26d8da446b9e511a0972746a37dbbb33_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26d8da446b9e511a0972746a37dbbb33_JaffaCakes118
Size

798KB
MD5

26d8da446b9e511a0972746a37dbbb33
SHA1

1c9d81ace4ee851dedae9b7db59f576bcecfcb6b
SHA256

ad85235c491ac1bcd4ef668b43cf88b79c22384b9e2358d339672bd44d50ee1d
SHA512

d134aa0c4d2e17efa04babecb15f8690b23f87aee6d195727e47e67301f78e440ea2ecbf6ccd2cea278d123b9f6c9b2f416a48cc49555565d27e4e0c316e9c08
SSDEEP

24576:KszTLjwQOfGedvtWNynGPYE0Dg46A2FeBwB3Ngw:RzTLjVOfGYWNynmYE0DgMBwB3Ow

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
26d8da446b9e511a0972746a37dbbb33_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/IsUpdate.exe
unpack001/Module/ISGP.exe
unpack001/Module/ISMP.exe
unpack001/Module/ISServer.dll
unpack001/Module/ISServer_Up.dll
unpack001/Module/LibSQLite.dll
unpack001/Module/NTServer.exe
unpack001/Module/StgServer.exe
unpack001/Module/libexpatw.dll
unpack001/Module/libpng13.dll
unpack001/Module/zlib1.dll
unpack001/iSpirit.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

26d8da446b9e511a0972746a37dbbb33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Cache/0bff1a4f7a29deb412b8f79fe040bb0f
Cache/4ee0e4a3fcd80f4ee19aee7c76a28e2d
Cache/792b8e3857a5b5568a979aaa40612ebf
Cache/7c556550e2c7f8ac9e9119e4fa74a9e6
Cache/9ce9ab0abe343b2884826e42923f589c
IsUpdate.exe
.exe windows:4 windows x86 arch:x86

1d8ef7eba9406e9611753a7518547943

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
VirtualQuery
RemoveDirectoryW
MoveFileExW
CreateProcessW
CopyFileW
lstrlenW
WideCharToMultiByte
GetPrivateProfileSectionW
InterlockedIncrement
CloseHandle
GetSystemDirectoryW
GetLastError
DeleteFileW
FindClose
FindNextFileW
CreateDirectoryW
GetShortPathNameW
FindFirstFileW
DebugBreak
OutputDebugStringW
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateMutexW
GetModuleHandleW
GetCurrentThreadId
InterlockedDecrement
GetVersionExW
GetStartupInfoW

user32

DefWindowProcW
DestroyWindow
SetWindowLongW
SetWindowPos
CharNextW
wvsprintfW
LoadStringW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
CreateWindowExW
CallWindowProcW
GetWindowLongW
ShowWindow

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

oleaut32

SysFreeString

urlmon

URLDownloadToFileW

shlwapi

StrStrIW
PathAddBackslashW
PathIsRelativeW
PathAppendW
StrRChrW
SHSetValueW

imagehlp

MakeSureDirectoryPathExists

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_wtoi
iswdigit
wcscpy
wcsstr
wcschr
wcscmp
_wcsicmp
_controlfp
_snwprintf
wcsncpy
wcslen
free
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
__set_app_type
__p__commode
__setusermatherr
__p__fmode

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Module/ISGP.exe
.exe windows:4 windows x86 arch:x86

ddff6b1558b866f73c716b8e22e820cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
FlushInstructionCache
GetModuleFileNameW
VirtualQuery
CreateProcessW
lstrcpynW
MulDiv
TerminateProcess
OpenProcess
SetEvent
LoadLibraryW
GetVersionExW
WideCharToMultiByte
DeviceIoControl
CreateFileA
LoadLibraryA
GetModuleHandleW
CreateMutexW
GetLastError
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
DebugBreak
lstrlenA
WaitForSingleObject
GetCommandLineW
TerminateThread
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
CloseHandle
FreeLibrary
Sleep
GetCurrentProcess
SetProcessWorkingSetSize
lstrlenW
DeleteCriticalSection
GetProcAddress
GetStartupInfoW

user32

DestroyWindow
GetWindowLongW
SetTimer
KillTimer
PostQuitMessage
SetWindowPos
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
DefWindowProcW
LoadImageW
ShowWindow
wvsprintfW
CharNextW
LoadStringW
PostThreadMessageW
PostMessageW
GetCursorPos
PtInRect
SetWindowLongW
SendMessageW
FindWindowExW
FindWindowW
GetWindowThreadProcessId
IsRectEmpty
IntersectRect
CopyRect
SetForegroundWindow
EndPaint
BeginPaint
GetDC
ReleaseDC
GetDesktopWindow
GetClientRect
InvalidateRect
DrawTextW
CreateWindowExW
CallWindowProcW
DestroyIcon

gdi32

SelectObject
LineTo
MoveToEx
CreatePen
CreateFontIndirectW
DPtoLP
DeleteObject
DeleteDC
SetViewportOrgEx
CreateCompatibleDC
BitBlt
SelectClipRgn
SetBkMode
SetBkColor
ExtTextOutW
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

Shell_NotifyIconW

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

comctl32

_TrackMouseEvent

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shlwapi

PathAppendW
PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathRemoveBackslashW
UrlGetPartW
PathIsRelativeW
StrStrIW

wininet

HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetConnectW
InternetOpenW
InternetCloseHandle
InternetSetOptionW

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

wcscpy
strcpy
_CxxThrowException
strncpy
_snprintf
wcsncat
_wcslwr
sprintf
strchr
strcat
strlen
wcsstr
_itow
abs
swscanf
wcschr
_wcsicmp
rand
_snwprintf
_vsnwprintf
_wtoi
iswdigit
wcslen
free
_wtol
_purecall
memmove
realloc
memcpy
time
memset
wcsncpy
??2@YAPAXI@Z
__CxxFrameHandler
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_controlfp
__set_app_type
__p__fmode
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_except_handler3
__dllonexit
_onexit
_beginthreadex

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Module/ISMP.exe
.exe windows:4 windows x86 arch:x86

99b804816366d0d438638e8a7a487af0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
VirtualQuery
CreateProcessW
WideCharToMultiByte
lstrcpynW
MulDiv
GetProcAddress
LoadLibraryW
CreateEventW
lstrlenA
MultiByteToWideChar
OutputDebugStringW
GetStartupInfoW
GetModuleHandleW
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SizeofResource
FreeResource
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
SetEvent
CreateMutexW
DeleteCriticalSection
GetLastError
WaitForSingleObject
TerminateThread
FlushInstructionCache
InterlockedIncrement
InterlockedDecrement
Sleep
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
InitializeCriticalSection
CloseHandle
FreeLibrary
GetCurrentThreadId
GetCurrentProcess
SetProcessWorkingSetSize
GetPrivateProfileIntW
lstrlenW
DebugBreak

user32

SetTimer
KillTimer
ShowWindow
InvalidateRect
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetClipboardData
SetWindowPos
LoadIconW
MapWindowPoints
GetParent
GetWindow
SetClipboardData
EmptyClipboard
OpenClipboard
SetWindowTextW
IsClipboardFormatAvailable
UpdateWindow
PostQuitMessage
GetWindowLongW
DefWindowProcW
DestroyWindow
CopyRect
MoveWindow
PostMessageW
GetWindowPlacement
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
SetForegroundWindow
SetFocus
IntersectRect
LoadStringW
PostThreadMessageW
CallWindowProcW
BringWindowToTop
ScreenToClient
GetCursorPos
PtInRect
ReleaseCapture
IsChild
DrawTextW
GetDesktopWindow
FindWindowExW
FindWindowW
LoadImageW
DestroyIcon
DrawIconEx
OffsetRect
CharNextW
wvsprintfW
CreateWindowExW
SetWindowLongW
SetCapture
ClientToScreen
IsRectEmpty
IsWindowVisible
ReleaseDC
EndPaint
BeginPaint
GetDC
SetCursor
CloseClipboard
DestroyCursor
GetWindowRect
SystemParametersInfoW
GetClientRect

gdi32

DeleteObject
BitBlt
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
DPtoLP
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
ExtTextOutW
SetDIBitsToDevice
GetDIBits
GetPaletteEntries
GetObjectA
StretchDIBits
DeleteDC

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ole32

CoCreateInstance
CoInitialize
OleUninitialize
CoUninitialize
OleInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString
DispCallFunc

comctl32

_TrackMouseEvent

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathIsRelativeW
PathAppendW
PathRemoveBackslashW

libpng13

ord18
ord136
ord75
ord74
ord12
ord8
ord7
ord122
ord76
ord17
ord108
ord99
ord87
ord100
ord43
ord39
ord118

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
sscanf
ceil
floor
remove
sprintf
fopen
fprintf
fclose
strncmp
_CxxThrowException
_ftol
malloc
__set_app_type
memcmp
_itow
wcschr
_wtoi
iswdigit
rand
_snwprintf
_vsnwprintf
wcscmp
__p___argc
__p___wargv
swscanf
wcsstr
free
_beginthreadex
memmove
memcpy
??2@YAPAXI@Z
realloc
wcslen
memset
wcsncpy
_wcsicmp
_purecall
__CxxFrameHandler
??1type_info@@UAE@XZ
abs
_controlfp

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Module/ISServer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3a05a92206160ce85456c639719f9750

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
HeapDestroy
lstrcpyW
lstrcatW
LoadLibraryW
GetFileSize
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentThread
ReadFile
WriteFile
lstrcpynW
GetShortPathNameW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
LoadLibraryA
GetProcAddress
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SizeofResource
FreeResource
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
FreeLibrary
CreateFileA
InterlockedIncrement
DeviceIoControl
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
Sleep
CreateProcessW
VirtualQuery
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
InitializeCriticalSection
OutputDebugStringW
DebugBreak
lstrlenA
CreateEventW
GetLastError
CloseHandle
SetEvent
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
InterlockedDecrement
MulDiv

user32

CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
wvsprintfW
LoadStringW
GetClassInfoExW
LoadCursorW
wsprintfW
EndPaint
FindWindowW
FindWindowExW
MoveWindow
DefWindowProcW
PostMessageW
DestroyWindow
SendMessageW
RegisterClassExW
SetWindowPos
GetClientRect
ShowWindow
GetWindowRect
UpdateWindow
InvalidateRect
SetTimer
IsWindowVisible
SetWindowTextW
BringWindowToTop
SetForegroundWindow
PtInRect
GetCursorPos
GetParent
GetWindowPlacement
CopyRect
PostThreadMessageW
SetFocus
GetDesktopWindow
ScreenToClient
IsChild
DispatchMessageW
TranslateMessage
GetMessageW
GetDC
BeginPaint
DrawTextW
LoadImageW
DestroyIcon
DrawIconEx
IsRectEmpty
IntersectRect
SetCapture
ClientToScreen
CallNextHookEx
SetWindowsHookExW
SetCursor
DestroyCursor
ReleaseCapture
ReleaseDC

gdi32

CreateDIBSection
CreateFontIndirectW
ExtTextOutW
GetDeviceCaps
SetBkMode
SetBkColor
SetTextColor
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
DPtoLP
SetDIBitsToDevice
GetDIBits
StretchDIBits
DeleteDC

advapi32

AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyW

shell32

ShellExecuteExW

ole32

OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize

oleaut32

RegisterTypeLi
SysStringLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
VariantCopy
LoadTypeLi
DispCallFunc

comctl32

_TrackMouseEvent

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathAddBackslashW
PathAppendW
PathIsRelativeW
StrRChrW
StrStrIW
UrlGetPartW
StrRStrIW
PathRemoveBackslashW
PathRemoveFileSpecW

wininet

InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetConnectW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpSendRequestW
InternetGetConnectedState

libexpatw

ord21
ord63
ord7
ord17
ord53
ord50
ord18
ord52
ord31
ord25

libpng13

ord39
ord43
ord100
ord87
ord99
ord108
ord17
ord122
ord7
ord8
ord12
ord74
ord75
ord118
ord136
ord18
ord76

imagehlp

MakeSureDirectoryPathExists

libsqlite

ord4
ord1
ord3
ord2

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

localtime
mktime
memcmp
_itow
memmove
swscanf
_snwprintf
wcschr
wcsstr
memset
wcsncpy
_wtoi
iswdigit
wcslen
rand
memcpy
_wcsicmp
_wtol
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
strncpy
_CxxThrowException
strcpy
_ltow
_adjust_fdiv
_initterm
strlen
strcat
strchr
sprintf
_snprintf
_beginthreadex
_vsnwprintf
time
wcscmp
free
realloc
abs
malloc
_ftol
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
ceil
floor
strncmp
fopen
fclose
fprintf
_wcslwr
wcsncat
wcscpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IS_ExportISSite

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module/ISServer_Up.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3a05a92206160ce85456c639719f9750

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
HeapDestroy
lstrcpyW
lstrcatW
LoadLibraryW
GetFileSize
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentThread
ReadFile
WriteFile
lstrcpynW
GetShortPathNameW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
LoadLibraryA
GetProcAddress
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SizeofResource
FreeResource
SetErrorMode
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
FreeLibrary
CreateFileA
InterlockedIncrement
DeviceIoControl
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
Sleep
CreateProcessW
VirtualQuery
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
InitializeCriticalSection
OutputDebugStringW
DebugBreak
lstrlenA
CreateEventW
GetLastError
CloseHandle
SetEvent
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
InterlockedDecrement
MulDiv

user32

CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
wvsprintfW
LoadStringW
GetClassInfoExW
LoadCursorW
wsprintfW
EndPaint
FindWindowW
FindWindowExW
MoveWindow
DefWindowProcW
PostMessageW
DestroyWindow
SendMessageW
RegisterClassExW
SetWindowPos
GetClientRect
ShowWindow
GetWindowRect
UpdateWindow
InvalidateRect
SetTimer
IsWindowVisible
SetWindowTextW
BringWindowToTop
SetForegroundWindow
PtInRect
GetCursorPos
GetParent
GetWindowPlacement
CopyRect
PostThreadMessageW
SetFocus
GetDesktopWindow
ScreenToClient
IsChild
DispatchMessageW
TranslateMessage
GetMessageW
GetDC
BeginPaint
DrawTextW
LoadImageW
DestroyIcon
DrawIconEx
IsRectEmpty
IntersectRect
SetCapture
ClientToScreen
CallNextHookEx
SetWindowsHookExW
SetCursor
DestroyCursor
ReleaseCapture
ReleaseDC

gdi32

CreateDIBSection
CreateFontIndirectW
ExtTextOutW
GetDeviceCaps
SetBkMode
SetBkColor
SetTextColor
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
DPtoLP
SetDIBitsToDevice
GetDIBits
StretchDIBits
DeleteDC

advapi32

AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyW

shell32

ShellExecuteExW

ole32

OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize

oleaut32

RegisterTypeLi
SysStringLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
VariantCopy
LoadTypeLi
DispCallFunc

comctl32

_TrackMouseEvent

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathAddBackslashW
PathAppendW
PathIsRelativeW
StrRChrW
StrStrIW
UrlGetPartW
StrRStrIW
PathRemoveBackslashW
PathRemoveFileSpecW

wininet

InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetConnectW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpSendRequestW
InternetGetConnectedState

libexpatw

ord21
ord63
ord7
ord17
ord53
ord50
ord18
ord52
ord31
ord25

libpng13

ord39
ord43
ord100
ord87
ord99
ord108
ord17
ord122
ord7
ord8
ord12
ord74
ord75
ord118
ord136
ord18
ord76

imagehlp

MakeSureDirectoryPathExists

libsqlite

ord4
ord1
ord3
ord2

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

localtime
mktime
memcmp
_itow
memmove
swscanf
_snwprintf
wcschr
wcsstr
memset
wcsncpy
_wtoi
iswdigit
wcslen
rand
memcpy
_wcsicmp
_wtol
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
strncpy
_CxxThrowException
strcpy
_ltow
_adjust_fdiv
_initterm
strlen
strcat
strchr
sprintf
_snprintf
_beginthreadex
_vsnwprintf
time
wcscmp
free
realloc
abs
malloc
_ftol
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
ceil
floor
strncmp
fopen
fclose
fprintf
_wcslwr
wcsncat
wcscpy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IS_ExportISSite

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module/LibSQLite.dll
.dll windows:4 windows x86 arch:x86

7204d22764aeeda785057ace71be3bb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
DeleteFileA
Sleep
GetFileAttributesW
DeleteFileW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
CloseHandle
ReadFile
WriteFile
GetLastError
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc

msvcrt

_pctype
_isctype
__mb_cur_max
sprintf
_iob
_ftol
strncmp
tolower
localtime
atoi
free
malloc
realloc
calloc
memmove
toupper
strncpy
_initterm
_adjust_fdiv

Exports

Exports

sqlite3_bind_text
sqlite3_close
sqlite3_errmsg
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_open
sqlite3_prepare
sqlite3_step

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module/NTServer.exe
.exe windows:4 windows x86 arch:x86

949d3cc4cc24f0dcc7eb01c28ac61f2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
FreeLibrary
CloseHandle
SetErrorMode
Sleep
TerminateThread
WaitForSingleObject
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
InterlockedIncrement
GetCurrentProcess
OutputDebugStringW
MultiByteToWideChar
lstrlenA
SetEvent
GetLastError
CreateEventW
DebugBreak
GetModuleFileNameW
VirtualQuery
CreateProcessW
GetProcAddress
LoadLibraryW
CreateMutexW
GetModuleHandleW
GetStartupInfoW
SetProcessWorkingSetSize
InterlockedDecrement
ExitProcess

user32

SendMessageTimeoutW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
KillTimer
SetTimer
FindWindowExW
FindWindowW
CharNextW
wvsprintfW
LoadStringW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
SetWindowPos
PostMessageW
DefWindowProcW
DestroyWindow
PeekMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathAddBackslashW
StrRChrW
PathAppendW
PathIsRelativeW

wininet

InternetGetConnectedState

msvcrt

__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__p___argc
__p___wargv
_wcsicmp
_itow
swscanf
_initterm
_ltow
wcsncpy
_wtoi
iswdigit
rand
memset
_snwprintf
_controlfp
_vsnwprintf
__set_app_type
wcsstr
free
memmove
__setusermatherr
wcschr
_purecall
realloc
memcpy
_beginthreadex
_set_error_mode
time
__p__fmode
__p__commode
__CxxFrameHandler
??2@YAPAXI@Z
_wtol
localtime
wcscmp
wcslen
_adjust_fdiv

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Module/POSPtl/Category/main.html
.html
Module/POSPtl/Keyword/main.html
.html
Module/POSPtl/POSList
Module/POSPtl/PtlTest/main.html
.html
Module/POSPtl/Ticket/main.html
.html .js polyglot
Module/POSPtl/TicketTel/main.html
.html .js polyglot
Module/POSPtl/Url/main.html
.html
Module/POSPtl/Utility/Utility.js
Module/POSPtl/Utility/jQuery.js
.js
Module/POSPtl/VIDEO/main.html
.html .js polyglot
Module/StgServer.exe
.exe windows:4 windows x86 arch:x86

569fc42bab62eaf62c7f7e1d09fcfb97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
lstrlenW
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
InterlockedDecrement
MultiByteToWideChar
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateEventW
InitializeCriticalSection
TerminateThread
VirtualQuery
WideCharToMultiByte
FreeLibrary
Sleep
GetCurrentThreadId
HeapDestroy
FlushInstructionCache
GetCurrentProcess
CreateMutexW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetStartupInfoW
CloseHandle
GetModuleFileNameW
DeleteCriticalSection

user32

GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
DestroyWindow
LoadStringW
CharNextW
wvsprintfW
PostMessageW
PeekMessageW
PostThreadMessageW
CallWindowProcW
GetWindowLongW
DefWindowProcW
PostQuitMessage
SendMessageW
ShowWindow
CreateWindowExW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
SetWindowLongW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW
PathAddBackslashW
StrRChrW
StrStrIW
PathAppendW
PathIsRelativeW

libsqlite

ord1
ord7
ord8
ord6
ord9
ord5
ord4
ord3
ord2

msvcrt

_wtoi
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_controlfp
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_wtol
realloc
free
wcsncat
_wcslwr
strlen
wcsstr
memmove
swscanf
wcschr
_ltow
rand
_snwprintf
_vsnwprintf
_itow
iswdigit
wcslen
memcpy
__CxxFrameHandler
??2@YAPAXI@Z
wcsncpy
memset
_purecall
wcscmp
_wcsicmp
_beginthreadex
__set_app_type

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Module/libexpatw.dll
.dll windows:4 windows x86 arch:x86

1a490f676e8231b1dadc7415c6879db6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
_initterm
realloc
_adjust_fdiv
malloc
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module/libpng13.dll
.dll windows:4 windows x86 arch:x86

c44d1e29f03195f89662f06d6bd14fb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

zlib1

deflateReset
deflateInit2_
deflateEnd
deflate
inflateEnd
inflateInit_
inflate
inflateReset
crc32

msvcrt

_adjust_fdiv
_initterm
gmtime
fflush
fwrite
sprintf
strncpy
longjmp
malloc
free
abort
_setjmp3
fread
_ftol
_CIpow
strtod

kernel32

DisableThreadLibraryCalls

Exports

Exports

png_access_version_number
png_build_grayscale_palette
png_check_sig
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_struct
png_destroy_struct_2
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_asm_flagmask
png_get_asm_flags
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_ptr
png_get_libpng_ver
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pixel_aspect_ratio
png_get_pixels_per_meter
png_get_progressive_ptr
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_meter
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_libpng_ver
png_malloc
png_malloc_default
png_malloc_warn
png_memcpy_check
png_memset_check
png_mmx_support
png_permit_empty_plte
png_permit_mng_features
png_process_data
png_progressive_combine_row
png_read_end
png_read_image
png_read_info
png_read_init
png_read_init_2
png_read_init_3
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_asm_flags
png_set_bKGD
png_set_background
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_dither
png_set_error_fn
png_set_expand
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gray_1_2_4_to_8
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_progressive_read_fn
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_strip_error_numbers
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_init
png_write_init_2
png_write_init_3
png_write_png
png_write_row
png_write_rows

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Module/zlib1.dll
.dll windows:4 windows x86 arch:x86

58ebe63bde2e8d9e022f7f601830ac71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_fdopen
fopen
_errno
malloc
sprintf
fwrite
fread
fclose
free
fprintf
fflush
fseek
fputc
strerror
clearerr
_initterm
_adjust_fdiv
_vsnprintf
ftell

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pages/default.htm
.html .js polyglot
Pages/default_pd.htm
.html .js polyglot
Pages/default_video.htm
.html .js polyglot
Pages/default_web.htm
.html .js polyglot
Pages/images/add_bg.png
.png
Pages/images/add_channel.gif
.gif
Pages/images/alert_header.gif
.gif
Pages/images/blank.gif
.gif
Pages/images/button_line.gif
.gif
Pages/images/close_alert.gif
.gif
Pages/images/close_win.gif
.gif
Pages/images/error_icon.gif
.gif
Pages/images/float_close_win.gif
.gif
Pages/images/icon_add.gif
.gif
Pages/images/icon_alert_header.png
.png
Pages/images/icon_close.gif
.gif
Pages/images/icon_delete.png
.png
Pages/images/icon_edit.gif
.gif
Pages/images/icon_fd.gif
.gif
Pages/images/icon_open.gif
.gif
Pages/images/icon_refresh.png
.png
Pages/images/icon_rss.gif
.gif
Pages/images/img_add.gif
.gif
Pages/images/item_4.gif
.gif
Pages/images/item_5.gif
.gif
Pages/images/item_6.gif
.gif
Pages/images/line.gif
.gif
Pages/images/line_pd.gif
.gif
Pages/images/load.gif
.gif
Pages/images/load_img_left.gif
.gif
Pages/images/load_img_right.gif
.gif
Pages/images/menu_line.gif
.gif
Pages/images/nav_head_background.gif
.gif
Pages/images/pd/1.gif
.gif
Pages/images/pd/2.gif
.gif
Pages/images/pd/3.gif
.gif
Pages/images/remind_add_backgroundk.gif
.gif
Pages/images/remind_bg_page.gif
.gif
Pages/images/remind_icon_fd.gif
.gif
Pages/images/remind_img_add.gif
.gif
Pages/images/remind_img_bottom.gif
.gif
Pages/images/remind_img_down.gif
.gif
Pages/images/remind_img_page.gif
.gif
Pages/images/remind_img_refresh.gif
.gif
Pages/images/remind_img_refresh_focus.gif
.gif
Pages/images/remind_img_top.gif
.gif
Pages/images/remind_img_up.gif
.gif
Pages/images/test.gif
.gif
Pages/images/test_idx.gif
.gif
Pages/images/tic_add.gif
.gif
Pages/images/tic_search.gif
.gif
Pages/images/video/1.gif
.gif
Pages/images/view_link.gif
.gif
Pages/images/web/1.gif
.gif
Pages/images/web/2.gif
.gif
Pages/images/web/3.gif
.gif
Pages/images/web/4.gif
.gif
Pages/js/common.js
.js
Pages/js/divShow.js
.js
Pages/js/jQuery.js
.js
Pages/js/netRequest.js
Pages/js/png.js
.js
Pages/js/public.js
.js
Pages/js/site.js
.js
Pages/js/sub.js
.js
Pages/js/ticket.js
.js
Pages/list.htm
.html .js polyglot
Pages/listTips.htm
.html .js polyglot
Pages/miaoyong/list.htm
.html .js polyglot
Pages/miaoyong/ticket.htm
.html .js polyglot
Pages/style/layout.css
Pages/sub.htm
.html
Readme.txt
Skins/GP/gp_frame.png
.png
Skins/GP/gp_tips.png
.png
Skins/MP/mp_button.png
.png
Skins/MP/mp_button_on.png
.png
Skins/MP/mp_client.png
.png
Skins/MP/mp_close.png
.png
Skins/MP/mp_close_on.png
.png
Skins/MP/mp_close_over.png
.png
Skins/MP/mp_frame.png
.png
Skins/MP/mp_max.png
.png
Skins/MP/mp_max_on.png
.png
Skins/MP/mp_max_over.png
.png
Skins/MP/mp_min.png
.png
Skins/MP/mp_min_on.png
.png
Skins/MP/mp_min_over.png
.png
iSpirit.exe
.exe windows:4 windows x86 arch:x86

f2fec689dfb15a9f35971a4fcbc0190d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetProcAddress
LoadLibraryW
SetErrorMode
CloseHandle
GetCurrentProcess
GetLastError
GetCurrentThread
GetFileAttributesW
WideCharToMultiByte
OutputDebugStringW
GetModuleFileNameW
VirtualQuery
CreateProcessW
GetVersionExW
MoveFileExW
TerminateProcess
OpenProcess
DeviceIoControl
CreateFileA
LoadLibraryA
GetModuleHandleW
GetStartupInfoW
DebugBreak
lstrlenA
lstrlenW
InitializeCriticalSection
GetCurrentThreadId
FreeLibrary
Sleep
MoveFileW
RemoveDirectoryW
DeleteFileW

user32

CharNextW
MessageBoxW
SendMessageW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
LoadStringW
wvsprintfW

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegDeleteValueW
RegCreateKeyW

ole32

OleInitialize
CoCreateInstance
OleUninitialize
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
PathAddBackslashW
StrRChrW
PathIsRelativeW
SHGetValueW
PathAppendW
StrStrIW
UrlGetPartW

imagehlp

MakeSureDirectoryPathExists

wininet

InternetGetConnectedState
InternetConnectW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW
InternetOpenW
HttpAddRequestHeadersW

netapi32

Netbios

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_wcsicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_purecall
_itow
_wcsnicmp
_snwprintf
_vsnwprintf
_wtoi
iswdigit
wcslen
wcsstr
wcschr
_exit
memmove
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
_wtol
wcscpy
strcpy
_CxxThrowException
strncpy
_snprintf
wcsncat
memcpy
??2@YAPAXI@Z
_wcslwr
sprintf
strchr
strcat
__CxxFrameHandler
wcsncpy
memset
__p___wargv
__p___argc
strlen

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ûЭ.txt

Sharing

General

Malware Config

Signatures

Files

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 280KB

.rsrc Size: 25KB - Virtual size: 25KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

1d8ef7eba9406e9611753a7518547943

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

urlmon

shlwapi

imagehlp

setupapi

version

msvcrt

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

ddff6b1558b866f73c716b8e22e820cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp60

shlwapi

wininet

netapi32

version

msvcrt

Sections

.text Size: 48KB - Virtual size: 46KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 16KB - Virtual size: 15KB