6b505744796aec92c8fd2def82a5a847_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6b505744796aec92c8fd2def82a5a847_JaffaCakes118
Size

4.0MB
MD5

6b505744796aec92c8fd2def82a5a847
SHA1

c33cdf4cbb1ddb37eb1ca345f49613c9f810cbbe
SHA256

4a2e683389369aa26fe5e6fbe01c14c053a8bf8b0ebed59d1c1b28655552345c
SHA512

561fbe22abd89075fd0607c49472c3495649046094fea4da144bce1f28839dfd1306e2b959f35142abfe6962d20ad1b6a3e4d7bd2e647689ef449266d254af1e
SSDEEP

98304:RJ7hJhseW2d/QfLq3NOmd+s+T55iTI0PLufP1oVj:R1hJ8gQfLq381VcNuG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6b505744796aec92c8fd2def82a5a847_JaffaCakes118
unpack001/zlib1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

6b505744796aec92c8fd2def82a5a847_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GameRender.exe
.exe windows:5 windows x86 arch:x86

8f057ab1b6b050d3b4e66962e2b76578

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

29/11/2017, 09:54

Not After

29/11/2018, 09:54

Subject

CN=杭州盛游网络科技有限公司,O=杭州盛游网络科技有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c116974407370656369616c67616d652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:c7:a9:46:7d:c1:63:ff:e9:9c:ba:f7:12:fe:12:1c:45:c0:27:0d:14:85:23:39:0d:e2:c8:35:43:6f:dd:c8
Signer

Actual PE Digest

fa:c7:a9:46:7d:c1:63:ff:e9:9c:ba:f7:12:fe:12:1c:45:c0:27:0d:14:85:23:39:0d:e2:c8:35:43:6f:dd:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\360Game\weiduan\bin\build\Release\GameRender.pdb

Imports

kernel32

GetTickCount
GetSystemDirectoryW
CreateFileMappingA
LoadLibraryA
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
TlsGetValue
VirtualProtect
ReadProcessMemory
WriteProcessMemory
VirtualQuery
CreateFileA
GetFileTime
CreateProcessA
CreateProcessW
OpenThread
GetFileAttributesW
MoveFileExW
GetModuleHandleA
ExitProcess
GlobalAlloc
GlobalFree
HeapAlloc
GetProcessHeap
HeapFree
DuplicateHandle
GetSystemTimeAsFileTime
SetCurrentDirectoryW
VirtualFreeEx
VirtualAllocEx
OutputDebugStringW
TlsAlloc
TlsFree
TlsSetValue
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
GetFileType
GetModuleFileNameA
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
GetAtomNameW
FormatMessageW
GetFileSizeEx
SetFilePointerEx
SetThreadContext
GetThreadContext
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GlobalUnlock
GlobalSize
GlobalLock
LoadLibraryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
GetTempFileNameW
GetTempPathW
TerminateProcess
ReadFile
GetFileSize
lstrlenA
FreeResource
WriteFile
WideCharToMultiByte
CreateMutexW
ResumeThread
SetThreadPriority
SetEvent
CreateEventW
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
TerminateThread
SuspendThread
WaitForSingleObject
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
SizeofResource
CreateFileMappingW
QueryPerformanceCounter
GetCurrentThread
SetThreadAffinityMask
GetVersionExW
GetSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
LocalFree
CloseHandle
DeviceIoControl
CreateFileW
CreateDirectoryW
DeleteFileW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MultiByteToWideChar
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SetFilePointer

user32

RegisterClipboardFormatW
MoveWindow
GetIconInfo
DrawIconEx
DrawIcon
DrawTextW
SetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
PostQuitMessage
SetPropW
IsWindow
SendMessageW
PostMessageW
RegisterWindowMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassA
DestroyWindow
CharNextW
DefWindowProcW
BringWindowToTop
LoadImageW
GetKeyState
GetWindowLongW
CallWindowProcW
MsgWaitForMultipleObjects
CopyRect
KillTimer
SetTimer
BeginPaint
EndPaint
GetClientRect
FillRect
InvalidateRect
GetDC
ReleaseDC
SetParent
ShowWindow
SetWindowPos

gdi32

DeleteObject
CreateSolidBrush
GetTextExtentPoint32W
CreatePen
MoveToEx
GetStockObject
GetObjectA
Rectangle
RoundRect
CreateDIBSection
CreateFontW
GetDIBits
GetObjectW
SetBkMode
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
SetBitmapBits
SetTextColor
LineTo
GetBitmapBits

advapi32

RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

OleCreate
OleSetContainedObject
OleUninitialize
OleInitialize
GetHGlobalFromStream
CoMarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantCopy
SysAllocStringLen
VariantClear

shlwapi

SHRegGetPathW
StrCpyNW
SHDeleteValueW
StrCmpW
PathFindFileNameW
SHGetValueW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW
PathIsRootW
PathFileExistsW
PathIsDirectoryW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipAddPathArcI
GdipAddPathLineI
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipClonePath
GdipCreatePath
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDeletePath
GdipDrawPath
GdipFillPath
GdipDrawRectangleI
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateSolidFill
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipTranslateTextureTransform
GdipCloneBrush
GdipDeleteBrush
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipReleaseDC
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateTexture2I

winmm

waveOutWrite
timeGetTime

psapi

GetMappedFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoA
InternetSetOptionA
InternetSetOptionExW
InternetSetOptionExA
InternetSetOptionW

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MiniClient.exe
.exe windows:5 windows x86 arch:x86

11cb3a3ca78a30c8415123b61c6d3a15

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

29/11/2017, 09:54

Not After

29/11/2018, 09:54

Subject

CN=杭州盛游网络科技有限公司,O=杭州盛游网络科技有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c116974407370656369616c67616d652e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:e4:34:15:50:8f:f4:0e:6d:2c:50:60:94:23:2d:d1:e1:fc:59:61:4a:05:67:1e:d7:a5:eb:5e:25:23:86:a9
Signer

Actual PE Digest

4a:e4:34:15:50:8f:f4:0e:6d:2c:50:60:94:23:2d:d1:e1:fc:59:61:4a:05:67:1e:d7:a5:eb:5e:25:23:86:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetDriveTypeW
WriteConsoleW
IsProcessorFeaturePresent
GetStdHandle
SetStdHandle
HeapQueryInformation
GetSystemInfo
GetCommandLineW
GetCommandLineA
QueryPerformanceFrequency
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExA
VirtualFree
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetACP
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetWindowsDirectoryW
GetProfileIntW
SearchPathW
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GetUserDefaultLCID
SetErrorMode
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringA
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GlobalGetAtomNameW
GetThreadLocale
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
lstrcmpA
SetThreadPriority
FormatMessageW
MulDiv
GlobalSize
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleA
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
InterlockedCompareExchange
VirtualAlloc
VirtualProtect
VirtualQuery
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
LoadLibraryA
lstrcatW
GetFileAttributesW
LoadLibraryExW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
Sleep
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
QueryPerformanceCounter
SetThreadAffinityMask
LoadLibraryW
GetEnvironmentVariableW
lstrcpyA
InterlockedExchange
GlobalFree
LocalAlloc
SetLastError
lstrcmpW
GetCurrentThreadId
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetEvent
ResetEvent
CreateEventW
GetPrivateProfileIntW
GetCurrentThread
WritePrivateProfileStringW
lstrcpyW
ReleaseSemaphore
CreateSemaphoreW
GetProcAddress
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetFileSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
FreeResource
GetCPInfo
GetVersion
WriteFile
GetCurrentDirectoryW
SetFilePointer
GetFileType
GetVersionExW
OutputDebugStringW
ReadFile
GetCurrentProcess
DuplicateHandle
TerminateProcess
GetCurrentProcessId
lstrcmpiW
CreateProcessW
TerminateThread
SuspendThread
WaitForSingleObject
CreateThread
GetVolumeInformationW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetModuleFileNameW
DeleteFileW
GetTickCount
CloseHandle
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
GetLastError
MultiByteToWideChar

user32

GetTopWindow
GetClassLongW
EqualRect
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetMessageTime
GetMessagePos
GetClassInfoW
AdjustWindowRect
CharNextW
RegisterHotKey
RegisterClassW
SetParent
GetMessageW
PostQuitMessage
SetPropW
LoadAcceleratorsW
EnumChildWindows
GetClassNameW
PtInRect
GetWindowDC
SetCapture
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetCapture
ReleaseCapture
GetLastActivePopup
PostThreadMessageW
ShowOwnedPopups
SendMessageW
PostMessageW
GetParent
FindWindowW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
MoveWindow
SetCursor
GetSystemMenu
DrawStateW
UnregisterHotKey
LoadMenuW
LoadIconW
GetWindow
CopyAcceleratorTableW
MapWindowPoints
CallWindowProcW
DefWindowProcW
SetWindowLongW
OffsetRect
ShowWindow
DestroyWindow
RegisterWindowMessageW
MonitorFromPoint
GetMonitorInfoW
ClientToScreen
GetPropW
InvalidateRgn
IsRectEmpty
WaitMessage
SetTimer
KillTimer
DrawIcon
SetWindowRgn
TranslateAcceleratorW
InsertMenuItemW
MapDialogRect
LoadImageW
UnpackDDElParam
ReuseDDElParam
CharUpperW
IsZoomed
MessageBeep
RegisterClipboardFormatW
MessageBoxW
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
GrayStringW
DrawTextExW
TabbedTextOutW
GetSubMenu
DeleteMenu
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
GetMenuStringW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
CheckDlgButton
IsWindowEnabled
SetWindowTextW
IsDialogMessageW
IntersectRect
MapVirtualKeyW
WindowFromPoint
DestroyMenu
GetActiveWindow
GetCursorPos
SetRectEmpty
IsWindow
EnableWindow
UnregisterClassW
GetClientRect
LoadCursorW
InvalidateRect
InflateRect
DrawEdge
GetSysColor
DrawTextW
GetWindowLongW
GetWindowRect
SetWindowPos
GetSystemMetrics
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowThreadProcessId
PeekMessageW
TranslateMessage
DispatchMessageW
GetForegroundWindow
BringWindowToTop
SetForegroundWindow
SetActiveWindow
CopyRect
FillRect
SetRect
GetMenuItemInfoW
SystemParametersInfoW
DrawIconEx
DestroyIcon
GetDesktopWindow
GetDC
ReleaseDC
AppendMenuW
GetMenuItemCount
InsertMenuW
ModifyMenuW
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
DefMDIChildProcW
GetSysColorBrush
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
GetAsyncKeyState
LoadBitmapW
RemoveMenu
SetWindowContextHelpId
MonitorFromWindow
UnionRect
SetLayeredWindowAttributes
EnumDisplayMonitors
TrackMouseEvent
NotifyWinEvent
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetClassLongW
GetNextDlgGroupItem
DrawFrameControl
DrawFocusRect
GetIconInfo
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
SetCursorPos
CharUpperBuffW
CopyIcon
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
GetWindowRgn
GetComboBoxInfo
DestroyCursor
InvertRect
HideCaret
GetDoubleClickTime
GetUpdateRect
SubtractRect
IsCharLowerW
TranslateMDISysAccel
IsWindowVisible

gdi32

CreateRectRgn
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CopyMetaFileW
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateEllipticRgn
LPtoDP
GetBkColor
GetTextColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
RealizePalette
StretchBlt
CreateRoundRectRgn
OffsetRgn
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
SetTextColor
GetStockObject
SetBkColor
GetTextExtentPointW
CreateFontW
SetDIBColorTable
GetDIBits
CreatePatternBrush
CreateBitmap
CreateDCW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
SetPixel
GetPixel
GetObjectW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
CreateFontIndirectW
CreatePen
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
GetTextExtentPoint32W

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegOpenKeyW
RegDeleteKeyW

shell32

SHGetDesktopFolder
SHBrowseForFolderW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconW

comctl32

ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
UrlUnescapeW
SHDeleteValueW
PathFindFileNameW
StrTrimW
PathFindExtensionW
SHGetValueW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
OpenThemeData
DrawThemeText
IsAppThemed
GetWindowTheme

ole32

OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromProgID
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
OleDraw
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
CoRevokeClassObject

oleaut32

SysAllocString
SysFreeString
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysAllocStringLen
SafeArrayUnaccessData
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantInit
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
SafeArrayAccessData

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

gdiplus

GdipCloneImage
GdipAlloc
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteFont
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipDrawRectangleI
GdipFillPath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipAddPathLine
ord1
GdipDeletePath
GdipCreatePath
GdipReleaseDC
GdipGetDC
GdipDrawString
GdipCloneBrush
GdipGetImageWidth
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRect
GdipDrawImageRectRect
GdipDisposeImage
GdipGetImageHeight
GdipSetStringFormatLineAlign

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
HttpSendRequestExW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetConnectW
InternetCanonicalizeUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetSetCookieW
InternetGetCookieW
InternetSetCookieExW
InternetGetCookieExW
HttpEndRequestW
InternetQueryDataAvailable

zlib1

uncompress

ws2_32

inet_addr
ntohs
recv
select
send
socket
htons
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
setsockopt
ioctlsocket
getsockopt
__WSAFDIsSet
connect
closesocket
gethostbyname

iphlpapi

GetAdaptersAddresses

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/MiniClient.xml
skin/MiniClient/Unbg.png
.png
skin/MiniClient/bg.png
.png
skin/MiniClient/border.png
.png
skin/MiniClient/bosskey01.png
.png
skin/MiniClient/bosskey02.png
.png
skin/MiniClient/bosskey03.png
.png
skin/MiniClient/bosswndbg.png
.png
skin/MiniClient/bottom.png
.png
skin/MiniClient/bottom1.png
.png
skin/MiniClient/bottomarrow.png
.png
skin/MiniClient/close01.png
.png
skin/MiniClient/close02.png
.png
skin/MiniClient/close03.png
.png
skin/MiniClient/enable01.png
.png
skin/MiniClient/enable02.png
.png
skin/MiniClient/enable03.png
.png
skin/MiniClient/enable04.png
.png
skin/MiniClient/flashvip01.png
.png
skin/MiniClient/flashvip02.png
.png
skin/MiniClient/flashvip03.png
.png
skin/MiniClient/fullscreen01.png
.png
skin/MiniClient/fullscreen02.png
.png
skin/MiniClient/fullscreen03.png
.png
skin/MiniClient/gift01.png
.png
skin/MiniClient/gift02.png
.png
skin/MiniClient/gift03.png
.png
skin/MiniClient/gift_new01.png
.png
skin/MiniClient/giftbg.png
.png
skin/MiniClient/hide01.png
.png
skin/MiniClient/hide02.png
.png
skin/MiniClient/hide03.png
.png
skin/MiniClient/home01.png
.png
skin/MiniClient/home02.png
.png
skin/MiniClient/home03.png
.png
skin/MiniClient/mainbg.png
.png
skin/MiniClient/mainclose01.png
.png
skin/MiniClient/mainclose02.png
.png
skin/MiniClient/mainclose03.png
.png
skin/MiniClient/mainmin01.png
.png
skin/MiniClient/mainmin02.png
.png
skin/MiniClient/mainmin03.png
.png
skin/MiniClient/max01.png
.png
skin/MiniClient/max02.png
.png
skin/MiniClient/max03.png
.png
skin/MiniClient/min01.png
.png
skin/MiniClient/min02.png
.png
skin/MiniClient/min03.png
.png
skin/MiniClient/new.png
.png
skin/MiniClient/news2.png
.png
skin/MiniClient/pay01.png
.png
skin/MiniClient/pay02.png
.png
skin/MiniClient/pay03.png
.png
skin/MiniClient/refresh01.png
.png
skin/MiniClient/refresh02.png
.png
skin/MiniClient/refresh03.png
.png
skin/MiniClient/restore01.png
.png
skin/MiniClient/restore02.png
.png
skin/MiniClient/restore03.png
.png
skin/MiniClient/server.png
.png
skin/MiniClient/service01.png
.png
skin/MiniClient/service02.png
.png
skin/MiniClient/service03.png
.png
skin/MiniClient/setting01.png
.png
skin/MiniClient/setting02.png
.png
skin/MiniClient/setting03.png
.png
skin/MiniClient/skin.xml
skin/MiniClient/soundoff01.png
.png
skin/MiniClient/soundoff02.png
.png
skin/MiniClient/soundoff03.png
.png
skin/MiniClient/soundon01.png
.png
skin/MiniClient/soundon02.png
.png
skin/MiniClient/soundon03.png
.png
skin/MiniClient/status.png
.png
skin/MiniClient/top.png
.png
skin/MiniClient/toparrow.png
.png
skin/MiniClient/vip01.png
.png
skin/MiniClient/vip02.png
.png
skin/MiniClient/vip03.png
.png
uninst.exe.nsis
zlib1.dll
.dll windows:4 windows x86 arch:x86

fd348b107c9a12537c4d666dc366ec5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_open
_read
_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_unlock
_vsnprintf
_wopen
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
wcslen
wcstombs

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 80KB - Virtual size: 79KB

8f057ab1b6b050d3b4e66962e2b76578

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

fa:c7:a9:46:7d:c1:63:ff:e9:9c:ba:f7:12:fe:12:1c:45:c0:27:0d:14:85:23:39:0d:e2:c8:35:43:6f:dd:c8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

winmm

psapi

version

wininet

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 53KB - Virtual size: 71KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 50KB - Virtual size: 49KB

11cb3a3ca78a30c8415123b61c6d3a15

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2Certificate

Extended Key Usages

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 80KB - Virtual size: 79KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

fa:c7:a9:46:7d:c1:63:ff:e9:9c:ba:f7:12:fe:12:1c:45:c0:27:0d:14:85:23:39:0d:e2:c8:35:43:6f:dd:c8
Signer

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 53KB - Virtual size: 71KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 50KB - Virtual size: 49KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

5b:c8:4b:46:1a:30:53:90:78:6f:fe:89:7c:20:77:c2
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

4a:e4:34:15:50:8f:f4:0e:6d:2c:50:60:94:23:2d:d1:e1:fc:59:61:4a:05:67:1e:d7:a5:eb:5e:25:23:86:a9
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 457KB - Virtual size: 457KB

.data
Size: 30KB - Virtual size: 57KB

.gfids
Size: 109KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 150KB - Virtual size: 149KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 900B

.reloc
Size: 2KB - Virtual size: 1KB