286d5061e1f31e7db7075f975c3a8a64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

286d5061e1f31e7db7075f975c3a8a64_JaffaCakes118
Size

6.1MB
MD5

286d5061e1f31e7db7075f975c3a8a64
SHA1

af5fb96333c53ecde96b7c100ff72a5e9c97a89f
SHA256

d7b7b44a97867f535b5477bd551cb7dd22e456bb67c8766caa94767b4b4f3212
SHA512

95ed3075d0ab7422220d268e5a1f0d6349d66746ba99cf18d2d40f2fbdc4b9bf932a6002d0413f6b6f597c86a771fbfc9ac836ae5ce2c88a63856edd8369d169
SSDEEP

196608:tHEkjqVo/wGUVz6cF/9nVlYZD7QxukHBXGhGaA:tHFjIK1yzfdpOD7Qxuk52GaA

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/config/ACATStat.dll
unpack001/config/antiLeech.dll.new
unpack001/config/countryflag.dll
unpack001/config/countryflag32.dll
unpack001/dbghelp.dll
unpack001/emule.exe
unpack001/lang/zh_CN.dll
unpack001/tools/IP 数据库 ip-to-country.csv 汉化扩展程序/i2chan.exe
unpack001/tools/LinkCreator.exe

Files

286d5061e1f31e7db7075f975c3a8a64_JaffaCakes118
.rar
ChangeLog.txt
Template.eMuleSkin.ini
config/ACATStat.dll
.dll windows:4 windows x86 arch:x86

842f29ecffea66c749a8e61353a14ec6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\emule-ACAT\install\files\ACATStat.pdb

Imports

ws2_32

htons
htonl
socket
sendto
closesocket

kernel32

SetEndOfFile
GetLastError
CreateFileA
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
HeapSize
SetFilePointer
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetStdHandle
ReadFile
LoadLibraryA
GetLocaleInfoW

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

Exports

Exports

_readInLicense@16
_sendStatistic@32

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/antiLeech.dll.new
.dll windows:4 windows x86 arch:x86

9088a12e8d581eb2e19db7034b864ca5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Tools\C++\emule\191\antileech_v4\Release\antiLeech.pdb

Imports

kernel32

DeleteCriticalSection
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
RaiseException
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemInfo
VirtualProtect
FlushFileBuffers
ExitProcess
HeapFree
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
VirtualQuery
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetFilePointer
MultiByteToWideChar
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
SetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

MessageBoxW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

shlwapi

StrCmpIW
StrStrIW
StrStrW

Exports

Exports

DLPCheckHelloTag
DLPCheckInfoTag
DLPCheckModstring_Hard
DLPCheckModstring_Soft
DLPCheckNameAndHashAndMod
DLPCheckUserhash
DLPCheckUsername_Hard
DLPCheckUsername_Soft
GetDLPVersion
TestFunc

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/countryflag.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Tools\C++\emule\191\CN-191\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/countryflag32.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\CompileProject\eMule0.47c-Sources\CN-189-Original\flag\Dynamic\flag.pdb

Sections

.rdata
Size: 4KB - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config/ip-to-country.csv
config/ipfilter.dat
config/nodes.dat
config/preferences.ini
config/server.met
config/staticservers.dat
config/webservices.dat
config/新云软件.url
.url
dbghelp.dll
.dll windows:5 windows x86 arch:x86

bfdf63b29852e4529780d92b76de1d65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_adjust_fdiv
__dllonexit
_initterm
_except_handler3
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
wcscmp
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_onexit
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
_strnicmp
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
lstrcmpW
SuspendThread
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetCurrentThreadId
GetThreadSelectorEntry
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
emule.exe
.exe windows:4 windows x86 arch:x86

01a51d3c309e465728fb2bed952918f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Tools\C++\emule\191\CN-191\Release\emule.pdb

Imports

kernel32

GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
SetStdHandle
CreateThread
ExitThread
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
IsBadWritePtr
GetOEMCP
GetStringTypeA
GetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsBadReadPtr
IsBadCodePtr
GetDriveTypeA
SetEnvironmentVariableA
GlobalSize
CreateFileA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
InterlockedDecrement
InterlockedIncrement
SetThreadPriority
FreeResource
SetFilePointer
WaitForMultipleObjects
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
GetSystemDirectoryA
ReadFile
WriteFile
GetOverlappedResult
GetProcessHeap
HeapAlloc
HeapFree
TerminateThread
DeviceIoControl
Beep
SetLastError
GetSystemInfo
VirtualAlloc
GetDateFormatA
GetTimeFormatA
PeekNamedPipe
GetFileInformationByHandle
GetFileType
TerminateProcess
LocalFree
MulDiv
GetTimeZoneInformation
FindClose
lstrlenA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
SetEvent
ResumeThread
WritePrivateProfileStringA
GetPrivateProfileStringA
SetThreadLocale
GetSystemDefaultLCID
GlobalAlloc
GlobalFree
SetConsoleCtrlHandler
GlobalLock
GlobalUnlock
LoadLibraryA
FreeLibrary
RaiseException
GetFileSize
GetTickCount
GetCurrentThreadId
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
Sleep
LoadResource
LockResource
SizeofResource
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalFlags
SetErrorMode
VirtualProtect
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GlobalDeleteAtom
GetVersionExA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
ReleaseMutex
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
SuspendThread
lstrcmpA
LocalAlloc
SetEndOfFile

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey

user32

GetDlgItem
wsprintfA
IsWindow
IsWindowVisible
DestroyWindow
MessageBoxA
FrameRect
UpdateWindow
InvalidateRect
CreateIconIndirect
GetIconInfo
CopyRect
InflateRect
OffsetRect
DrawFocusRect
GetClientRect
GetActiveWindow
GetNextDlgTabItem
GetParent
WindowFromPoint
DestroyMenu
DestroyCursor
SetCursor
GetSubMenu
CreatePopupMenu
ScreenToClient
RedrawWindow
GetCursorPos
SetWindowPos
GetAsyncKeyState
SetForegroundWindow
DrawEdge
DrawFrameControl
SetRect
CloseClipboard
SetCapture
ReleaseCapture
GetMessagePos
GetWindow
GetFocus
GetWindowDC
MapWindowPoints
GetKeyState
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
DeleteMenu
SetParent
UnpackDDElParam
ReuseDDElParam
SetMenu
InvalidateRgn
SetWindowContextHelpId
MapDialogRect
EndDialog
ShowOwnedPopups
EndPaint
BeginPaint
PostQuitMessage
GetDesktopWindow
GetSysColor
FillRect
GetClassNameA
GetDC
ReleaseDC
ClientToScreen
GetWindowRect
SetTimer
ExitWindowsEx
KillTimer
UnhookWindowsHookEx
CallNextHookEx
EmptyClipboard
SetClipboardData
EnumWindows
GetSystemMetrics
PtInRect
OpenClipboard
IsWindowEnabled
MoveWindow
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
DestroyIcon
GetCapture
BringWindowToTop
IsChild
ChildWindowFromPointEx
SubtractRect
ShowWindow
SetWindowRgn
TranslateMessage
ShowCursor
SetRectEmpty
GetWindowTextA
SetDlgItemTextA
SetWindowTextA
ScrollDC
CheckMenuRadioItem
AdjustWindowRectEx
IsRectEmpty
CopyIcon
ShowScrollBar
DrawIconEx
CopyImage
SetMenuDefaultItem
EqualRect
MessageBeep
FlashWindow
SetActiveWindow
SetFocus
IsIconic
GetSystemMenu
RemoveMenu
GetMenuItemCount
EnableMenuItem
CheckMenuItem
CreateMenu
DrawIcon
IntersectRect
GetDoubleClickTime
GetSysColorBrush
GetMenu
IsMenu
GetWindowRgn
GetScrollInfo
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsZoomed
GetMenuItemID
GetMenuState
ValidateRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
SystemParametersInfoA
GetDlgCtrlID
SetWindowPlacement
SetScrollInfo
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenu
ScrollWindow
GetMessageTime
GetTopWindow
GetLastActivePopup
GetForegroundWindow

gdi32

PtVisible
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetBkColor
CreateRectRgn
GetBitmapBits
SetBitmapBits
CreateDIBSection
SetDIBColorTable
GdiFlush
CreateRectRgnIndirect
Rectangle
RealizePalette
RectVisible
Escape
CombineRgn
SetBkMode
SetBitmapDimensionEx
CreatePalette
CreatePen
GetBitmapDimensionEx
Ellipse
LPtoDP
CreateEllipticRgn
GetRgnBox
SelectPalette
SetBoundsRect
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
CreatePolygonRgn
FillRgn
OffsetRgn
SetRectRgn
SaveDC
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
RestoreDC
GetDIBits
PatBlt
SetPixelV
CreatePatternBrush
SetTextAlign
CreateSolidBrush
Polygon
GetTextColor
CreateCompatibleBitmap
GetPixel
SetPixel
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DPtoLP
GetDeviceCaps
CreateBitmap
CreateBrushIndirect
DeleteObject

shell32

SHGetMalloc
DragFinish
SHAppBarMessage

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

crypt32

CryptEncryptMessage
CertOpenSystemStoreW
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertNameToStrW
CertGetNameStringW
CertGetCertificateContextProperty

iphlpapi

GetBestRoute
GetIpAddrTable
GetBestInterface

comctl32

ImageList_Remove
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetOverlayImage
ImageList_GetImageCount
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_DrawIndirect
PropertySheetW
ImageList_LoadImageW
ImageList_Create

shlwapi

PathFileExistsW
PathMatchSpecW
PathRenameExtensionW
PathRemoveFileSpecW
PathIsRelativeW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathCanonicalizeW
PathAddBackslashW
PathStripToRootW
PathStripPathW
PathGetArgsW
PathIsUNCW
PathCombineW
UrlUnescapeW
StrStrIW

ole32

OleCreateStaticFromData
OleSetContainedObject
CreateStreamOnHGlobal
CoTaskMemAlloc
StgOpenStorage
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleDuplicateData
CoFreeUnusedLibraries

oleaut32

OleCreateFontIndirect
SafeArrayCreate
SafeArrayGetElemsize
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
OleLoadPicture
VariantChangeType
VariantCopy
DispCallFunc

urlmon

FindMimeFromData

wininet

InternetCrackUrlW
InternetReadFile
InternetCloseHandle
InternetErrorDlg
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetCanonicalizeUrlW

winspool.drv

ClosePrinter

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 664KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lang/zh_CN.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skins/eMule Light.tmpl
.js
skins/eMule.tmpl
.js
tools/IP 数据库 ip-to-country.csv 汉化扩展程序/i2chan.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tools/IP 数据库 ip-to-country.csv 汉化扩展程序/i2chan.ini
tools/LinkCreator.exe
.exe windows:4 windows x86 arch:x86

d0f5c2b3f1ff2a5bbb3edc0099d992f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\eclipse302\workspace\LinkCreator\Release\LinkCreator.pdb

Imports

ws2_32

inet_addr

wininet

InternetOpenA
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
SetErrorMode
ExitProcess
RtlUnwind
TerminateProcess
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
ExitThread
CreateThread
RaiseException
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
VirtualQuery
SetEnvironmentVariableA
GlobalFlags
GetFileTime
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
GlobalAddAtomA
GetCurrentThread
FreeLibrary
GlobalDeleteAtom
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
GetModuleFileNameA
lstrcmpA
GetLastError
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
ReleaseMutex
CreateMutexA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
SetThreadPriority
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
GetModuleHandleA
FindResourceExA
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
CreateFileA
GetFileSize
CloseHandle
WideCharToMultiByte
ResumeThread
FindResourceA
LoadResource
LockResource
SizeofResource
SetThreadLocale
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime

user32

GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
RegisterClassA
UnregisterClassA
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
PostQuitMessage
wsprintfA
MessageBoxA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetFocus
GetParent
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
CharUpperA
SetForegroundWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadCursorA
SetCursor
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
ModifyMenuA
AppendMenuA
DrawIcon
PostMessageA
GetClassInfoA

gdi32

DeleteDC
GetStockObject
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
PtVisible

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA
PathFindExtensionA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
webserver/add_server.gif
.gif
webserver/arrow_down.gif
.gif
webserver/arrow_up.gif
.gif
webserver/arrow_up_q.gif
.gif
webserver/black.gif
.gif
webserver/blue1.gif
.gif
webserver/blue2.gif
.gif
webserver/blue3.gif
.gif
webserver/blue4.gif
.gif
webserver/blue5.gif
.gif
webserver/blue6.gif
.gif
webserver/checked.gif
.gif
webserver/checked_no.gif
.gif
webserver/complete.gif
.gif
webserver/completing.gif
.gif
webserver/connecting.gif
.gif
webserver/ct_0.gif
.gif
webserver/ct_1.gif
.gif
webserver/ct_a.gif
.gif
webserver/ct_h.gif
.gif
webserver/ct_l.gif
.gif
webserver/ct_m.gif
.gif
webserver/ct_s.gif
.gif
webserver/ct_u.gif
.gif
webserver/disconnected.gif
.gif
webserver/downloading.gif
.gif
webserver/error.gif
.gif
webserver/failed.gif
.gif
webserver/favicon.ico
webserver/file.gif
.gif
webserver/filedown.gif
.gif
webserver/filetype_archive.gif
.gif
webserver/filetype_audio.gif
.gif
webserver/filetype_cdimage.gif
.gif
webserver/filetype_document.gif
.gif
webserver/filetype_emulecollection.gif
.gif
webserver/filetype_other.gif
.gif
webserver/filetype_picture.gif
.gif
webserver/filetype_program.gif
.gif
webserver/filetype_video.gif
.gif
webserver/green.gif
.gif
webserver/greenpercent.gif
.gif
webserver/h_emule.gif
.gif
webserver/h_graph.gif
.gif
webserver/h_graphs.gif
.gif
webserver/h_kad.gif
.gif
webserver/h_log.gif
.gif
webserver/h_preferences.gif
.gif
webserver/h_search.gif
.gif
webserver/h_server.gif
.gif
webserver/h_shared.gif
.gif
webserver/h_statistic.gif
.gif
webserver/h_transfer.gif
.gif
webserver/hashing.gif
.gif
webserver/high.gif
.gif
webserver/is_a4af.gif
.gif
webserver/is_banned.gif
.gif
webserver/is_credit.gif
.gif
webserver/is_friend.gif
.gif
webserver/is_getflc.gif
.gif
webserver/is_halfcmtbad.gif
.gif
webserver/is_halfcmtgood.gif
.gif
webserver/is_halfnone.gif
.gif
webserver/is_none.gif
.gif
webserver/is_release.gif
.gif
webserver/is_static.gif
.gif
webserver/l_add.gif
.gif
webserver/l_calendar.gif
.gif
webserver/l_cancel.gif
.gif
webserver/l_catarrow.gif
.gif
webserver/l_category.gif
.gif
webserver/l_catprio.gif
.gif
webserver/l_clear.gif
.gif
webserver/l_clock.gif
.gif
webserver/l_close.gif
.gif
webserver/l_comments.gif
.gif
webserver/l_con.gif
.gif
webserver/l_connect.gif
.gif
webserver/l_dndoublearrow.gif
.gif
webserver/l_downarrow.gif
.gif
webserver/l_ed2klink.gif
.gif
webserver/l_filedonkey.gif
.gif
webserver/l_filesearch.gif
.gif
webserver/l_forum.gif
.gif
webserver/l_friend.gif
.gif
webserver/l_getflc.gif
.gif
webserver/l_hasherror.gif
.gif
webserver/l_homepage.gif
.gif
webserver/l_info.gif
.gif
webserver/l_logout.gif
.gif
webserver/l_none.gif
.gif
webserver/l_options.gif
.gif
webserver/l_pause.gif
.gif
webserver/l_reboot.gif
.gif
webserver/l_remove.gif
.gif
webserver/l_rename.gif
.gif
webserver/l_resume.gif
.gif
webserver/l_search.gif
.gif
webserver/l_server.gif
.gif
webserver/l_shared.gif
.gif
webserver/l_showcat.gif
.gif
webserver/l_shutdown.gif
.gif
webserver/l_sources_0.gif
.gif
webserver/l_sources_10.gif
.gif
webserver/l_sources_25.gif
.gif
webserver/l_sources_5.gif
.gif
webserver/l_sources_50.gif
.gif
webserver/l_static.gif
.gif
webserver/l_stop.gif
.gif
webserver/l_timer.gif
.gif
webserver/l_timer_off.gif
.gif
webserver/l_uparrow.gif
.gif
webserver/l_updoublearrow.gif
.gif
webserver/l_users.gif
.gif
webserver/l_version.gif
.gif
webserver/login_bottom.gif
.gif
webserver/login_downmain.gif
.gif
webserver/login_lefttop.gif
.gif
webserver/login_righttop.gif
.gif
webserver/login_top.gif
.gif
webserver/login_topdown.gif
.gif
webserver/login_topseperator.gif
.gif
webserver/logo.jpg
.jpg
webserver/low.gif
.gif
webserver/m_category.gif
.gif
webserver/m_catprio.gif
.gif
webserver/m_clearcompleted.gif
.gif
webserver/main_bg.gif
.gif
webserver/main_menubg.gif
.gif
webserver/main_topbar.gif
.gif
webserver/main_topbardarker.gif
.gif
webserver/main_topbarseperator.gif
.gif
webserver/p_black.gif
.gif
webserver/p_blue1.gif
.gif
webserver/p_blue2.gif
.gif
webserver/p_blue3.gif
.gif
webserver/p_blue4.gif
.gif
webserver/p_blue5.gif
.gif
webserver/p_blue6.gif
.gif
webserver/p_green.gif
.gif
webserver/p_greenpercent.gif
.gif
webserver/p_red.gif
.gif
webserver/p_yellow.gif
.gif
webserver/paused.gif
.gif
webserver/qs_con.jpg
.jpg
webserver/qs_down.jpg
.jpg
webserver/qs_up.jpg
.jpg
webserver/qs_user.jpg
.jpg
webserver/red.gif
.gif
webserver/stalled.gif
.gif
webserver/stats_0.gif
.gif
webserver/stats_1.gif
.gif
webserver/stats_10.gif
.gif
webserver/stats_11.gif
.gif
webserver/stats_12.gif
.gif
webserver/stats_13.gif
.gif
webserver/stats_14.gif
.gif
webserver/stats_15.gif
.gif
webserver/stats_16.gif
.gif
webserver/stats_17.gif
.gif
webserver/stats_2.gif
.gif
webserver/stats_3.gif
.gif
webserver/stats_4.gif
.gif
webserver/stats_5.gif
.gif
webserver/stats_6.gif
.gif
webserver/stats_7.gif
.gif
webserver/stats_8.gif
.gif
webserver/stats_9.gif
.gif
webserver/stats_back.gif
.gif
webserver/stats_con.gif
.gif
webserver/stats_down.gif
.gif
webserver/stats_hidden.gif
.gif
webserver/stats_space.gif
.gif
webserver/stats_up.gif
.gif
webserver/stats_visible.gif
.gif
webserver/stopped.gif
.gif
webserver/t_complete.gif
.gif
webserver/t_completing.gif
.gif
webserver/t_connecting.gif
.gif
webserver/t_downloading.gif
.gif
webserver/t_error.gif
.gif
webserver/t_hashing.gif
.gif
webserver/t_next.gif
.gif
webserver/t_paused.gif
.gif
webserver/t_stalled.gif
.gif
webserver/t_stopped.gif
.gif
webserver/t_uploading.gif
.gif
webserver/t_waiting.gif
.gif
webserver/t_waitinghash.gif
.gif
webserver/transparent.gif
.gif
webserver/waiting.gif
.gif
webserver/waitinghash.gif
.gif
webserver/yellow.gif
.gif

Sharing

General

Malware Config

Signatures

Files

842f29ecffea66c749a8e61353a14ec6

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 261KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 24KB - Virtual size: 28KB

.reloc Size: 36KB - Virtual size: 34KB

9088a12e8d581eb2e19db7034b864ca5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 912B

.reloc Size: 8KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 104B

.rsrc Size: 264KB - Virtual size: 260KB

.reloc Size: 4KB - Virtual size: 8B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 127B

.rsrc Size: 324KB - Virtual size: 321KB

.reloc Size: 4KB - Virtual size: 8B

bfdf63b29852e4529780d92b76de1d65

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

version

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 440KB

.data Size: 10KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 25KB - Virtual size: 25KB

01a51d3c309e465728fb2bed952918f2

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

.text
Size: 264KB - Virtual size: 261KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 24KB - Virtual size: 28KB

.reloc
Size: 36KB - Virtual size: 34KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 912B

.reloc
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 104B

.rsrc
Size: 264KB - Virtual size: 260KB

.reloc
Size: 4KB - Virtual size: 8B

.rdata
Size: 4KB - Virtual size: 127B

.rsrc
Size: 324KB - Virtual size: 321KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 440KB - Virtual size: 440KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 664KB - Virtual size: 662KB

.data
Size: 68KB - Virtual size: 2.4MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 4KB - Virtual size: 8B

CODE
Size: 358KB - Virtual size: 358KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 68KB - Virtual size: 66KB