364ea16ed5d013bb05b81122dd9d8f09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

364ea16ed5d013bb05b81122dd9d8f09_JaffaCakes118
Size

768KB
MD5

364ea16ed5d013bb05b81122dd9d8f09
SHA1

a999e8bafdb561823a9124cf6267dca8679aa9cc
SHA256

f3e454629f88d0d86714abfffb72bc5eb306195838827418890deb36ebd0f508
SHA512

3034bc67377c289ff8540a8c42772aacc3ae3023d76c6405b9b0dcefb1e643b0c04c91cba26619d8fcf04daa36477637e1ae5ab0ebe2069c43febd21d6420a01
SSDEEP

24576:Ze0OeGMN6HiaYUa+JOd4rHngNrvYSxnvYw:qW0HTa+JOaOrYAf

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
364ea16ed5d013bb05b81122dd9d8f09_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/avi.dll.new
unpack001/dsmux.exe.new
unpack001/dxr.dll.new
unpack001/mkunicode.dll.new
unpack001/mkx.dll.new
unpack001/mkzlib.dll.new
unpack001/mp4.dll.new
unpack001/ogm.dll.new
unpack001/splitter.ax.new
unpack001/ts.dll.new

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

364ea16ed5d013bb05b81122dd9d8f09_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73b73e00f465fa1a2a3bf6377a40219b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 242KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/options.ini
avi.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

57cec087d5813e4b8fd491d0180b0018

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
IsDBCSLeadByte
GetModuleFileNameA
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
VirtualAlloc
VirtualProtect
GetProcAddress
DebugBreak
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
TerminateProcess

user32

CharNextA
UnregisterClassA

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
VariantClear
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString

mkunicode

Utf8ToUtf16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsmux.exe.new
.exe windows:4 windows x86 arch:x86

bc991c2913fd69d7fbd2ff61af0c496f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
MultiByteToWideChar
GetConsoleOutputCP
InterlockedExchange
GetStdHandle
GetLastError
GetProcAddress
SetConsoleCtrlHandler
LockResource
GetModuleHandleA
FlushFileBuffers
CloseHandle
CreateFileA
SizeofResource
GetConsoleMode
WideCharToMultiByte
FindResourceExA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
WriteConsoleA
SetStdHandle
GetOEMCP
GetCPInfo
GetConsoleCP
SetFilePointer
LoadLibraryA
Sleep
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WriteFile
WaitForSingleObject
LoadResource
FindResourceA
GetCommandLineW
RaiseException
GetVersionExA
GetLocaleInfoA
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
VirtualQuery
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter

user32

UnregisterClassA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dxr.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

d7a4b21075349be6f165b9ee11867b9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeSetEvent

d3d9

Direct3DCreate9

gdi32

SetBkColor
ExtTextOutA

kernel32

SetThreadAffinityMask
GetLastError
CreateSemaphoreA
WaitForMultipleObjects
WideCharToMultiByte
lstrlenW
InterlockedDecrement
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
InterlockedExchange
lstrcmpiA
GetCurrentProcess
VirtualFree
VirtualAlloc
GetCurrentThreadId
DuplicateHandle
FreeLibrary
LoadLibraryA
DisableThreadLibraryCalls
GetVersionExA
GetModuleFileNameA
GetTickCount
GetProcAddress
GetModuleHandleA
RtlUnwind
GetOEMCP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetSystemInfo
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
VirtualQuery
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
LocalAlloc
RaiseException
SetThreadPriority
CloseHandle
CreateThread
CreateEventA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
EnterCriticalSection
WaitForSingleObject
SetEvent
ReleaseSemaphore
InterlockedIncrement
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetCurrentProcessId

user32

LoadStringA
GetDesktopWindow
LoadStringW
CreateDialogParamA
InvalidateRect
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
ScreenToClient
GetWindowRect
AttachThreadInput
GetWindowThreadProcessId
SetWindowTextA
GetWindowPlacement
IsWindowVisible
GetWindowTextA
SendMessageTimeoutA
MonitorFromWindow
GetWindowLongA
SetWindowLongA
RegisterClassA
LoadCursorA
DestroyWindow
SetParent
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
CreateWindowExA
DefWindowProcA
ValidateRect
SetCursor
GetClassLongA
SendMessageA
GetParent
SetWindowPos
ShowWindow
PostQuitMessage
PostMessageA
KillTimer
SetTimer
ReleaseDC
GetDC
ClientToScreen
GetClientRect
MoveWindow

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegSetValueExW
RegQueryValueExW
RegEnumKeyExA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mkunicode.dll.new
.dll windows:4 windows x86 arch:x86

1da5d5aea5082cc09bfa84c92764c4f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoA
MultiByteToWideChar

Exports

Exports

Utf16ToUtf8
Utf8ToUtf16
iso_code2tocode3
iso_code3tocode2
iso_code3tocode3
iso_codetoname
iso_getentry
iso_getlcid
iso_getsyslang
iso_nametocode3

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mkx.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

15cb52c1ab25fee752fbce948a5392ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
WSAStartup
socket
setsockopt
ioctlsocket
connect
select
__WSAFDIsSet
shutdown
recv
WSASetLastError
htons
getservbyname
htonl
closesocket
WSACleanup
getservbyport
ntohs
gethostbyaddr
inet_ntoa
gethostbyname
WSAGetLastError
send

kernel32

GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
Sleep
HeapFree
VirtualAlloc
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
GetFileSize
GetFileTime
CreateFileA
CreateFileW
VirtualQuery
lstrlenA
FreeLibrary
GetSystemInfo
LoadLibraryA
GetSystemDirectoryA
lstrlenW
lstrcmpiA
VirtualFree
CloseHandle
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
FormatMessageW
FormatMessageA
HeapReAlloc
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
VirtualProtect
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetVersionExA
GetACP
GetLocaleInfoA
HeapSize
lstrcmpA
IsDebuggerPresent
DebugBreak

mkzlib

inflate
inflateReset
inflateInit_
inflateEnd

mkunicode

Utf16ToUtf8
Utf8ToUtf16

user32

UnregisterClassA
CharNextA

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VariantChangeType
SysFreeString

rpcrt4

UuidToStringA
RpcStringFreeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mkzlib.dll.new
.dll windows:4 windows x86 arch:x86

d00b6871a73456b73aee6349abab85fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
inflate
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflatePrime
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mp4.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

ab248a2e35ba59a9052dbb399c1b0ed8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
VirtualAlloc
VirtualProtect
GetProcAddress
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcmpiA
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DebugBreak
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
InterlockedExchange
RtlUnwind

mkunicode

Utf16ToUtf8
Utf8ToUtf16

user32

UnregisterClassA
CharNextA
wsprintfA

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysFreeString
VariantChangeType
SysAllocStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ogm.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

9df4d8ce77f4c360b53ce60c36cdb817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetModuleHandleA
SetThreadLocale
GetThreadLocale
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
lstrcmpiA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualAlloc
SetLastError
lstrcmpA
lstrlenW
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InterlockedExchange
VirtualProtect
GetProcAddress
DebugBreak
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
IsDebuggerPresent

mkunicode

iso_nametocode3
iso_code3tocode3
Utf8ToUtf16

user32

CharUpperBuffA
wvsprintfA
CharNextA
UnregisterClassA

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VariantChangeType
SysStringLen
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
splitter.ax.new
.dll regsvr32 windows:4 windows x86 arch:x86

cfc9e1f79caeff50e52f64ab070ae37b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

InitCommonControlsEx

gdi32

DeleteDC
GdiFlush
SetTextColor
SetTextAlign
BitBlt
AddFontResourceA
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateFontA
GetDeviceCaps
GetTextMetricsA
SetBkColor
SetBkMode
CreateDCA
RemoveFontResourceA
ExtTextOutA

kernel32

WaitForMultipleObjects
HeapAlloc
WaitForSingleObject
WideCharToMultiByte
FindResourceA
lstrlenA
LoadResource
FindResourceExA
SizeofResource
MultiByteToWideChar
lstrlenW
InterlockedExchange
GetLastError
lstrcmpiA
LockResource
GetModuleFileNameA
GetVersion
GetCurrentProcessId
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
GetSystemTime
SystemTimeToFileTime
SetFilePointer
ReadFile
CreateThread
VirtualFree
VirtualAlloc
CreateFileW
SetEndOfFile
SetThreadPriority
GetCurrentThread
SetThreadAffinityMask
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
MulDiv
GetTickCount
FindFirstFileA
HeapFree
FindClose
LoadLibraryA
FreeLibrary
FormatMessageA
GetCurrentProcess
InterlockedDecrement
GetSystemInfo
DuplicateHandle
DisableThreadLibraryCalls
GetVersionExA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
Sleep
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
RtlUnwind
GetCommandLineA
VirtualQuery
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
RaiseException
HeapDestroy
CreateEventA
HeapCreate
InterlockedIncrement
CloseHandle
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
WriteConsoleW
FlushFileBuffers
FindNextFileA

mkzlib

deflate
deflateReset
deflateBound
deflateInit_
deflateEnd
crc32

mkunicode

Utf16ToUtf8
iso_getsyslang
iso_codetoname
Utf8ToUtf16
iso_getentry
iso_getlcid

user32

CreatePopupMenu
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
RegisterClassA
CreateWindowExA
GetSystemMetrics
DefWindowProcA
PostQuitMessage
LoadIconA
SetForegroundWindow
GetCursorPos
TrackPopupMenu
InvalidateRect
CreateDialogParamA
UnregisterClassA
LoadStringA
AppendMenuA
GetMenuItemCount
CheckMenuRadioItem
DestroyMenu
GetDesktopWindow
LoadStringW
DestroyWindow
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
PostMessageA
RegisterWindowMessageA
CallWindowProcA
EndPaint
BeginPaint
RedrawWindow
GetDC
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
SetWindowLongA
GetWindowLongA
KillTimer
SetTimer
ShowWindow
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
SendDlgItemMessageA
GetSysColor
SendMessageA
GetDlgItem
ReleaseDC

advapi32

RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegSetValueA
RegEnumKeyExA

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries

shell32

Shell_NotifyIconA

oleaut32

SafeArrayGetLBound
VariantChangeType
SysFreeString
OleLoadPicture
SafeArrayCreate
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
VarBstrCmp
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocString
VariantInit
OleCreatePropertyFrame

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidFromStringA

Exports

Exports

Configure
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
HookDebugOutput

Sections

.text
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ts.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

cb335c6afc3cd3451c2ef0e098ff8f21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
EnterCriticalSection
LockResource
DeleteCriticalSection
FreeLibrary
IsDBCSLeadByte
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
InterlockedExchange
RaiseException
lstrlenW
MultiByteToWideChar
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
FindResourceExA
VirtualQuery
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
GetProcAddress
DebugBreak
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
GetVersionExA
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadResource
lstrlenA
FindResourceA
GetSystemTimeAsFileTime

mkunicode

Utf8ToUtf16

user32

wvsprintfA
UnregisterClassA
CharNextA

advapi32

RegQueryValueExW
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExW
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
VariantInit
VarUI4FromStr
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73b73e00f465fa1a2a3bf6377a40219b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

�� Size: 242KB - Virtual size: 244KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

7d85f9c30f9e87a65fff848de2c96ac1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

57cec087d5813e4b8fd491d0180b0018

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

mkunicode

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 376B

.reloc Size: 2KB - Virtual size: 2KB

bc991c2913fd69d7fbd2ff61af0c496f

Headers

File Characteristics

Imports

kernel32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

��
Size: 242KB - Virtual size: 244KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 376B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 12KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 158B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB