32582781f267e54185ba65121a2b26a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32582781f267e54185ba65121a2b26a8_JaffaCakes118
Size

4.2MB
MD5

32582781f267e54185ba65121a2b26a8
SHA1

5c373f5939f8e4b503086c5443fde292357d68c4
SHA256

f31f39a87c14e471f172ae4cebc4b652640f90a2e05a263f39e767eaa6968abf
SHA512

b3766ca67ac25e92f3e87285a3d453cca5162905f5ed578d44a9c34a93173174fc267f9b42ae65b7e4e0016f83963fdd01df293d92d4dc3dfb9c41147acb4efd
SSDEEP

49152:Yp+CVEx99pfMLptmP1l4thtvPCHB7w2+XLSv01DPuoo0dm5VJekVwb6fCVRaqxnv:TdpiKchl47F+7SEPuoTmz11CjozDE

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/绿鹰PC万能精灵/rars.dll	aspack_v212_v242
static1/unpack001/绿鹰PC万能精灵/unrar.dll	aspack_v212_v242

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/绿鹰PC万能精灵/ERegCleaner.exe
unpack001/绿鹰PC万能精灵/ExtnDll.dll
unpack001/绿鹰PC万能精灵/FileNuke.exe
unpack001/绿鹰PC万能精灵/FileSeek.exe
unpack001/绿鹰PC万能精灵/NetSafe/CoolSearch.dll
unpack001/绿鹰PC万能精灵/NetSafe/CoolSearch.exe
unpack001/绿鹰PC万能精灵/QQClean.exe
unpack001/绿鹰PC万能精灵/SkinPPWTL.dll
unpack001/绿鹰PC万能精灵/SoftPanel.exe
unpack001/绿鹰PC万能精灵/TweakAssistKrnl.dll
unpack001/绿鹰PC万能精灵/acorp.exe
unpack001/绿鹰PC万能精灵/alg.exe
unpack001/绿鹰PC万能精灵/antiARP.exe
unpack001/绿鹰PC万能精灵/bttom.jpg
unpack001/绿鹰PC万能精灵/haldr.dll
unpack001/绿鹰PC万能精灵/miscs.dll
unpack001/绿鹰PC万能精灵/msvcm.dll
unpack001/绿鹰PC万能精灵/pthreadVC2.dll
unpack001/绿鹰PC万能精灵/rars.dll
unpack001/绿鹰PC万能精灵/unins000.exe
unpack001/绿鹰PC万能精灵/unrar.dll
unpack001/绿鹰PC万能精灵/update.exe
unpack001/绿鹰PC万能精灵/upload.exe

Files

32582781f267e54185ba65121a2b26a8_JaffaCakes118
.rar
绿鹰PC万能精灵/BlockList.txt
绿鹰PC万能精灵/ERegCleaner.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 64KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/ExtnDll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

35e67594e9a4de08c80ed089a9f06041

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrcpyA
lstrcpynW
lstrcpynA
lstrcatA
GlobalLock
DisableThreadLibraryCalls
GlobalUnlock
GetModuleFileNameA
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
lstrlenA

user32

SetMenuItemBitmaps
LoadBitmapA
InsertMenuA

gdi32

DeleteObject

shell32

ShellExecuteA
DragQueryFileA

atl

ord16
ord15
ord21
ord57
ord32
ord23
ord18

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegDeleteValueA

ole32

ReleaseStgMedium

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

??2@YAPAXI@Z
memcpy
_purecall
__CxxFrameHandler
sprintf
memset
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/FileNuke.exe
.exe windows:4 windows x86 arch:x86

26d89edbe1f8c996aa7da33f08504dac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterClipboardFormatA

gdi32

DeleteObject

comdlg32

GetSaveFileNameA

winspool.drv

DocumentPropertiesA

advapi32

InitializeSecurityDescriptor

shell32

DragFinish

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries

olepro32

ord253

oleaut32

VariantCopy

shlwapi

PathFileExistsA

ntdll

_strupr

Sections

.text
Size: 132KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/FileSeek.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 23KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/NetSafe/BlockLst.txt
绿鹰PC万能精灵/NetSafe/CoolSearch.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

??0CHttpSocket@@QAE@ABV0@@Z
??0CHttpSocket@@QAE@XZ
??1CHttpSocket@@UAE@XZ
??4CHttpSocket@@QAEAAV0@ABV0@@Z
??_7CHttpSocket@@6B@
?CloseSocket@CHttpSocket@@QAEHXZ
?Connect@CHttpSocket@@QAEHPADH@Z
?FormatRequestHeader@CHttpSocket@@QAEPBDPAD0AAJ00JJH@Z
?GetField@CHttpSocket@@QAEHPBDPADH@Z
?GetRequestHeader@CHttpSocket@@QBEHPADH@Z
?GetResponseHeader@CHttpSocket@@QAEPBDAAH@Z
?GetResponseLine@CHttpSocket@@QAEHPADH@Z
?GetServerState@CHttpSocket@@QAEHXZ
?Receive@CHttpSocket@@QAEJPADJ@Z
?SendRequest@CHttpSocket@@QAEHPBDJ@Z
?SetTimeout@CHttpSocket@@QAEHHH@Z
?Socket@CHttpSocket@@QAEHXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t4166775
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1jtq8ac1
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7zq169yh
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ay805my.
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

205tdt4u
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

opyif2sc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/NetSafe/CoolSearch.exe
.exe windows:4 windows x86 arch:x86

d0ca7918b4a62348691583e58d0a51d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5450
ord5834
ord6394
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2107
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord4160
ord2863
ord2379
ord755
ord470
ord2044
ord1576
ord2448
ord2841
ord801
ord541
ord3663
ord5572
ord5683
ord4129
ord6877
ord4202
ord940
ord2818
ord860
ord858
ord825
ord535
ord540
ord551
ord2764
ord924
ord2915
ord800
ord641
ord537

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_setmbcp
_mbscmp
__CxxFrameHandler
_mbsicmp
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_except_handler3

kernel32

GetModuleFileNameA
WinExec
GetCommandLineA
GetStartupInfoA
GetShortPathNameA
GetModuleHandleA

user32

EnableWindow
GetSystemMetrics
DrawIcon
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
LoadIconA
GetClientRect

shell32

ShellExecuteA

winmm

mciSendStringA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/NetSafe/exitad.dll
绿鹰PC万能精灵/NetSafe/logo.bmp
绿鹰PC万能精灵/NetSafe/nav.bmp
绿鹰PC万能精灵/NetSafe/nav_hot.bmp
绿鹰PC万能精灵/NetSafe/options.html
.html
绿鹰PC万能精灵/NetSafe/toolbar_config.xml
.xml
绿鹰PC万能精灵/QQClean.exe
.exe windows:4 windows x86 arch:x86

8997478477f6b678054d9bddd74bd5e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5450
ord5834
ord6394
ord4275
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord3744
ord567
ord818
ord6242
ord2642
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord616
ord609
ord795
ord656
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord4234
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord3402
ord3721
ord1146
ord1168
ord2302
ord2379
ord755
ord470
ord4224
ord3873
ord2107
ord2044
ord3874
ord6199
ord2448
ord2841
ord801
ord541
ord6407
ord268
ord5583
ord1567
ord6662
ord6385
ord350
ord3663
ord3616
ord3127
ord5651
ord354
ord5186
ord3318
ord1979
ord665
ord533
ord5194
ord1997
ord798
ord5683
ord4129
ord1105
ord1200
ord5710
ord6877
ord4202
ord536
ord2818
ord941
ord860
ord858
ord825
ord535
ord540
ord551
ord2764
ord356
ord924
ord2770
ord2781
ord3178
ord3181
ord2915
ord1980
ord668
ord800
ord3922
ord537
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
printf
_except_handler3
_mbscmp
__CxxFrameHandler
_mbsicmp
_mkdir
_chdir
_access
_CxxThrowException
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
_controlfp

kernel32

GetVersionExA
Sleep
SetFileAttributesA
RemoveDirectoryA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
CreateProcessA
FindNextFileA
GetCurrentDirectoryA
CreateDirectoryA
TerminateThread
GetStartupInfoA
GetTempPathA
GetSystemDirectoryA
FindClose
FindFirstFileA
DeleteFileA
GetShortPathNameA
GetTickCount
HeapFree
WaitForSingleObject

user32

SetWindowTextA
LoadIconA
DrawIcon
GetWindowRect
GetSystemMetrics
ScreenToClient
IsIconic
CreateWindowExA
GetWindowTextA
ShowWindow
SendMessageA
SetWindowLongA
GetDlgItem
EndDialog
SetFocus
wsprintfA
GetClientRect
EnableWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/QQMsg/Answer.txt
绿鹰PC万能精灵/QQMsg/Ask.txt
绿鹰PC万能精灵/QQMsg/BestLove.txt
绿鹰PC万能精灵/QQMsg/Bless.txt
绿鹰PC万能精灵/QQMsg/Bye.txt
绿鹰PC万能精灵/QQMsg/Feeling.txt
绿鹰PC万能精灵/QQMsg/Fight.txt
绿鹰PC万能精灵/QQMsg/Hello.txt
绿鹰PC万能精灵/QQMsg/Help.txt
绿鹰PC万能精灵/QQMsg/Humor.txt
绿鹰PC万能精灵/QQMsg/LIE.TXT
绿鹰PC万能精灵/QQMsg/Me.txt
绿鹰PC万能精灵/QQMsg/Motion.txt
绿鹰PC万能精灵/QQMsg/Number.txt
绿鹰PC万能精灵/QQMsg/PIC.TXT
绿鹰PC万能精灵/QQMsg/PRAISE.TXT
绿鹰PC万能精灵/QQMsg/Rouma.txt
绿鹰PC万能精灵/QQMsg/SHUA.TXT
绿鹰PC万能精灵/QQMsg/Security.txt
绿鹰PC万能精灵/QQMsg/Symbol.txt
绿鹰PC万能精灵/QQMsg/chat.txt
绿鹰PC万能精灵/QQMsg/finghtOK.txt
绿鹰PC万能精灵/RisingDragon.dll
绿鹰PC万能精灵/SkinBlue.jpg
.jpg
绿鹰PC万能精灵/SkinEagleGreen.jpg
.jpg
绿鹰PC万能精灵/SkinGhost.jpg
.jpg
绿鹰PC万能精灵/SkinGreen.jpg
.jpg
绿鹰PC万能精灵/SkinPPWTL.dll
.dll windows:4 windows x86 arch:x86

5e3f362515c0beb831e8808f9a051357

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetCursorPos

gdi32

SetBkColor

comdlg32

ChooseColorA

advapi32

RegSetValueExW

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

comctl32

ImageList_Destroy

msimg32

AlphaBlend

msvcrt

_initterm

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z

Exports

Exports

??0CSkinIniFile@@QAE@ABV0@@Z
??0CSkinIniFile@@QAE@VCString@WTL@@@Z
??0CSkinIniFile@@QAE@XZ
??1CSkinIniFile@@UAE@XZ
??4CSkinIniFile@@QAEAAV0@ABV0@@Z
??_7CSkinIniFile@@6B@
?DeleteKey@CSkinIniFile@@QAE_NABVCString@WTL@@@Z
?DeleteValue@CSkinIniFile@@QAE_NABVCString@WTL@@0@Z
?FindKey@CSkinIniFile@@QAEHABVCString@WTL@@@Z
?FindValue@CSkinIniFile@@QAEHHABVCString@WTL@@@Z
?GetNumKeys@CSkinIniFile@@QAEHXZ
?GetNumValues@CSkinIniFile@@QAEHVCString@WTL@@@Z
?GetValue@CSkinIniFile@@QAE?AVCString@WTL@@ABV23@00@Z
?GetValue@CSkinIniFile@@QAE?AVCString@WTL@@ABV23@HAAV23@@Z
?GetValueF@CSkinIniFile@@QAENABVCString@WTL@@0@Z
?GetValueI@CSkinIniFile@@QAEHABVCString@WTL@@0H@Z
?ReadFile@CSkinIniFile@@QAE_NABVCString@WTL@@@Z
?ReadFile@CSkinIniFile@@QAE_NPAEH@Z
?ReadProfile@CSkinIniFile@@QAEXABVCString@WTL@@@Z
?Reset@CSkinIniFile@@QAEXXZ
?SetPath@CSkinIniFile@@QAEXABVCString@WTL@@@Z
?SetValue@CSkinIniFile@@QAE_NABVCString@WTL@@000_N@Z
?SetValueF@CSkinIniFile@@QAE_NABVCString@WTL@@0N_N@Z
?SetValueI@CSkinIniFile@@QAE_NABVCString@WTL@@0HH_N@Z
?WriteFile@CSkinIniFile@@QAEXXZ
?getline2@CSkinIniFile@@QAEHVCString@WTL@@AAV23@@Z
?getline@CSkinIniFile@@QAEAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV23@AAVCString@WTL@@@Z
?skinppDrawSkinObject@@YAXPAUHDC__@@UtagRECT@@W4DRAWTYPE@@H@Z
?skinppGetBitmapRes@@YAPAUHBITMAP__@@PBD@Z
?skinppGetBitmapResRect@@YAHPBDAAH111@Z
?skinppGetBitmapSize@@YAXPAUHBITMAP__@@AAH1@Z
?skinppGetImageListFromID@@YAPAU_IMAGELIST@@H@Z
?skinppGetMainFrameMenu@@YAPAUHMENU__@@XZ
?skinppGetMultiLangMenu@@YAPAUHMENU__@@XZ
?skinppGetResFromID@@YAPAUHBITMAP__@@W4SKINOBJTYPE@@HH@Z
?skinppGetResFromID@@YAPAXPAU_ResourceInfo@@@Z
?skinppGetSkinResource@@YAPAEPBDAAH@Z
?skinppLoadLanguageStr@@YAHPBDPADH@Z
?skinppLoadSkinFromRes@@YAHPAUHINSTANCE__@@PBD1PAD@Z
?skinppLoadString@@YAHHPADH@Z
?skinppSetBackgroundDC@@YAXPAUHWND__@@PAUHDC__@@@Z
?skinppSetButtonSounds@@YAXPAUHWND__@@PBD1@Z
?skinppSetButtonTooltip@@YAXPAUHWND__@@PBD@Z
?skinppSetCustomDraw@@YAXPAUHWND__@@H@Z
?skinppSetDialogBkClipRgn@@YAXPAUHWND__@@HH@Z
?skinppSetDialogEraseBkgnd@@YAXPAUHWND__@@H@Z
?skinppSetDrawMenu@@YAXPAUHMENU__@@H@Z
?skinppSetMenuItemImage@@YAHIPAU_IMAGELIST@@H@Z
?skinppSetMenuSkinObjectID@@YAXPAUHWND__@@H@Z
?skinppSetNoDrawText@@YAXPAUHWND__@@H@Z
?skinppSetSkinOwnerMenu@@YAXH@Z
?skinppSetStaticFont@@YAHHPBDH@Z
?skinppSetStaticTextAlign@@YAHHH@Z
?skinppSetStaticTextColor@@YAHHK@Z
?skinppSetStatusBarTransparent@@YAXPAUHWND__@@H@Z
?skinppSetTabItemImageID@@YAXPAUHWND__@@HH@Z
skinppExitSkin
skinppGetDefaultSysColor
skinppGetIconFromRes
skinppGetSkinSysColor
skinppInitializeSkin
skinppLoadSkin
skinppRemoveSkin
skinppRemoveSkinHwnd
skinppSetFreeDlgID
skinppSetListBoxItemDrawInfo
skinppSetListHeaderCtrlItemID
skinppSetListHeaderSortInfo
skinppSetNoSkinHwnd
skinppSetSkinHwnd
skinppSetSkinResID
skinppSetTrackPopupMenuID
skinppSetWindowResID

Sections

.text
Size: 192KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/SkinPale.jpg
.jpg
绿鹰PC万能精灵/SkinSea.jpg
.jpg
绿鹰PC万能精灵/SkinVista.jpg
.jpg
绿鹰PC万能精灵/SoftPanel.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 25KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/TweakAssistKrnl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

44af361d563b3bde9206c8bcf448ccd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetWindowRect

gdi32

CreateSolidBrush

shlwapi

SHGetValueA

msvcrt

_initterm

Exports

Exports

DllRegisterServer
DllUnregisterServer
TWControl
TWInit

Sections

.text
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/acorp.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 118KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/alg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 166KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 31KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/antiARP.exe
.exe windows:4 windows x86 arch:x86

ed64c7b354e3ef807e8c462251a845d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\My Documents\Visual Studio 2005\Projects\NetworkRepairer\release\NetworkRepairer.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
SetErrorMode
lstrlenA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageW
LocalFree
InterlockedDecrement
MulDiv
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
SetLastError
GlobalAddAtomW
GlobalUnlock
GlobalFree
FreeResource
lstrlenW
WritePrivateProfileStringW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentProcess
ResumeThread
SuspendThread
CreateThread
ExitThread
CloseHandle
Sleep
GetSystemDirectoryW
WaitForSingleObject
CreateProcessW
TerminateProcess
lstrcpyW

user32

DestroyMenu
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
UnregisterClassW
GetSysColorBrush
GetActiveWindow
SetActiveWindow
LoadCursorW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
PostMessageW
EnableWindow
MessageBoxA
ExitWindowsEx
KillTimer
SetTimer
SendMessageW
GetCursorPos
GetSubMenu
LoadMenuW
UpdateWindow
InvalidateRect
AnimateWindow
SetForegroundWindow
IsWindowVisible
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconW
RegisterWindowMessageW
GetMenu
UnregisterClassA

gdi32

DeleteDC
GetStockObject
RectVisible
GetDeviceCaps
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/bttom.jpg
.dll windows:4 windows x86 arch:x86

1873a1aa5041bf862d9953ea3e12bd3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeServiceDescriptorTable
RtlInitUnicodeString
ObfDereferenceObject
RtlVolumeDeviceToDosName
ZwClose
RtlFreeUnicodeString
MmGetSystemRoutineAddress
RtlAnsiStringToUnicodeString
RtlInitString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
KeInitializeSpinLock
tolower
strncmp
IoGetCurrentProcess
PsGetVersion
strncpy
ObReferenceObjectByHandle
PsProcessType
ObQueryNameString
PsLookupProcessByProcessId
ZwQuerySystemInformation
_strnicmp
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
PsLookupThreadByThreadId
RtlCompareString
ZwOpenProcess
IoDeleteDevice
wcsncmp
ZwQueryObject
ZwDuplicateObject
NtOpenProcess
ZwCreateFile
IofCompleteRequest
_except_handler3
KeDelayExecutionThread
sprintf
ZwQueryInformationProcess
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ObReferenceObjectByPointer
_strupr
RtlUpperString
ZwSetSystemTime
ZwSetValueKey
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
MmMapIoSpace
MmGetPhysicalAddress
memmove
KeSetEvent
KeWaitForSingleObject
MmIsAddressValid
ExAllocatePoolWithTag
KeInitializeApc
KeInsertQueueApc
ExFreePool
PsTerminateSystemThread

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/exitad.dll
绿鹰PC万能精灵/haldr.dll
.dll windows:4 windows x86 arch:x86

422b275c99224a0f6119efbf0f505749

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord541
ord801
ord2841
ord2448
ord6199
ord2044
ord2107
ord5450
ord5834
ord6394
ord1168
ord1253
ord342
ord1182
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord2301
ord4234
ord2859
ord6334
ord1199
ord4476
ord3089
ord4853
ord3092
ord6605
ord6215
ord4710
ord755
ord470
ord2514
ord3571
ord3619
ord3573
ord3626
ord4160
ord2414
ord640
ord5787
ord5785
ord1640
ord323
ord1146
ord1641
ord2754
ord6880
ord2379
ord4299
ord2086
ord2385
ord3663
ord5572
ord5683
ord4129
ord2915
ord2818
ord860
ord858
ord823
ord825
ord535
ord540
ord551
ord800
ord3259
ord537

msvcrt

_adjust_fdiv
malloc
_initterm
free
_except_handler3
_onexit
__dllonexit
fgets
__CxxFrameHandler
_mbscmp
fseek
?terminate@@YAXXZ

kernel32

GetModuleFileNameA
GetProcAddress
GetModuleHandleA

user32

ReleaseDC
SetWindowPos
GetClientRect
SetWindowLongA
MessageBeep
LoadBitmapA
GetSysColor
GetWindowRect
InvalidateRect
KillTimer
SystemParametersInfoA
GetSystemMetrics
EnableWindow
GetWindowLongA
IsWindow
GetDC
SetTimer
SendMessageA

gdi32

GetObjectA
CreateCompatibleDC
ExtFloodFill
CreateFontA
GetStockObject
CreateSolidBrush

shell32

SHGetFileInfoA

Exports

Exports

??0CTipDlg@@QAE@PADPAVCWnd@@@Z
??1CTipDlg@@UAE@XZ
??_7CTipDlg@@6B@
??_FCTipDlg@@QAEXXZ
?DefWindowProcA@CTipDlg@@MAEJIIJ@Z
?DoDataExchange@CTipDlg@@MAEXPAVCDataExchange@@@Z
?DoModal@CTipDlg@@UAEHXZ
?DoPaint@CTipDlg@@QAEXPAVCDC@@H@Z
?GetMessageMap@CTipDlg@@MBEPBUAFX_MSGMAP@@XZ
?GetNextTipString@CTipDlg@@IAEXAAVCString@@@Z
?OnClose@CTipDlg@@QAEXXZ
?OnCreate@CTipDlg@@QAEHPAUtagCREATESTRUCTA@@@Z
?OnCtlColor@CTipDlg@@QAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z
?OnInitDialog@CTipDlg@@UAEHXZ
?OnLButtonDown@CTipDlg@@QAEXIVCPoint@@@Z
?OnMouseMove@CTipDlg@@QAEXIVCPoint@@@Z
?OnNextTip@CTipDlg@@QAEXXZ
?OnOK@CTipDlg@@UAEXXZ
?OnPaint@CTipDlg@@QAEXXZ
?OnShowCANCEL@CTipDlg@@QAEXXZ
?OnShowNO@CTipDlg@@QAEXXZ
?OnShowOK@CTipDlg@@QAEXXZ
?OnTimer@CTipDlg@@QAEXI@Z
?_Create@CTipDlg@@UAEHPBD0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
?_GetBaseMessageMap@CTipDlg@@KGPBUAFX_MSGMAP@@XZ
?_GetMyExeDirectory@CTipDlg@@QAE?AVCString@@XZ
?_MyCreate@CTipDlg@@QAEHXZ
?_SetIcon@CTipDlg@@QAEXVCString@@0@Z
?_SetWindowText@CTipDlg@@QAEXVCString@@@Z
?_ShowReal@CTipDlg@@QAEXXZ
?_ShowWindow@CTipDlg@@QAEXH@Z
?_messageEntries@CTipDlg@@0QBUAFX_MSGMAP_ENTRY@@B
?messageMap@CTipDlg@@1UAFX_MSGMAP@@B

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sysetn
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/help.htm
.html
绿鹰PC万能精灵/hook.dll
绿鹰PC万能精灵/hosts.txt
绿鹰PC万能精灵/miscs.dll
.dll windows:4 windows x86 arch:x86

e345826a686a02c274ea4e4687ad5fec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

winmm

waveOutWrite

Exports

Exports

PlaySong
StopSong

Sections

CODE
Size: 29KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/msvcm.dll
.dll windows:4 windows x86 arch:x86

2e45a240ea4c64667f24732c5d853c15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

WSAStartup

psapi

GetModuleFileNameExA

mfc42

ord2107

msvcrt

_adjust_fdiv

user32

SetWindowsHookExA

version

GetFileVersionInfoSizeA

Exports

Exports

Instance
LoadFromBuff
LoadFromFile
SaveToFile

Sections

.text
Size: 14KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/pthreadVC2.dll
.dll windows:4 windows x86 arch:x86

5ced73490af19c86f0f842492dff3c41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

calloc

wsock32

WSAGetLastError

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 16KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/rars.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CONFCLAMD
CONFDIR
CONFFRESHCLAM

Sections

Size: 202KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/sfx.bmp
绿鹰PC万能精灵/unins000.dat
绿鹰PC万能精灵/unins000.dll
绿鹰PC万能精灵/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿鹰PC万能精灵/unrar.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

compress
crc32
deflate
deflateEnd
deflateInit
uncompress

Sections

Size: 260KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 61KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/update.exe
.exe windows:4 windows x86 arch:x86

7ea8343beffc4b48b5c64d53e71a2239

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CopyAcceleratorTableA

gdi32

SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CLSIDFromString

olepro32

ord253

oleaut32

VariantCopy

wsock32

WSAStartup

shlwapi

PathFileExistsA

wininet

InternetSetStatusCallback

Sections

.text
Size: 185KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/upload.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 63KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿鹰PC万能精灵/virus.update
绿鹰PC万能精灵/更新日志.txt
绿鹰PC万能精灵/绿鹰软件协议.txt

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 64KB - Virtual size: 192KB

.rsrc Size: 34KB - Virtual size: 36KB

35e67594e9a4de08c80ed089a9f06041

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

atl

advapi32

ole32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 1024B - Virtual size: 952B

26d89edbe1f8c996aa7da33f08504dac

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ntdll

Sections

.text Size: 132KB - Virtual size: 584KB

.rsrc Size: 31KB - Virtual size: 32KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 23KB - Virtual size: 104KB

.rsrc Size: 31KB - Virtual size: 32KB

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 140KB

t4166775 Size: 36KB - Virtual size: 36KB

.data Size: - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 8KB

1jtq8ac1 Size: - Virtual size: 16KB

7zq169yh Size: - Virtual size: 4KB

ay805my. Size: - Virtual size: 84KB

205tdt4u Size: 180KB - Virtual size: 184KB

.text
Size: 64KB - Virtual size: 192KB

.rsrc
Size: 34KB - Virtual size: 36KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 1024B - Virtual size: 952B

.text
Size: 132KB - Virtual size: 584KB

.rsrc
Size: 31KB - Virtual size: 32KB

.text
Size: 23KB - Virtual size: 104KB

.rsrc
Size: 31KB - Virtual size: 32KB

.text
Size: - Virtual size: 140KB

t4166775
Size: 36KB - Virtual size: 36KB

.data
Size: - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 8KB

1jtq8ac1
Size: - Virtual size: 16KB

7zq169yh
Size: - Virtual size: 4KB

ay805my.
Size: - Virtual size: 84KB

205tdt4u
Size: 180KB - Virtual size: 184KB

opyif2sc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 192KB - Virtual size: 532KB

.rsrc
Size: 19KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 72KB

.rsrc
Size: 7KB - Virtual size: 8KB