37a52b6172c338b4444c73daef95446b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37a52b6172c338b4444c73daef95446b_JaffaCakes118
Size

1.1MB
MD5

37a52b6172c338b4444c73daef95446b
SHA1

8123ec3df0a593519b91687b7f0d24014d2a10bd
SHA256

d7f16910423f47d3e6c6268b63dcca01bc0822bb918de56118cdf7ad9aa82433
SHA512

26d2a039866f65de17f292c27f7c82bc8d6ad9c99ac720a30cf06cd3d5e0ca0c5a93d999f8606cf21d78990c7a50e104c9a46b7e9b0ec24468823e106c485625
SSDEEP

24576:0iZBy2VgqsRGXI4r4haRK1EANumQqBTnBJcV6jBDlHbynreV:0iZB+q6jFQRrcR9lHbyn6V

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hjzg_2678.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$SYSDIR/hjjm.dll
unpack002/hjzg.exe
unpack002/uninst.exe
unpack002/update.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/hjzg_2678.exe	nsis_installer_1
static1/unpack001/hjzg_2678.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

37a52b6172c338b4444c73daef95446b_JaffaCakes118
.rar
hjzg_2678.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/hjjm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f4fe55365e41f3220ab49f7351fb39c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
CreateEventA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
LocalFree
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcpynA
GetVersion
MulDiv
GlobalFlags
GetCurrentDirectoryA
SetLastError
GetModuleHandleA
GetLastError
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
GlobalLock
FindResourceA
GetProcessVersion
DuplicateHandle
GetCurrentProcess
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetCPInfo
GetOEMCP
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
CreateThread
ExitThread
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
RaiseException
HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
FatalAppExitA
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
InitializeCriticalSection
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetVersionExA
GetSystemDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
LoadResource

user32

GetDlgItemInt
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
GetWindowTextLengthA
SetWindowLongA
MoveWindow
SetWindowPos
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
GetDlgItem
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
CheckDlgButton
CheckRadioButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
DeferWindowPos
GetDesktopWindow
SetForegroundWindow
ShowWindow
wsprintfA
CharNextA
GetWindowLongA

advapi32

RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
DragAcceptFiles

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject

oleaut32

LoadRegTypeLi
SysAllocStringLen
VariantCopy
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VariantClear
VariantChangeType

shlwapi

SHDeleteKeyA

comctl32

ord17

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

gdi32

SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SelectPalette
GetCurrentPositionEx
Escape
SetBkMode
TextOutA
RectVisible
PtVisible
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
DeleteDC
DeleteObject
ExtCreatePen
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
ExtTextOutA
SetBkColor
SetMapperFlags
GetDCOrgEx
GetObjectA
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetFileTitleA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
888.ico
help/WS_FTP.LOG
help/about1.htm
.html
help/aboutme.htm
.html
help/anzhuang.htm
.html
help/cipan.htm
.html
help/help/images/WS_FTP.LOG
help/help/images/arrow_02.gif
.gif
help/help/images/cipan.bmp
help/help/images/cipan2.bmp
help/help/images/cipan3.bmp
help/help/images/ddd.bmp
help/help/images/gg.PNG
.png
help/help/images/gg2.PNG
.png
help/help/images/hjtools.png
.png
help/help/images/i_bg.gif
.gif
help/help/images/i_kbot.gif
.gif
help/help/images/i_ktop.gif
.gif
help/help/images/imqq4_footer_02.gif
.gif
help/help/images/imqq4_logo.gif
.gif
help/help/images/imqq4_top01_03.gif
.gif
help/help/images/imqq4_top02_06.gif
.gif
help/help/images/index.1.jpg
.jpg
help/help/images/index_splash.png
.png
help/help/images/jia_passwd.bmp
help/help/images/jiami.bmp
help/help/images/jiami2.JPG
.jpg
help/help/images/jiemi.bmp
help/help/images/left_01.gif
.gif
help/help/images/left_03.gif
.gif
help/help/images/left_04.gif
.gif
help/help/images/left_04_aw.gif
.gif
help/help/images/left_06.gif
.gif
help/help/images/left_06_aw.gif
.gif
help/help/images/left_bg_02.gif
.gif
help/help/images/left_line_01.gif
.gif
help/help/images/logo.gif
.gif
help/help/images/right_top_03.gif
.gif
help/help/images/weizhuang.bmp
help/huanjing.htm
.html
help/index.htm
.html
help/jiami.htm
.html
help/jiemi.htm
.html
help/lqa.htm
.html
help/qa.htm
.html
help/set.htm
.html
help/sousuo.htm
.html
help/support.htm
.html
help/weizhuang.htm
.html
help/xieyi.htm
.html
help/xiezai.htm
.html
help/ģ.htm
.html .js polyglot
hjtools_menu.dll.ico
hjzg.exe
.exe windows:4 windows x86 arch:x86

cdac3a7c53a4e2ad96889e782ee6c914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlA
InternetSetOptionExA
InternetQueryDataAvailable
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
DeleteUrlCacheEntry
InternetCrackUrlA
HttpOpenRequestA

kernel32

GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
GetTickCount
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetProcessHeap
GetStartupInfoA
RaiseException
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
SetHandleCount
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LocalAlloc
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetCurrentProcessId
lstrcmpA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedDecrement
GetModuleFileNameW
GlobalLock
GlobalUnlock
MulDiv
TerminateProcess
GlobalAlloc
GlobalFree
GetTempPathA
GetVersionExA
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
CloseHandle
CompareStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
SetLastError
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
GetLastError
FormatMessageA
LocalFree
MoveFileA
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
WideCharToMultiByte
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
LCMapStringA

user32

RegisterClipboardFormatA
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
SetRect
CopyAcceleratorTableA
DestroyMenu
GetMenuItemInfoA
UnregisterClassA
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
ReleaseCapture
SetCursor
SetCapture
SetWindowRgn
IsRectEmpty
WaitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MapDialogRect
GetAsyncKeyState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
InflateRect
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
SetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
IntersectRect
IsIconic
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
TabbedTextOutA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
FindWindowA
SetWindowLongA
GetCursorPos
LoadMenuA
GetSubMenu
TrackPopupMenu
PostQuitMessage
SetWindowContextHelpId
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetForegroundWindow
InvalidateRgn
GetActiveWindow
GetKeyState
SetForegroundWindow
GetParent
OffsetRect
IsWindowVisible
ShowWindow
DestroyIcon
SystemParametersInfoA
GetFocus
KillTimer
CharUpperA
LoadIconA
GetIconInfo
GetSysColorBrush
LoadCursorA
ReleaseDC
GetDC
IsWindow
SetTimer
SetWindowPos
GetDlgItem
SendMessageA
FillRect
GetSystemMetrics
EnableWindow
GetSysColor
DrawTextA
InvalidateRect
GetClientRect
GetWindowRect
DrawIcon
GetWindow
GetScrollRange
GetDesktopWindow

gdi32

CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
ExtTextOutA
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetTextExtentPoint32A
GetRgnBox
CreateCompatibleBitmap
GetBkColor
GetTextColor
EnumFontFamiliesExA
TextOutA
RectVisible
PtVisible
BitBlt
GetWindowExtEx
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreatePalette
CreateFontA
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetPixel
GetObjectA
RealizePalette
GetDeviceCaps
Escape

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA
DragFinish
DragQueryFileA
ShellExecuteExA

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
OleCreateFontIndirect
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen

urlmon

URLDownloadToFileA

ws2_32

recvfrom
sendto
connect
WSASetLastError
WSAGetLastError
bind
inet_addr
htons
htonl
gethostbyname
select
socket
accept
closesocket
WSACleanup
WSAStartup
recv
send
WSAAsyncSelect

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mengku_ft.dat
mengku_ft_tree.dat
mengku_gb.dat
mengku_gb_tree.dat
param.ini
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
update.exe
.exe windows:4 windows x86 arch:x86

466f63bb96b599a59a72dfc20d5f02de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
ExitProcess
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetACP
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
OpenProcess
TerminateProcess
GetPrivateProfileStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
DeleteFileA
CopyFileA
GetTempPathA
GetModuleFileNameA
GetSystemDirectoryA
GetVersionExA
GetCurrentProcess
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
InterlockedExchange

user32

DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBeep
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
ReleaseCapture
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PeekMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
LoadIconA
EnableWindow
KillTimer
GetClientRect
IsIconic
SendMessageA
DrawIcon
ExitWindowsEx
CharUpperA
AdjustWindowRectEx

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen

ws2_32

WSACleanup
WSAStartup

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetCrackUrlA
InternetSetOptionExA
InternetCanonicalizeUrlA

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

f4fe55365e41f3220ab49f7351fb39c0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

gdi32

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 25KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

cdac3a7c53a4e2ad96889e782ee6c914

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 25KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 56KB - Virtual size: 55KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 152KB - Virtual size: 149KB