3195bccc89f2d79e5f806474e2995706_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3195bccc89f2d79e5f806474e2995706_JaffaCakes118
Size

1023KB
MD5

3195bccc89f2d79e5f806474e2995706
SHA1

18791d23292f75de11ea4472b210ec33a4f0a1f2
SHA256

d81fdcc0520f1f01645e978ae21fcd7e01887044249d7ee1d0e018a6832320a5
SHA512

e09f258077d60e1979d6c5e109a373ae754d4b5f6f015b7fa26239b681be3c0f0f7c927d60d5c92b1ddc0b4ec724284e76d9d52896c4f1f0cdd477f5de960457
SSDEEP

24576:K2XwlCawZDWAGUxrlThp3sFIQnYZMBjYlCP2BlcEmxd055QaA:KawlCaFELD3st+M6ljBlcEmxK5Oz

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InetLoad.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/Util.dll
unpack001/Generic.exe
unpack001/comdlg32.dll
unpack001/oledlg.dll
unpack001/wininet.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

3195bccc89f2d79e5f806474e2995706_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:27:1b:f6:8a:f3:ff:cf:07:89:0a:b2:19:eb:6e:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28-04-2009 00:00

Not After

28-04-2010 23:59

Subject

CN=EZ-Tracks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EZ-Tracks,L=Pearl River,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:3a:16:b2:02:9a:f9:4b:0b:f2:29:0a:85:61:e1:2b:ed:e9:39:62
Signer

Actual PE Digest

42:3a:16:b2:02:9a:f9:4b:0b:f2:29:0a:85:61:e1:2b:ed:e9:39:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Generic.bmp
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PO_BANNER.BMP
$PLUGINSDIR/PO_DIALOG.INI
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Util.dll
.dll windows:4 windows x86 arch:x86

1896c7275a66dc4dfdfbcfeafde6a84d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CreateFileA
FlushFileBuffers

ole32

CoCreateGuid

Exports

Exports

GetGuid
GetIdentifier
KillProc

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial_ComscorePO.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
EZicon.ico
Generic.exe
.exe windows:4 windows x86 arch:x86

5a6135ea06434de946327d5d03b918bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Doral.robichaud\My Documents\Visual Studio 2005\Projects\MusicManagers\GenMM\Release\GenMM.pdb

Imports

wininet

InternetConnectA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetQueryDataAvailable
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetReadFile

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetTickCount
GetFileAttributesA
GetFileTime
SetErrorMode
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetThreadLocale
GetStartupInfoA
RtlUnwind
RaiseException
SetStdHandle
GetFileType
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedIncrement
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
CompareStringA
GetVersion
InterlockedExchange
CompareStringW
MultiByteToWideChar
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetCurrentDirectoryA
CreateFileMappingA
FindNextChangeNotification
FindFirstChangeNotificationA
FindCloseChangeNotification
SetLastError
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateMutexA
FreeLibrary
lstrlenA
GetProcAddress
GetLastError
MoveFileExA
GetTempPathA
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetProcessHeap

user32

GetSysColorBrush
LoadCursorA
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
CharNextA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
CheckMenuItem
GetMenuState
GetMenuStringA
GetMenuItemID
GetSubMenu
CharUpperA
SetCursor
OffsetRect
SetCapture
GetCapture
CopyRect
UpdateWindow
ReleaseCapture
DestroyMenu
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
LoadIconA
LoadBitmapA
MapDialogRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetWindowTextLengthA
PostQuitMessage
DrawIcon
GetSystemMetrics
AppendMenuA
GetSystemMenu
IsIconic
GetWindowRect
EnableMenuItem
GetMenuItemCount
SendMessageA
GetParent
PostMessageA
KillTimer
GetSysColor
IsWindow
LoadImageA
EnableWindow
PtInRect
GetClientRect
GetWindowLongA
SetWindowLongA
InvalidateRect
GetActiveWindow
MessageBoxA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetWindowExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetViewportExtEx
CreateFontIndirectA
GetStockObject
SetViewportOrgEx
CreateSolidBrush
GetObjectA
DeleteObject
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
DragAcceptFiles
DragFinish

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CoFreeUnusedLibraries
CoCreateGuid
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

VariantClear
VariantCopy
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
comdlg32.dll
.dll windows:5 windows x86 arch:x86

ff239be815605548e0e52ee3fcb402ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shlwapi

ord217
PathFindFileNameW
ord175
ord219
ord215
StrCpyNW
PathSkipRootW
PathAddBackslashW
PathIsRootW
PathRemoveBlanksW
StrRChrW
ord346
ord266
SHRegGetBoolUSValueW
SHOpenRegStream2W
ord197
StrChrW
PathFindExtensionW
PathMatchSpecW
StrRetToBufW
UrlIsW
PathFileExistsW
PathCombineW
PathCreateFromUrlW
ord204
PathIsUNCW
StrCmpW
StrDupW
StrCatBuffW

kernel32

GetACP
GlobalAlloc
lstrcmpW
MulDiv
DeleteCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteFileW
GetTempFileNameW
GlobalLock
GlobalUnlock
GetLocaleInfoW
CreateEventW
GetModuleHandleW
GlobalFree
GetCurrentThreadId
InterlockedIncrement
FreeLibrary
ExpandEnvironmentStringsW
FreeResource
TlsSetValue
FindResourceW
LockResource
FindResourceExW
LoadResource
LocalAlloc
lstrlenA
MultiByteToWideChar
LocalFree
FindResourceA
InterlockedDecrement
CreateThread
GetModuleFileNameW
LoadLibraryW
FreeLibraryAndExitThread
WaitForSingleObject
ResetEvent
GetVolumeInformationW
SetEvent
GetDriveTypeW
FormatMessageW
lstrcpynW
GetUserDefaultLCID
CreateFileW
GetFullPathNameW
GetFileAttributesW
LocalShrink
CloseHandle
SetCurrentDirectoryW
lstrcmpiW
lstrcatW
LocalReAlloc
FindClose
FindFirstFileW
FindNextFileW
EnterCriticalSection
GetShortPathNameW
GetLastError
SetErrorMode
LeaveCriticalSection
GetCurrentDirectoryW
lstrcpyW
GetProcessVersion
lstrlenW
LoadLibraryA
WideCharToMultiByte
lstrcpyA
TlsGetValue
GetProcAddress
SizeofResource
GetProfileStringW
SetLastError
GlobalReAlloc
LocalSize
GetModuleHandleA
InterlockedExchange
RaiseException
GetVersionExA

user32

ClipCursor
ValidateRect
PtInRect
SetFocus
CopyRect
MapWindowPoints
SetPropW
SetCapture
ChildWindowFromPoint
ReleaseDC
SetDlgItemTextW
UpdateWindow
GetDlgItemTextW
SendDlgItemMessageW
EnableWindow
GetWindowRect
SetWindowPos
SendMessageW
GetDC
GetDlgItem
InvalidateRect
GetFocus
EndPaint
WinHelpW
IsWindowEnabled
FrameRect
BeginPaint
GetPropW
InflateRect
GetSysColor
DrawFocusRect
RemovePropW
DrawEdge
IntersectRect
GetWindowLongW
FillRect
MoveWindow
SetWindowLongW
GetClientRect
GetParent
ShowWindow
CallWindowProcW
EndDialog
SetWindowTextW
GetSysColorBrush
CreatePopupMenu
DestroyMenu
CreateDialogIndirectParamA
BeginDeferWindowPos
GetDlgCtrlID
DeferWindowPos
EndDeferWindowPos
GetWindow
PeekMessageW
DestroyIcon
LockWindowUpdate
CreateDialogIndirectParamW
FindWindowExW
TranslateAcceleratorW
RedrawWindow
GetSystemMenu
DeleteMenu
CallNextHookEx
SetWindowsHookExW
LoadAcceleratorsW
UnhookWindowsHookEx
GetWindowPlacement
wvsprintfW
DrawTextW
LoadIconW
LoadImageW
RegisterClipboardFormatW
GetKeyboardLayout
GetDlgItemTextA
SetDlgItemTextA
CheckRadioButton
DestroyWindow
IsWindow
RegisterWindowMessageA
RegisterWindowMessageW
DefWindowProcW
GrayStringW
wsprintfW
GetWindowTextW
MessageBoxW
MessageBeep
IsDlgButtonChecked
DlgDirListW
DialogBoxIndirectParamAorW
CreateDialogIndirectParamAorW
CharNextA
PostMessageW
EqualRect
SetCursor
CharNextW
CheckDlgButton
CharLowerW
LoadCursorW
ShowCursor
CreateWindowExW
ScreenToClient
GetSystemMetrics
GetDialogBaseUnits
LoadStringW
GetWindowLongA
DialogBoxIndirectParamW
KillTimer
SetTimer
CharPrevW
GetWindowTextLengthW
IsWindowVisible
GetDlgItemInt
SetDlgItemInt
GetKeyState
DrawIcon
SetWindowPlacement

gdi32

DeleteDC
SelectPalette
CreateSolidBrush
RealizePalette
SelectObject
GetStockObject
Rectangle
CreateCompatibleDC
GetNearestColor
CreatePen
BitBlt
LineTo
PatBlt
CreateCompatibleBitmap
CreateDIBitmap
MoveToEx
GetObjectW
GetTextMetricsW
CreateDiscardableBitmap
SetBkMode
SetTextColor
ExtTextOutW
GetTextExtentPointW
GetTextCharset
SetBkColor
GetDeviceCaps
SetViewportExtEx
EnumFontFamiliesExW
SetMapMode
GetWindowExtEx
SetWindowExtEx
GetMapMode
TranslateCharsetInfo
GetViewportExtEx
CreateFontIndirectW
GetTextCharsetInfo
TextOutW
CreateRectRgnIndirect
CreateFontW
SelectClipRgn
CreateDCW
GetCharWidth32W
DeleteObject
CreateICW
GetClipBox

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

comctl32

ord152
ord403
ord335
ord400
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Draw
ord328
ord386
ord339
ord329
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy
CreateToolbarEx
ord341
ord410
ord412
ord413
ord401
ord167
ord156
ord169
ord16
ord334
ord338

shell32

ord158
SHAddToRecentDocs
ord152
SHGetFolderLocation
ord712
ord173
ord42
ord95
ord24
ord19
ord153
ord190
ord654
ord21
ord68
SHGetSpecialFolderLocation
SHGetFileInfoW
ord28
ord100
ord25
ord77
SHGetPathFromIDListW
ord18
ord17
ord155
ord102
ord96
ord89
ord16
SHGetDesktopFolder
ord2
ord4
ord195
ord71
ord644
ord645
SheChangeDirExW
SHGetSpecialFolderPathW
ord714

msvcrt

memmove
_except_handler3

ntdll

RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeToMultiByteSize
RtlInitUnicodeString
RtlIsNameLegalDOS8Dot3

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ezicon.ico
kazaa.ico
oledlg.dll
.dll windows:5 windows x86 arch:x86

0ec674f4fcf12750e36b3ecb2ce5c98f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
iswctype
_except_handler3
wcschr
free
memmove

kernel32

FreeLibrary
GlobalFree
lstrcmpiA
GlobalUnlock
GetProcAddress
LoadLibraryW
GetShortPathNameW
lstrcmpW
MultiByteToWideChar
GetFileAttributesW
GetCurrentDirectoryW
TlsGetValue
GetVersion
SearchPathW
FindResourceW
LocalAlloc
TlsFree
LocalFree
GlobalSize
CreateEventW
CloseHandle
ResetEvent
WaitForSingleObject
MulDiv
FindNextFileW
DisableThreadLibraryCalls
GetVersionExW
lstrcmpiW
IsBadStringPtrW
lstrlenW
GlobalAlloc
GlobalLock
GetSystemTime
LoadResource
LockResource
GetTimeFormatW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDateFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetNumberFormatW
CompareFileTime
GetLocaleInfoW
IsBadReadPtr
IsBadCodePtr
IsBadWritePtr
TlsAlloc
WideCharToMultiByte
GetFullPathNameW
FindClose
FindFirstFileW
TlsSetValue

user32

SetWindowPos
ReleaseDC
EnableWindow
RegisterClipboardFormatW
GetWindowRect
WinHelpW
GetClipboardFormatNameW
IsDlgButtonChecked
UpdateWindow
InvalidateRect
GetDialogBaseUnits
GetClientRect
DestroyWindow
CharPrevW
MapWindowPoints
CreateIcon
GetSystemMetrics
GetFocus
RegisterWindowMessageW
DrawFocusRect
DrawIcon
GetSysColor
RegisterClassW
LoadCursorW
EndPaint
GetWindowWord
BeginPaint
FillRect
SetWindowWord
DefWindowProcW
CheckDlgButton
CharNextW
DestroyMenu
InsertMenuW
CreatePopupMenu
DeleteMenu
DialogBoxParamW
SetTimer
KillTimer
InflateRect
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
RemovePropW
ChangeClipboardChain
SetClipboardViewer
GetForegroundWindow
LoadBitmapW
ShowCursor
SetCursor
CharLowerW
GetPropW
GetCursorPos
ScreenToClient
ChildWindowFromPointEx
GetDlgCtrlID
SetPropW
IsIconic
GetLastActivePopup
SetForegroundWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
LoadIconW
GetDesktopWindow
IsWindow
GetWindowTextLengthW
IsWindowEnabled
GetDlgItemInt
MessageBoxW
CheckRadioButton
SetDlgItemInt
CreateWindowExW
GetDlgItem
ShowWindow
GetParent
SetFocus
DestroyIcon
SetDlgItemTextW
SendDlgItemMessageW
SetWindowTextW
PostMessageW
EndDialog
GetDlgItemTextW
SetWindowLongW
LoadStringW
SendMessageW
DialogBoxIndirectParamW
GetWindowLongW
GetDC

gdi32

SelectObject
GetStockObject
GetTextMetricsW
GetObjectW
DeleteObject
EnumMetaFile
SetViewportExtEx
SetViewportOrgEx
PlayMetaFile
RestoreDC
SaveDC
CreateFontIndirectW
SetDIBits
CreateBitmap
GetBitmapBits
ExtTextOutW
SetBkColor
CreateCompatibleBitmap
UnrealizeObject
SetBkMode
SetBrushOrgEx
SetTextColor
GetDeviceCaps
CreateSolidBrush
GetBkColor
BitBlt
DeleteDC
CreateICW
GetTextExtentPointW
CreateCompatibleDC
SetMapMode
PlayMetaFileRecord
GetMetaFileBitsEx

advapi32

RegNotifyChangeKeyValue
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCloseKey

ole32

OleCreate
CLSIDFromString
OleDuplicateData
StringFromCLSID
OleRegGetUserType
OleGetIconOfClass
ReleaseStgMedium
OleMetafilePictFromIconAndLabel
OleCreateLinkToFile
OleCreateFromFile
IsValidInterface
GetClassFile
CLSIDFromProgID
OleGetIconOfFile
CoGetMalloc
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
CoTaskMemFree
CoTaskMemRealloc

Exports

Exports

OleUIAddVerbMenuA
OleUIAddVerbMenuW
OleUIBusyA
OleUIBusyW
OleUICanConvertOrActivateAs
OleUIChangeIconA
OleUIChangeIconW
OleUIChangeSourceA
OleUIChangeSourceW
OleUIConvertA
OleUIConvertW
OleUIEditLinksA
OleUIEditLinksW
OleUIInsertObjectA
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIObjectPropertiesW
OleUIPasteSpecialA
OleUIPasteSpecialW
OleUIPromptUserA
OleUIPromptUserW
OleUIUpdateLinksA
OleUIUpdateLinksW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poinstallerv4.exe
.exe windows:4 windows x86 arch:x86

1a05f326eaa74878fdf8183271d9c333

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d4:a9:83:87:20:d7:b9:a6:06:cb:8e:1e:25:ad:ed
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

04-03-2008 00:00

Not After

04-03-2010 23:59

Subject

CN=Voicefive Networks\, Inc.,OU=Secure Application Development,O=Voicefive Networks\, Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Client\BundleInstall\SmallStandalone\BundleInstall.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCloseHandle
InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA

comctl32

ord17

wsock32

listen
setsockopt
closesocket
shutdown
bind
gethostbyname
htons
socket
accept
send
WSAGetLastError
__WSAFDIsSet
select
recv
WSASetLastError
WSAStartup
ioctlsocket
connect

kernel32

GetStartupInfoA
GetCurrentProcess
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
GetSystemTimeAsFileTime
Sleep
CreateDirectoryA
RemoveDirectoryA
SetEvent
OpenEventA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLangID
GetWindowsDirectoryA
SetFileAttributesA
GetFileAttributesA
WriteFile
GetTempPathA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
CreateProcessA
lstrcmpiA
ReadFile
CompareFileTime
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetLastError
FindClose
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
CopyFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemInfo
VirtualProtect
VirtualQuery
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CloseHandle
DeleteFileA
GetTickCount
GetTempFileNameA
GetModuleHandleA
CreateFileA
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
FileTimeToLocalFileTime
GetFileInformationByHandle
MoveFileExA
PeekNamedPipe
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
TerminateProcess
HeapReAlloc
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
LocalFree
LocalAlloc
OpenProcess
WaitForMultipleObjects
ResetEvent
ReleaseMutex
ReleaseSemaphore
CreateEventA
CreateMutexA
OpenMutexA
CreateSemaphoreA
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetDateFormatA
GetTimeFormatA
UnmapViewOfFile
GetComputerNameA
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
GetVersion
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
FormatMessageA
GetModuleFileNameW
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
InterlockedExchange
MultiByteToWideChar
lstrlenA
ExitProcess
RtlUnwind
RaiseException
FlushFileBuffers
SetFileTime
LocalFileTimeToFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
TlsAlloc
VirtualFree

user32

DispatchMessageA
GetSystemMetrics
LoadImageA
ExitWindowsEx
SetForegroundWindow
KillTimer
GetClientRect
SetWindowTextA
PostMessageA
SetWindowPos
LoadStringA
PostQuitMessage
GetDesktopWindow
GetWindowRect
MoveWindow
DestroyWindow
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
GetDC
ReleaseDC
LoadMenuA

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
SetSecurityInfo
SetFileSecurityA
IsValidSid
RegEnumKeyA
RegEnumValueA
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
RegEnumKeyExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegCreateKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegSetKeySecurity
RegSaveKeyA
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA
GetTokenInformation

ole32

OleInitialize
CoTaskMemFree
StringFromGUID2
OleRun
CoCreateInstance

oleaut32

CreateErrorInfo
VariantClear
VariantInit
SysFreeString
LoadTypeLi
DispGetIDsOfNames
VariantChangeType
SysAllocString
GetErrorInfo
SetErrorInfo

shlwapi

SHCopyKeyA

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
wininet.dll
.dll windows:5 windows x86 arch:x86

36a01a3294bd840b3a816e796ed756fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memchr
isdigit
strpbrk
isspace
isalnum
time
strtoul
_ftol
ispunct
iscntrl
isalpha
_purecall
_CxxThrowException
wcsncpy
sprintf
wcscat
wcsstr
wcslen
rand
_wtoi
wcscpy
_wcsnicmp
wcstok
_wcsicmp
wcscmp
malloc
free
realloc
_except_handler3
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
srand
isxdigit

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashA
PathRemoveFileSpecA
StrNCatA
ord419
StrChrA
ord215
SHDeleteKeyA
StrCmpNIW
ord342
wvnsprintfA
ord52
ord57
ord308
ord260
StrCmpNIA
StrStrA
ord151
ord217
UrlCombineW
UrlCanonicalizeW
ord340
UrlCombineA
UrlCanonicalizeA
ord153
PathCreateFromUrlA
UrlUnescapeA
StrNCatW
StrToIntW
StrCpyW
ord68
ord95
ord136
StrStrIA
StrCmpW
SHRegGetUSValueA
PathFindFileNameA
ord157
StrCmpNA
StrToIntA
StrCatBuffA
StrRChrA
StrCmpIW
ord59
ord107
SHSetValueW
ord356
ord437
ord309
StrStrIW
SHGetValueW
SHSetValueA
SHGetValueA
wnsprintfA
wnsprintfW
StrCpyNW
ord80
ord97
ord83
ord138
StrCatBuffW
ord310
ord311
ord143

crypt32

CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrA
CertControlStore
CertNameToStrA
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertCloseStore
CertFindExtension
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegCreateKeyExW

kernel32

ExpandEnvironmentStringsA
SuspendThread
TerminateThread
GetACP
RtlMoveMemory
ResetEvent
CreateThread
Sleep
SetErrorMode
FormatMessageA
lstrcatA
SystemTimeToFileTime
GetTickCount
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
GetDateFormatA
GetTimeFormatA
lstrcpyA
InterlockedCompareExchange
GetCurrentThread
GetCurrentProcess
IsBadReadPtr
ExitThread
GlobalFree
IsBadStringPtrW
DeleteFileA
IsBadCodePtr
IsBadWritePtr
SleepEx
GetModuleFileNameA
GetSystemTime
WritePrivateProfileStringA
WriteFile
SetFilePointer
ReadFile
FileTimeToSystemTime
LocalReAlloc
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
IsBadStringPtrA
CreateEventA
SetEvent
lstrcmpA
WaitForSingleObject
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
GetFileTime
ReleaseSemaphore
CreateSemaphoreA
LocalFileTimeToFileTime
IsDBCSLeadByte
GetSystemTimeAsFileTime
GetVersion
CompareStringA
GetFileAttributesA
GetEnvironmentVariableA
GetWindowsDirectoryA
RemoveDirectoryA
GetShortPathNameA
FileTimeToDosDateTime
GetPrivateProfileStringA
SetFileAttributesA
CreateDirectoryA
SetFileTime
CopyFileA
DeviceIoControl
GetDiskFreeSpaceA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DosDateTimeToFileTime
FlushViewOfFile
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
SetEndOfFile
GetUserDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameA
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
MultiByteToWideChar
GetProcAddress
LoadLibraryA
lstrcmpiA
GetLastError
FreeLibrary
lstrcpynA
lstrlenA
WideCharToMultiByte
InterlockedExchange
CloseHandle
OpenEventA
LeaveCriticalSection
EnterCriticalSection
SetLastError
LocalFree
GetVersionExA
GetFileSize
CreateFileA
GetSystemDirectoryA
lstrlenW
RaiseException
GetModuleHandleA
OpenMutexA

user32

RegisterClassA
IntersectRect
EqualRect
wsprintfW
LoadIconA
LoadImageA
DestroyIcon
SetForegroundWindow
EnumChildWindows
SetWindowTextA
GetParent
GetWindowRect
ScreenToClient
SetWindowPos
SendDlgItemMessageA
WinHelpA
CharNextExA
IsWindow
IsCharAlphaNumericA
SendMessageA
PostMessageA
FindWindowA
LoadStringA
ShowWindow
GetDesktopWindow
wsprintfA
CharLowerA
DestroyWindow
IsDlgButtonChecked
EnableWindow
SetFocus
GetDlgItem
EndDialog
CheckDlgButton
CreateWindowExA
RegisterWindowMessageA
KillTimer
SetTimer
DefWindowProcA
SetWindowLongA
GetWindowLongA
CharLowerW
CharNextA
CharToOemA
CharUpperA

oleaut32

SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

72:27:1b:f6:8a:f3:ff:cf:07:89:0a:b2:19:eb:6e:6bCertificate

Extended Key Usages

Key Usages

42:3a:16:b2:02:9a:f9:4b:0b:f2:29:0a:85:61:e1:2b:ed:e9:39:62Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 18KB - Virtual size: 17KB

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

b3d296ff6f7abb1319ee006fcc6c4d98

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 990B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

72:27:1b:f6:8a:f3:ff:cf:07:89:0a:b2:19:eb:6e:6b
Certificate

42:3a:16:b2:02:9a:f9:4b:0b:f2:29:0a:85:61:e1:2b:ed:e9:39:62
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 990B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 268KB - Virtual size: 265KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 408KB - Virtual size: 404KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 9KB - Virtual size: 8KB