GetUserObjectSecurity
CloseDesktop
OpenWindowStationA
MessageBoxA
SetUserObjectSecurity
SendInput
WinHelpA
wsprintfA
EndPaint
ScreenToClient
GetWindowRect
FillRect
DrawTextA
GetClientRect
SetFocus
GetWindowTextLengthA
SendMessageA
GetDC

gdi32

SelectObject
DeleteObject
SetBkColor
GetObjectA
GetStockObject
CreateCompatibleDC
DeleteDC
BitBlt
SetTextColor
CreateSolidBrush

comdlg32

GetOpenFileNameA

advapi32

GetSecurityDescriptorDacl
LsaFreeMemory
LogonUserA
GetLengthSid
BuildExplicitAccessWithNameA
AddAce
FreeSid
RevertToSelf
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetKernelObjectSecurity
MakeAbsoluteSD
ImpersonateLoggedOnUser
LsaClose
DuplicateTokenEx
GetAce
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
CreateRestrictedToken
GetAclInformation
GetKernelObjectSecurity
GetTokenInformation
LsaEnumerateAccountRights
LsaOpenPolicy
SetEntriesInAclA
OpenProcessToken
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueA
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
ImpersonateSelf
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
CreateServiceA
StartServiceA
ChangeServiceConfigA

shell32

ShellExecuteExA

netapi32

NetUserDel
NetUserAdd

shlwapi

SHRegCloseUSKey
StrCmpNIA
SHRegWriteUSValueA
SHRegCreateUSKeyA

imagehlp

CheckSumMappedFile

psapi

EnumProcessModules
GetMappedFileNameA
GetModuleFileNameExA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetGetConnectedState

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.fengyue
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/TLSCatch.dll
.dll windows:4 windows x86 arch:x86

b6e2a6cc8bbb3d1f057799a715ded087

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
ReadProcessMemory
WriteProcessMemory
GetCurrentProcess
GetModuleHandleA

user32

MessageBoxA

ollydbg.exe

ord2
ord106
ord79

ntdll

memcpy
strcpy
_ultoa

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 854B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/X_CRYPTO.dll
.dll windows:4 windows x86 arch:x86

ed0bfc41a1451e7cb0633c9f9808272a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ollydbg.exe

_Plugingetvalue

comctl32

_TrackMouseEvent

comdlg32

GetOpenFileNameA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 238KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ollydbg/Plugins/analyzeThis.dll
.dll windows:4 windows x86 arch:x86

d6bab4d05b422a00b330bc99e484138f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addsorteddata
_Addtolist
_Analysecode
_Deletenonconfirmedsorteddata
_Disasm
_Findmodule
_Findthread
_Getcputhreadid
_Getdisassemblerrange
_Plugingetvalue

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA
VirtualProtect

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memcpy
memset
sprintf
strcmp
strcpy
strlen

user32

DialogBoxParamA
EndDialog
GetDlgItem
GetDlgItemTextA
MessageBoxA
SendMessageA
SetDlgItemTextA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ida_sigs.dll
.dll windows:4 windows x86 arch:x86

eab28f219972a2cb39654c24603af1d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
GetDC
SetWindowTextA
wsprintfA
EnableWindow
SetDlgItemTextA
SetTimer
SendDlgItemMessageA
LoadIconA
KillTimer
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA

kernel32

ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
DeleteFileA
GetModuleFileNameA
GetPrivateProfileStringA
GetTempPathA
MapViewOfFile
CreateThread
RtlMoveMemory
RtlZeroMemory
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WritePrivateProfileStringA
lstrcatA
lstrcpyA
lstrlenA
CreateProcessA
CreateFileMappingA
CreateFileA
CloseHandle
ReadFile
GetFileSize

gdi32

CreatePen
MoveToEx
LineTo
CreateFontIndirectA
SelectObject
DeleteObject

ole32

CoTaskMemFree

ollydbg.exe

ord99
ord88
ord2
ord84
ord39
ord132
ord61

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

comdlg32

GetOpenFileNameA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/ida_sigs.ini
ollydbg/Plugins/idaficator.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
_SNDG_Pluginaction
_SNDG_Pluginclose
_SNDG_Plugindata
_SNDG_Plugindestroy
_SNDG_Plugininit
_SNDG_Pluginmenu
_SNDG_Pluginsaveudd
_SNDG_Pluginshortcut
_SNDG_Pluginuddrecord

Sections

UPX0
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 259KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/multiasm.chm
.chm
ollydbg/Plugins/multiasm_odbg.dll
.dll windows:5 windows x86 arch:x86

8500dad885776caa8c0e2656758c2d7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
ImageList_Draw

ollydbg.exe

ord2
ord90
ord44
ord45
ord38
ord89
ord101
ord31
ord4
ord170
ord88
ord73
ord136
ord92
ord117
ord99
ord93
ord84
ord25
ord46

kernel32

lstrlenA
WriteFile
GetPrivateProfileIntA
GetFileAttributesA
ReadFile
lstrcatA
CreateDirectoryA
FindFirstFileA
lstrcmpA
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileA
GetModuleFileNameA
GetTempPathA
DeleteFileA
DisableThreadLibraryCalls
HeapReAlloc
InterlockedCompareExchange
GetTickCount
GetCurrentThreadId
MultiByteToWideChar
ExitProcess
GetLastError
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapCreate
HeapDestroy
RtlMoveMemory
WideCharToMultiByte
CreateFileA
GetFullPathNameA
lstrcpyA
CreateThread
CloseHandle
WaitForMultipleObjects
CreateEventA
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
HeapAlloc
lstrcmpiA

user32

IsWindowEnabled
LoadMenuA
GetSubMenu
IsIconic
TrackPopupMenu
SendDlgItemMessageA
PostQuitMessage
CreateDialogParamA
GetWindowRect
SetFocus
SendMessageA
ClientToScreen
RedrawWindow
ScreenToClient
MessageBoxIndirectA
DialogBoxParamA
IsDlgButtonChecked
CheckDlgButton
EndDialog
ValidateRect
GetDlgCtrlID
CallWindowProcA
IsWindowVisible
ReleaseCapture
UnhookWindowsHookEx
SetWindowsHookExA
ReleaseDC
DragDetect
SetPropA
GetWindowTextA
GetCapture
GetDC
FindWindowExA
RemovePropA
CallNextHookEx
GetParent
GetFocus
GetPropA
SetCapture
BeginPaint
CharLowerA
CharUpperA
ChildWindowFromPoint
CloseClipboard
CopyRect
CreateCaret
DestroyCaret
DestroyCursor
DrawTextA
DrawTextExA
EmptyClipboard
EndPaint
FillRect
GetClipboardData
GetCursor
GetCursorPos
GetKeyState
wsprintfA
GetSysColor
GetSystemMetrics
GetUpdateRect
HideCaret
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsClipboardFormatAvailable
KillTimer
LoadBitmapA
LoadCursorA
MessageBeep
MoveWindow
OpenClipboard
RegisterClassExA
ScrollWindow
SetCaretPos
SetClipboardData
SetCursor
SetScrollInfo
SetTimer
SetWindowTextA
ShowCaret
TabbedTextOutA
UpdateWindow
WindowFromPoint
RegisterWindowMessageA
PtInRect
IsDialogMessageA
TranslateMessage
GetForegroundWindow
GetWindowPlacement
SetWindowLongA
MessageBoxA
UnregisterClassA
GetWindowLongA
CreateWindowExA
EnableMenuItem
TranslateAcceleratorA
GetDlgItem
DefWindowProcA
SetWindowPos
LoadAcceleratorsA
GetCaretPos
ShowWindow
PostMessageA
DispatchMessageA
DeferWindowPos
SystemParametersInfoA
BeginDeferWindowPos
LoadImageA
MapWindowPoints
EnableWindow
DestroyMenu
DestroyIcon
EndDeferWindowPos
GetScrollInfo
GetClientRect
RegisterClassA
GetWindow
DestroyWindow
GetMessageA

gdi32

CreateRectRgn
CreateSolidBrush
DeleteDC
GetDeviceCaps
GetObjectA
GetStockObject
GetTextExtentPoint32A
CreatePen
LineTo
MoveToEx
SelectClipRgn
SetPixel
SetTextColor
TextOutA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
GetTextMetricsA
DeleteObject
SetBkColor
SelectObject
SetBkMode

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA
ReplaceTextA
CommDlgExtendedError

shell32

ShellExecuteA

ole32

RegisterDragDrop
DoDragDrop
RevokeDragDrop

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginshortcut

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Plugins/oDump.dll
.dll windows:4 windows x86 arch:x86

f9a1512dd7dd1f70139d21e0e5ad2c96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
WriteFile
ReadProcessMemory
DeleteFileA
CloseHandle
GlobalAlloc
CreateFileA
VirtualQueryEx
ReadFile
SetFilePointer
GetSystemInfo
GetProcAddress
GetModuleHandleA
DuplicateHandle
GetCurrentProcess

user32

SetWindowTextA
GetDlgItem
DialogBoxParamA
EndDialog
MessageBoxA
EnableWindow
GetWindowTextA

comdlg32

GetSaveFileNameA

ntdll

strcpy
toupper
_ultoa
strtoul
strlen
memset

ollydbg.exe

ord2
ord60
ord53

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/Readme.txt
ollydbg/StollyStructs.ini
ollydbg/dbghelp.dll
.dll windows:6 windows x86 arch:x86

e246e1939eedffac25310343ba57d266

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2007 00:23

Not After

23-02-2009 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:12:dc:61:b5:ac:22:99:f7:b3:0a:4c:f8:7c:8c:75:88:08:11:78
Signer

Actual PE Digest

53:12:dc:61:b5:ac:22:99:f7:b3:0a:4c:f8:7c:8c:75:88:08:11:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapAlloc
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapFree
HeapReAlloc
GetVersionExA
InitializeCriticalSection
HeapCreate
FindClose
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
FreeLibrary
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 965KB - Virtual size: 965KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ollydbg/dumpsig.exe
.exe windows:4 windows x86 arch:x86

8bf34dcdfa93f98f3177dcd2182f65fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FormatMessageA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTempPathA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook
_append_snprintf
_auto_display
_callui
_dbg
_debug
_errprm1
_errprm2
_errprm3
_errprm4
_errval1
_errval2
_errval3
_errval4
_qerrno
_qmakepath
_qsnprintf
_qsscanf
_under_debugger
create_hit_counter
ecreate
ecreateT
fopenA
fopenM
fopenRB
fopenRT
fopenWB
fopenWT
freadbytes
free_idasgn
fwritebytes
hit_counter_timer
ida_checkmem
lread
openM
openR
openRT
process_zipfile
qalloc
qalloc_or_throw
qatexit
qbasename
qcalloc
qchsize
qclose
qcreate
qdirname
qerrcode
qerrstr
qexit
qfclose
qfgetc
qfgets
qfileexist
qflush
qfopen
qfputc
qfputs
qfread
qfree
qfseek
qftell
qfwrite
qgets
qisabspath
qisdir
qmake_full_path
qmakefile
qmkdir
qopen
qread
qrealloc
qrealloc_or_throw
qseek
qsplitfile
qsplitpath
qstpncpy
qstrdup
qstrncat
qstrncpy
qtell
qtmpfile
qtmpnam
qveprintf
qvfprintf
qvfscanf
qvprintf
qvsnprintf
qvsscanf
qwrite
reg_hit_counter
sanitize_file_name
strrpl
verror
vinterr
vqmakepath
winerr
zip_deflate
zip_inflate

Sections

.text
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/ico/BUT_IMG_COSTUM1.bmp
ollydbg/ico/BUT_IMG_COSTUM2.bmp
ollydbg/ico/BUT_IMG_COSTUM3.bmp
ollydbg/ico/BUT_IMG_COSTUM4.bmp
ollydbg/ico/BUT_IMG_COSTUM5.bmp
ollydbg/known_bugs.txt
ollydbg/loaddll.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Arg1
Arg10
Arg2
Arg3
Arg4
Arg5
Arg6
Arg7
Arg8
Arg9
CallDLL
Finished
Firstbp
Patcharea
Prepatch
WndProc

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ollydbg/ollydbg.ini
ollydbg/ollydbg.js
.js
ollydbg/win32.hlp
ollydbg/wingraph32.exe
.exe windows:4 windows x86 arch:x86

bb0acc175445092f0866df67c282ef0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ord17

comdlg32

GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

gdi32

BitBlt
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
ExcludeClipRect
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

shell32

ShellExecuteA

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@About@Finalize
@@About@Initialize
@@Help@Finalize
@@Help@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Wait@Finalize
@@Wait@Initialize
_AboutForm
_Form1
_HelpForm
_WaitForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 809KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ollydbg/x86eas.hlp
.js
ollypack/OBSIDIUM 1.061 VB ONLY [loveboom].txt
ollypack/OBSIDIUM 1.1.1.4.txt
ollypack/Obsidium 1.061 OEP Finder v0.1 (for VB only).txt
ollypack/Obsidium 1.1.1.4 Unpack (not for VB).txt
ollypack/Obsidium 1.2.5.0 Fix IAT.txt
ollypack/Obsidium 1.2.5.0 OEP Finder.txt
ollypack/Obsidium 1.3.0.x OEP Finder + Find Stolen Code + Fix IAT .txt
.js
ollypack/Obsidium 1.3.4.2 IAT Repair.txt
ollypack/Obsidium 1.3.4.2 OEP Finder (Virtual Protect).txt
ollypack/Obsidium 1.3.4.2 OEP Finder.txt
ollypack/Obsidium 1.3.x.x Unpacking Script.txt
ollypack/Obsidium 1.4.x.x OEP Finder + IAT Repair v0.2.txt
ollypack/Obsidium114.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

41aa9a1f4bf6f9462a4e644e00d744cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

mscoree

comctl32

shell32

Sections

CODE Size: - Virtual size: 11.5MB

.rdata Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.text Size: 103KB - Virtual size: 104KB

00487aa74c91a4dc86982f2621e35a8b

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

shell32

shfolder

comdlg32

wsock32

msvcrt

winspool.drv

oleacc

winmm

gdiplus

ntdll

Exports

Exports

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.data Size: 473KB - Virtual size: 473KB

.bss Size: - Virtual size: 133KB

.idata Size: 30KB - Virtual size: 29KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 81B

.tls Size: - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 235KB - Virtual size: 235KB

.rsrc Size: 505KB - Virtual size: 505KB

d366e396ccbec601ae4b65ac499b8bff

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wsock32

Sections

.text Size: 378KB - Virtual size: 377KB

.itext Size: 4KB - Virtual size: 4KB

.data Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 20KB

.idata Size: 5KB - Virtual size: 4KB

.didata Size: 512B - Virtual size: 340B

.reloc Size: 29KB - Virtual size: 29KB

.rsrc Size: 9KB - Virtual size: 9KB

26af301f7989ba106062d39730b88f65

Headers

File Characteristics

CODE
Size: - Virtual size: 11.5MB

.rdata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 103KB - Virtual size: 104KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 473KB - Virtual size: 473KB

.bss
Size: - Virtual size: 133KB

.idata
Size: 30KB - Virtual size: 29KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 81B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 235KB - Virtual size: 235KB

.rsrc
Size: 505KB - Virtual size: 505KB

.text
Size: 378KB - Virtual size: 377KB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 5KB - Virtual size: 4KB

.didata
Size: 512B - Virtual size: 340B

.reloc
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 543KB - Virtual size: 543KB

.data
Size: 59KB - Virtual size: 58KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 6KB - Virtual size: 6KB

.didata
Size: 512B - Virtual size: 448B

.reloc
Size: 20KB - Virtual size: 20KB

.pdata
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 16KB - Virtual size: 16KB

.bss
Size: - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 264B

.tls
Size: - Virtual size: 416B

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 97KB - Virtual size: 97KB

CODE
Size: 607KB - Virtual size: 607KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 34KB

.rsrc
Size: 153KB - Virtual size: 153KB

.text
Size: 698KB - Virtual size: 700KB

.data
Size: 116KB - Virtual size: 364KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 281KB - Virtual size: 281KB

.reloc
Size: 48KB - Virtual size: 48KB