06f218a4864ba526d85c810c83965312_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06f218a4864ba526d85c810c83965312_JaffaCakes118
Size

8.2MB
MD5

06f218a4864ba526d85c810c83965312
SHA1

8477cff08ed73977ac5ae39b7ed55b2b638cdc10
SHA256

903c40c39cf84a23f70695b4389092d6545f30a89aaf18d712194bacc7a84acc
SHA512

dce521f6d4d8bcbfb182773352b8fa96f0b95157552228456a0bbc893fb3f8338a4714f67222fe16cb45f7c017ac83dd0721d0bf1212b14b28439befd146f821
SSDEEP

196608:mRSkRcjlHHQqZyrC/2QVXqEk+tZqroKg39Rmh9782FvWZuvfG5wCgNdlP0dPs:hlHHQqQrZOXqXgN0XFvwzgNrP0dE

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
06f218a4864ba526d85c810c83965312_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$TEMP/-ptce-pharmacy-technician-exam-simulator-1.0.0.0.exe
unpack001/$TEMP/windll.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

06f218a4864ba526d85c810c83965312_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MulDiv
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_write
__dllonexit
_errno
_iob
abort
fflush
fputc
fputs
free
fwrite
malloc
memcpy
realloc
strcmp
strcpy
strlen

user32

CallWindowProcA
CharPrevA
CreateWindowExA
DestroyWindow
EnableWindow
FindWindowExA
GetClientRect
GetDlgItem
GetFocus
GetWindowLongA
GetWindowRect
IsWindowVisible
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
shutdown
socket

Exports

Exports

download
download_quiet

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/-ptce-pharmacy-technician-exam-simulator-1.0.0.0.exe
.exe windows:4 windows x86 arch:x86

12a7de265887ccf463fc183fd8d4696c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
GetVersionExA
DeleteFileA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
GetFileAttributesA
GetTempFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcpyA
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SetErrorMode
FreeLibrary
RemoveDirectoryA
LeaveCriticalSection
EnterCriticalSection
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
SetEvent
OpenEventA
GetLastError
GetCurrentThreadId
HeapAlloc
GetSystemInfo
HeapCreate
lstrcpynA
lstrcatA
WritePrivateProfileStringA
FindClose
FindFirstFileA
SetFilePointer
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetFileSize
GetSystemDefaultLangID
MoveFileA
FindResourceExA
HeapDestroy
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SizeofResource
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
VirtualQuery
VirtualProtect
SearchPathA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
SetLastError
GetCurrentThread
GetVersion
IsBadReadPtr
lstrcmpiA
GetPrivateProfileIntA
GetPrivateProfileStringA
MultiByteToWideChar
ReadFile
Sleep
WriteFile
CloseHandle
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetModuleFileNameA
CreateDirectoryA
CreateProcessA
GetCurrentProcess

user32

MsgWaitForMultipleObjects
LoadStringA
CharNextA
MessageBoxA
CharLowerBuffA
ScreenToClient
MoveWindow
KillTimer
DestroyWindow
GetWindowTextA
SetTimer
SetWindowRgn
PeekMessageA
SetActiveWindow
ShowWindow
EndDialog
SetWindowTextA
GetDlgItem
SendMessageA
SetDlgItemTextA
LoadIconA
GetWindowRect
SystemParametersInfoA
SetWindowPos
wsprintfA
GetDesktopWindow
CharUpperA
PostThreadMessageA
CreateDialogIndirectParamA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxIndirectParamA
ReleaseDC

gdi32

DeleteObject
GetObjectA
CreateFontIndirectA
LPtoDP
GetTextExtentPoint32A

advapi32

RegEnumKeyExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
OpenThreadToken
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
FreeSid
EqualSid

ole32

CoTaskMemFree
StringFromGUID2
GetRunningObjectTable
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
StringFromCLSID

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen

lz32

LZCopy
LZOpenFileA
LZClose

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/windll.dll
.dll windows:4 windows x86 arch:x86

dd17c6c01acf15c720f2bb68df3feaee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
WaitForMultipleObjects
WriteProfileStringW
GetLargestConsoleWindowSize
WriteConsoleW
HeapLock
GetAtomNameW
IsValidCodePage
ConvertDefaultLocale
FindResourceExW
GetCurrentProcessId
GetCurrentThreadId
FindFirstFileExW
GetEnvironmentStringsW
CompareStringW
ChangeTimerQueueTimer
GetQueuedCompletionStatus
MoveFileExW
TerminateJobObject
lstrcmpA
SetConsoleMode
GetBinaryTypeW
CreateSemaphoreA
OpenEventA
RtlUnwind
ReadFileEx
VerSetConditionMask
LockFileEx
GetProcessVersion
CancelWaitableTimer
AreFileApisANSI
GetSystemWindowsDirectoryA
SwitchToThread
FindFirstChangeNotificationA
FindAtomA
GetUserDefaultLCID
HeapSize
CopyFileExW
GetCommandLineA
GetConsoleOutputCP
LoadResource
CreateDirectoryW
SetComputerNameExW
EnumResourceLanguagesA
SetHandleCount
GlobalGetAtomNameW
GetVersionExW
LocalAlloc
CallNamedPipeA
SetConsoleTextAttribute
ReadConsoleInputW
LocalSize
ReadFile
SetInformationJobObject
GlobalMemoryStatusEx
FindFirstVolumeMountPointW
Sleep
SetProcessShutdownParameters
LockFile
SetStdHandle
SetConsoleTitleA
FormatMessageW
VirtualProtect
GetVolumePathNamesForVolumeNameW
WaitNamedPipeW
MoveFileA
WaitForMultipleObjectsEx
Beep
IsValidLocale
AllocConsole
HeapValidate
FindVolumeMountPointClose
lstrcmpiW
GetThreadPriority
GetFileSize
FindAtomW
GlobalAddAtomW
DeleteCriticalSection
LockResource
FillConsoleOutputAttribute
lstrcmpiA
GetTempPathW
GetProcessAffinityMask
SetProcessWorkingSetSize
CreateConsoleScreenBuffer
ResetEvent
OpenJobObjectW
ResumeThread
OpenFileMappingW
GetShortPathNameW
OpenSemaphoreA
GetVersion
ClearCommError
ConnectNamedPipe
GlobalReAlloc
CreateNamedPipeW
CreateMailslotW
OpenEventW
RtlMoveMemory
GetFileAttributesA
WriteFile
CreateNamedPipeA
lstrcatA
LocalReAlloc
InterlockedDecrement
GetDiskFreeSpaceA
GetFileAttributesExW
SleepEx
MoveFileW
ExitThread
VirtualFree
PeekConsoleInputA
GetDefaultCommConfigW
ExitProcess
UnlockFile
HeapReAlloc
GetNumberFormatA
CopyFileW
FindNextFileA
SetEnvironmentVariableW
CreatePipe
FindFirstChangeNotificationW
CreateFileMappingW
SystemTimeToFileTime
GetExitCodeThread
GetVolumeNameForVolumeMountPointW
ReadDirectoryChangesW
MapViewOfFile
CreateMutexA
GetComputerNameA
CreateDirectoryA
LeaveCriticalSection
MoveFileExA
EnterCriticalSection
WaitForSingleObject
VirtualQuery
GetProcessHeap
GetLastError
ReleaseMutex
LoadLibraryA
GetProcAddress
InterlockedExchange
HeapFree
GetModuleHandleA
CloseHandle
CopyFileA
GetDateFormatA

ole32

OleRun
GetRunningObjectTable
CoCreateFreeThreadedMarshaler
OleCreateFromData
CoUnmarshalInterface
OleQueryCreateFromData
CoImpersonateClient
CreateGenericComposite
IIDFromString
OleLockRunning
CoAllowSetForegroundWindow
CoGetMalloc
CoGetObjectContext
OleCreate
StgCreateDocfile
CreateOleAdviseHolder
OleSetContainedObject
OleSaveToStream
CoTaskMemRealloc
StgOpenStorage
CreateBindCtx
CoRevertToSelf
CoDisableCallCancellation
GetHGlobalFromStream
CoGetClassObject
FreePropVariantArray
OleLoadFromStream
CreateAntiMoniker
OleCreateLink
OleCreateLinkToFile
CreateFileMoniker
BindMoniker
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitialize
CoFreeUnusedLibrariesEx

shlwapi

StrDupA
PathIsFileSpecW
UrlIsW
UrlEscapeW
PathCanonicalizeW
PathGetArgsW
wnsprintfW
PathFindFileNameA
PathIsUNCW
SHRegGetValueW
PathAddExtensionW
StrChrW
StrChrIW
PathFindExtensionW
PathGetDriveNumberW
PathRemoveFileSpecW
PathMatchSpecW
PathParseIconLocationW
PathStripToRootW
PathRenameExtensionW
StrCmpIW
StrStrW
SHAutoComplete
PathIsUNCServerW
SHRegSetPathW
PathIsRelativeW
PathMakePrettyW
StrCmpNIA
UrlCombineW
StrCmpNIW
PathBuildRootW
StrNCatW
StrTrimW
PathCompactPathExW
PathAddBackslashW
StrStrIW

advapi32

RegRestoreKeyA
SetTokenInformation
RegCreateKeyExA
RegOpenCurrentUser
CloseEventLog
GetUserNameW
EnumServicesStatusExW
CloseServiceHandle
RevertToSelf
ImpersonateSelf
RegQueryValueA
ReportEventA
RegEnumValueW
RegEnumValueA
GetNumberOfEventLogRecords
RegDeleteValueA
RegSetValueExA
RegCloseKey
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
DuplicateToken
CreateServiceA
ReadEventLogW
GetTokenInformation
RegUnLoadKeyW
IsTokenRestricted
RegisterServiceCtrlHandlerExW
GetServiceDisplayNameW
RegCreateKeyW
RegisterEventSourceA
NotifyChangeEventLog
RegUnLoadKeyA

gdi32

DeleteMetaFile
GetCharacterPlacementA
CreatePolygonRgn
PathToRegion
GetTextFaceW
SelectObject
SwapBuffers
CreateICA
RoundRect
GetMetaFileA
EnumFontFamiliesA
SetSystemPaletteUse
DeleteEnhMetaFile
CreateDIBPatternBrushPt
PlayMetaFileRecord
GetCurrentPositionEx
GetTextExtentPoint32A
RemoveFontResourceA
SetViewportExtEx
GetBkColor
SetMapMode
UpdateColors
CreateMetaFileW
GetRegionData
SetMiterLimit
SetPixelV
EnumFontsA
StartPage
GetGlyphOutlineA
StrokePath
StretchBlt
GetLayout
CreateFontIndirectW
PolyBezier
SetWindowOrgEx
GetCharWidth32W
GetTextMetricsA
GetKerningPairsA
CreatePenIndirect
SetWorldTransform
GetTextCharset
MoveToEx
CopyMetaFileW
GetStretchBltMode
FillRgn
GetViewportExtEx
GetBkMode
UnrealizeObject
GetTextCharacterExtra
SetTextColor
SetRectRgn
GetPixel
PolylineTo
SetPolyFillMode
PolyPolygon
GetSystemPaletteEntries
GetFontData
AnimatePalette
GetPolyFillMode
CreateEnhMetaFileA
SetArcDirection

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 24KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

12a7de265887ccf463fc183fd8d4696c

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

lz32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 31KB - Virtual size: 31KB

dd17c6c01acf15c720f2bb68df3feaee

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

advapi32

gdi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 31KB - Virtual size: 31KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 2KB