04a457810048e5f7c1646b72ee64aa88_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04a457810048e5f7c1646b72ee64aa88_JaffaCakes118
Size

1.3MB
MD5

04a457810048e5f7c1646b72ee64aa88
SHA1

87e6ed00c179f0e6bbfd7ebdd61af34a184885f5
SHA256

b7757c52aa74ae6f33e55d63807d63828853f69553bb542c60620d034c906cd1
SHA512

96f5624a079d157917c7e2fb2ac954aa74a812636745ff47b3ad27c6404555125b7c48d415a6aa13587661ec2838035bd7c59ff1a24cda8cce6297e755e24c6f
SSDEEP

24576:FOELUhGls9DnKQ8bCtTJLCeQ86fFfegnkBmWoekt3HmtY4cj1BV4Sfty:FlLEGMTsyTJzQX55kBRomaFjhlfty

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iStart/CrashReport.exe
unpack001/iStart/Encrypt.dll
unpack001/iStart/GetMacAddress.dll
unpack001/iStart/istart.exe

Files

04a457810048e5f7c1646b72ee64aa88_JaffaCakes118
.rar
iStart/CrashReport.exe
.exe windows:4 windows x86 arch:x86

f6a768abea17d0f78aa80c043ff86664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpPutFileA
InternetConnectA

kernel32

LoadLibraryExW
lstrlenW
lstrcmpiW
FreeLibrary
FlushInstructionCache
LeaveCriticalSection
RaiseException
InitializeCriticalSection
GetThreadLocale
InterlockedIncrement
SizeofResource
LoadResource
SetThreadLocale
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
GetSystemTime
GetPrivateProfileStringA
GetModuleFileNameA
CreateFileA
ReadFile
CloseHandle
EnterCriticalSection
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoA
SetStdHandle
IsValidCodePage
InterlockedDecrement
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
SetLastError
GetCurrentProcess
GetStringTypeW
FindResourceW
GetCurrentThreadId
GetLastError
MultiByteToWideChar
DeleteFileA
FreeEnvironmentStringsA
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
SetEndOfFile
LoadLibraryA
InterlockedExchange
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
Sleep
GetOEMCP
InterlockedCompareExchange
GetProcAddress
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
TerminateProcess
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
SetHandleCount
GetStdHandle
GetFileType

user32

GetDlgItem
PeekMessageW
SendMessageW
GetWindowRect
GetParent
LoadIconW
GetSystemMetrics
DestroyWindow
IsDialogMessageW
ShowWindow
DispatchMessageW
SetWindowPos
CreateDialogParamW
DefWindowProcW
PostQuitMessage
MapWindowPoints
SetWindowLongW
GetWindow
GetWindowLongW
CharNextW
SystemParametersInfoW
TranslateMessage
LoadImageW
GetClientRect
GetMessageW
UnregisterClassA

gdi32

GetStockObject
DeleteObject
CreateFontW

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

comctl32

InitCommonControlsEx

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iStart/Encrypt.dll
.dll windows:4 windows x86 arch:x86

34210780f8ddacad1e12ccc18effad84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\client\trunk\symbols\Encrypt.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

Decrypt
Encrypt
md5_digest
sha_digest

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iStart/GetMacAddress.dll
.dll windows:4 windows x86 arch:x86

d1e5516fcaa3b606bbeb36f11285bdf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVN\client\trunk\symbols\GetMacAddress.pdb

Imports

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
GetIfTable

ws2_32

htonl
gethostname
gethostbyname
htons

kernel32

GetStdHandle
SetEndOfFile
CreateFileW
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
EnterCriticalSection
HeapAlloc
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
LoadLibraryA
SetStdHandle
WriteConsoleA

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iStart/istart.exe
.exe windows:4 windows x86 arch:x86

adf42f177f61066eeb6f1bee43b1ac5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\taoqi\client\trunk\symbols\istart.pdb

Imports

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsW
PathIsRootW
AssocQueryStringW
PathIsRelativeW

getmacaddress

GetMACAddress

dbghelp

MiniDumpWriteDump

encrypt

md5_digest
sha_digest
Decrypt

wldap32

ord79
ord200
ord33
ord35
ord27
ord41
ord46
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord301

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
FreeLibrary
LoadLibraryExW
GetVersionExW
QueueUserWorkItem
lstrcmpW
Process32FirstW
Process32NextW
OutputDebugStringW
GetTickCount
CreateToolhelp32Snapshot
GetWindowsDirectoryW
OpenProcess
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
UnlockFile
GetDiskFreeSpaceA
LockFile
ReadFile
GetSystemInfo
GetFullPathNameW
UnlockFileEx
GetFullPathNameA
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
FlushFileBuffers
CreateFileA
GetTempPathW
GetFileAttributesExW
GetFileSize
GetProcAddress
SetFilePointer
MapViewOfFile
LoadLibraryW
UnmapViewOfFile
LockFileEx
SetEndOfFile
GetDiskFreeSpaceW
GetTempPathA
FormatMessageW
LocalFree
LoadLibraryA
GetSystemTime
QueryPerformanceCounter
AreFileApisANSI
DeleteFileA
GetFileAttributesA
InterlockedCompareExchange
GetFileAttributesW
CreateFileMappingW
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
InterlockedExchange
DebugBreak
FindClose
GetDriveTypeW
GetLogicalDriveStringsW
CreateDirectoryW
GetLastError
GetSystemDirectoryW
FindNextFileW
GetCurrentDirectoryW
FindFirstFileW
GetModuleFileNameA
GetLongPathNameW
lstrcatW
InterlockedExchangeAdd
lstrlenA
SleepEx
GetSystemDirectoryA
DuplicateHandle
WaitForSingleObject
ReleaseMutex
SetEvent
WaitForMultipleObjects
CreateEventA
CreateMutexA
GetExitCodeThread
TerminateThread
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
HeapFree
DeleteCriticalSection
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
GetCurrentThread
GetModuleHandleA
CreateSemaphoreA
ReleaseSemaphore
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
DeleteFileW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
GetStringTypeA
GetStringTypeW
FatalAppExitA
HeapCreate
GetConsoleCP
GetConsoleMode
CompareStringW
lstrcmpiW
Sleep
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateFileW
CreateProcessW
CloseHandle
MulDiv
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RaiseException
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetLastError
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrlenW
WinExec
GetCommandLineW
GetTimeFormatA
GetDateFormatA
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
SetEnvironmentVariableA
GetProcessHeap
CreateEventW
ExpandEnvironmentStringsW
GetVersionExA

user32

DrawIconEx
CheckMenuItem
LoadIconW
RegisterWindowMessageW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
GetSubMenu
LoadMenuW
TrackPopupMenu
FindWindowW
IsDialogMessageW
SetScrollInfo
GetKeyState
wsprintfW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DrawFocusRect
IsWindowEnabled
GetSysColor
GetFocus
CharNextW
DrawTextW
GetClassNameW
ScreenToClient
GetCursorPos
OffsetRect
EndDialog
DialogBoxParamW
DestroyWindow
CreateDialogParamW
SetRectEmpty
SetForegroundWindow
UpdateWindow
SetWindowTextW
GetActiveWindow
SetFocus
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
IsIconic
PostQuitMessage
SetWindowRgn
RegisterHotKey
ShowWindow
MoveWindow
GetWindow
SystemParametersInfoW
MapWindowPoints
GetWindowRect
SetWindowPos
GetSystemMetrics
DestroyIcon
GetClassInfoExW
CopyRect
PtInRect
ReleaseDC
GetDC
EndPaint
BeginPaint
CallWindowProcW
GetWindowLongW
SetWindowLongW
IsWindow
GetDlgCtrlID
SetCapture
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
GetClientRect
CreateWindowExW
DefWindowProcW
GetParent
GetCapture
ReleaseCapture
LoadCursorW
SetCursor
SendMessageW
PostMessageW
GetSysColorBrush
FillRect
LoadImageW
LoadBitmapW
MessageBoxW
RegisterClassExW
UnregisterClassA

gdi32

SetBkMode
SetTextColor
TextOutW
GetTextExtentPoint32W
SetBkColor
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
GetDeviceCaps
CreateRoundRectRgn
CreateSolidBrush
ExtTextOutW
GetTextMetricsW
DeleteObject
CreatePatternBrush
GetStockObject
DPtoLP
StretchBlt
GetObjectW
GetPixel
CreateBitmap
SetBrushOrgEx
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegEnumValueW
LookupAccountSidW
GetTokenInformation
RegQueryInfoKeyW
OpenProcessToken

shell32

SHQueryRecycleBinW
ord51
SHGetFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetFileInfoW
ExtractAssociatedIconW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_GetImageInfo
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx

msimg32

TransparentBlt

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipCloneBrush
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipFree
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneImage
GdipDisposeImage
GdipFillRectangle
GdipFillRectangleI
GdipDrawString
GdipDrawImage
GdipDrawImageRectI
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImageWidth

wininet

InternetReadFile
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestW
InternetConnectW

ws2_32

htonl
ntohl
inet_addr
WSACleanup
htons
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
inet_ntoa
setsockopt
getsockopt
bind
ntohs
gethostbyname
getsockname
WSAGetLastError
recv
socket
select
ioctlsocket
closesocket
connect
send
WSAStartup

Exports

Exports

DllGetInterface
DllReleaseReporter

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iStart/nicdescr.dat
iStart/skin/CaptionBtnDocument.bmp
iStart/skin/CaptionBtnMoive.bmp
iStart/skin/CaptionBtnMusic.bmp
iStart/skin/CaptionBtnOther.bmp
iStart/skin/CaptionBtnPicture.bmp
iStart/skin/CaptionBtnSetting.bmp
iStart/skin/CaptionBtnSoftware.bmp
iStart/skin/CaptionCloseBtn.bmp
iStart/skin/CaptionFeedbackBtn.bmp
iStart/skin/CaptionMinBtn.bmp
iStart/skin/Onlinemovie.ico
iStart/skin/aboutDlg.bmp
iStart/skin/alert.ico
iStart/skin/baidu.ico
iStart/skin/google.ico
iStart/skin/istart.bmp
iStart/skin/istart_high_dpi.bmp
iStart/skin/search.ico
iStart/淘奇桌面帮助文档.chm
.chm

Sharing

General

Malware Config

Signatures

Files

f6a768abea17d0f78aa80c043ff86664

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 25KB

34210780f8ddacad1e12ccc18effad84

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 4KB - Virtual size: 3KB

d1e5516fcaa3b606bbeb36f11285bdf5

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 7KB

adf42f177f61066eeb6f1bee43b1ac5a

Headers

File Characteristics

PDB Paths

Imports

shlwapi

getmacaddress

dbghelp

encrypt

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

wininet

ws2_32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 32KB - Virtual size: 306KB

.rsrc
Size: 12KB - Virtual size: 9KB