380ac3b3593ab17c1efc15396ee7c5b6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

380ac3b3593ab17c1efc15396ee7c5b6_JaffaCakes118
Size

7.4MB
MD5

380ac3b3593ab17c1efc15396ee7c5b6
SHA1

d1355dacab46f850607d6278fdd937228ce0c765
SHA256

f3ea29a2811f839ca72b82e3ccf19bdb83ec25818cbe16e61a6f2f152436a03d
SHA512

24cb25bbf93e5126042cd50cda723ff48d7d395fe990d113e50df11ab88dd72e9a7a6a7c774d0c9fb5c47fd378eaff2fde5140e9d02b650a7ce04a86beae3e8f
SSDEEP

196608:yuG0h/97aUNL8TRcpz4Xeq+1/XRXT8qhq:y1CVaUNwccA1R8qQ

Score

7^/10

vmprotect upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Agbot.Package/killSRO.exe	upx

VMProtect packed file 7 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Agbot.Package/HackshieldStuff/HsServer/MediaPatcher.exe	vmprotect
static1/unpack001/Agbot.Package/HackshieldStuff/HsServer/ProjectHsBypass1.4.exe	vmprotect
static1/unpack001/Agbot.Package/MediaPatcher.exe	vmprotect
static1/unpack001/Agbot.Package/ProjectHsBypass1.4.exe	vmprotect
static1/unpack001/Agbot.Package/agbot.exe	vmprotect
static1/unpack001/Agbot.Package/mc65.exe	vmprotect
static1/unpack001/Agbot.Package/nuConnector1.3.exe	vmprotect

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack004/out.upx	autoit_exe

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Agbot.Package/HackshieldStuff/HsServer/MediaPatcher.exe
unpack001/Agbot.Package/HackshieldStuff/HsServer/ProjectHsBypass1.4.exe
unpack001/Agbot.Package/HackshieldStuff/edxSilkroadLoader5.exe
unpack003/KoreanCaptchaGenerator.exe
unpack003/edxSilkroadDll5.dll
unpack003/edxSilkroadLoader5.exe
unpack001/Agbot.Package/MediaPatcher.exe
unpack001/Agbot.Package/ProjectHsBypass1.4.exe
unpack001/Agbot.Package/agbot.exe
unpack001/Agbot.Package/edxSilkroadDll5.dll
unpack001/Agbot.Package/killSRO.exe
unpack004/out.upx
unpack001/Agbot.Package/mc18.exe
unpack001/Agbot.Package/mc65.exe
unpack001/Agbot.Package/nuConnector1.3.exe
unpack001/Agbot.Package/sound/sndrec32.exe
unpack001/Agbot.Package/uxtheme.dll
unpack001/Agbot.Package/zlib.dll

Files

380ac3b3593ab17c1efc15396ee7c5b6_JaffaCakes118
.zip
Agbot.Package/COMCTL32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_SetOverlayImage
ImageList_DrawEx
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
ord16
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_Remove

kernel32

lstrcmpA
GetProcAddress
GlobalSize
CloseHandle
GetFileSize
ReadFile
lstrcmpiA
IsDBCSLeadByte
lstrcmpiW
LockResource
FindResourceA
LoadResource
GetWindowsDirectoryA
GetLastError
GetLocaleInfoA
OpenFile
MultiByteToWideChar
lstrcatA
DisableThreadLibraryCalls
GetVersion
GetProcessHeap
GetDateFormatA
GetLocalTime
GetTimeFormatA
GetModuleFileNameA
GetCurrentThreadId
LoadLibraryA
GlobalUnlock
GlobalAlloc
GlobalLock
CompareStringA
GlobalFree
GetVersionExA
lstrlenA
lstrcpyA
IsBadReadPtr
HeapReAlloc
lstrcpynA
IsBadWritePtr
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
InterlockedIncrement
HeapAlloc
lstrlenW
LeaveCriticalSection
EnterCriticalSection

user32

IsWindowVisible
EndPaint
BeginPaint
MoveWindow
CharUpperA
IntersectRect
MessageBeep
SetCursor
EndDialog
RedrawWindow
GetMessagePos
CreateAcceleratorTableA
VkKeyScanA
PeekMessageA
PeekMessageW
SetWindowRgn
RegisterWindowMessageA
RegisterClipboardFormatA
SetCursorPos
OffsetRect
EqualRect
IsChild
GetWindowTextA
SetCapture
GetCursorPos
ScreenToClient
PostMessageA
DrawEdge
GetSysColor
wsprintfA
FillRect
InflateRect
DrawTextA
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetParent
GetAsyncKeyState
SetWindowLongA
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetActiveWindow
CreateDialogIndirectParamA
IsDialogMessageA
GetNextDlgTabItem
GetWindow
CharNextA
SetParent
InvalidateRect
UpdateWindow
UnregisterClassA
MessageBoxA
SetWindowsHookExA
SetTimer
KillTimer
CheckRadioButton
CallNextHookEx
SetActiveWindow
DestroyIcon
SetFocus
DrawIcon
UnionRect
DialogBoxParamA
PtInRect
LoadCursorA
GetWindowDC
SetRect
IsRectEmpty
GetDC
ReleaseDC
GetClipboardFormatNameA
ClientToScreen
PostMessageW
FrameRect
GetClientRect
CallWindowProcA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
LoadIconA
GetSystemMetrics
CopyImage
MapDialogRect
GetWindowLongA
SetWindowPos
GetFocus
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetDlgItemInt
GetDlgItemInt
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
LoadStringA
DefWindowProcA
SendMessageA
ShowWindow
WinHelpA
UnhookWindowsHookEx

ole32

CreateStreamOnHGlobal
RevokeDragDrop
CreateOleAdviseHolder
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
DoDragDrop
ReleaseStgMedium
OleLoadFromStream
OleSaveToStream

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayRedim
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
GetErrorInfo
OleCreateFontIndirect
CreateErrorInfo
SetErrorInfo
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
LoadRegTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
OleCreatePictureIndirect
VariantCopyInd
OleTranslateColor
VariantChangeType
SysFreeString
SysStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

GetNearestColor
CreatePalette
LPtoDP
GetWindowExtEx
GetBitmapBits
TextOutA
CreateDIBitmap
RealizePalette
GetViewportExtEx
SelectPalette
GetPaletteEntries
GetDIBits
CopyEnhMetaFileA
CreateICA
CopyMetaFileA
StretchBlt
Rectangle
GetObjectA
SetBkColor
CreateDCA
CreateRectRgn
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
SetWindowExtEx
SetMapMode
SetViewportExtEx
CreateSolidBrush
GetDeviceCaps
SelectObject
ExcludeClipRect
GetClipRgn
SelectClipRgn
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateBitmap
GetStockObject
GetTextExtentPoint32A

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/CloseSro.bat
Agbot.Package/HackshieldStuff/HsServer/MediaPatcher.exe
.exe windows:4 windows x86 arch:x86

4dd9bde8ec329ace3bf646dfe9d45c1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/HackshieldStuff/HsServer/ProjectHsBypass1.4.exe
.exe windows:4 windows x86 arch:x86

fd7857e50f1dcabee5dfd00d52930c0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI4

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/HackshieldStuff/HsServer/readme.txt
Agbot.Package/HackshieldStuff/HsServer/readme2.txt
Agbot.Package/HackshieldStuff/HsServer/sv.reg
Agbot.Package/HackshieldStuff/ProxyServer.zip
.zip
jsocks.jar
.jar .js polyglot
readme.txt
socks.properties
src/SOCKS.java
.java .js
src/SocksEcho.gif
.gif
src/SocksEcho.java
.java .js
src/socks.properties
src/socks/Authentication.java
src/socks/AuthenticationNone.java
src/socks/InetRange.java
.java .js
src/socks/Proxy.java
.java .js
src/socks/ProxyMessage.java
src/socks/ProxyServer.java
.java .js
src/socks/Socks4Message.java
.java .js
src/socks/Socks4Proxy.java
src/socks/Socks5DatagramSocket.java
.java .js
src/socks/Socks5Message.java
.java .js
src/socks/Socks5Proxy.java
.java .js
src/socks/SocksDialog.java
.java .js
src/socks/SocksException.java
src/socks/SocksServerSocket.java
.java .js
src/socks/SocksSocket.java
.java .js
src/socks/UDPEncapsulation.java
src/socks/UDPRelayServer.java
.java .js
src/socks/UserPasswordAuthentication.java
src/socks/server/Ident.java
.java .js
src/socks/server/IdentAuthenticator.java
src/socks/server/ServerAuthenticator.java
src/socks/server/ServerAuthenticatorNone.java
src/socks/server/UserPasswordAuthenticator.java
src/socks/server/UserValidation.java
src/test/Echo.java
.java .js
src/test/SocksTest.java
.java .js
src/test/SocksUDPEcho.java
.java .js
src/test/TestClient.java
.java .js
src/test/TestServer.java
.java .js
src/test/TestService.java
.java .js
src/test/UDPEcho.java
.java .js
src/test/UPSOCKS.java
start.bat
Agbot.Package/HackshieldStuff/edxSilkroadLoader5.exe
.exe windows:5 windows x86 arch:x86

5ac5b10a1b2e5f498e7377cfe149d268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Drew Benton\Desktop\Desktop\edxSilkroadLoader5_0_3c\src\Release\edxSilkroadLoader5.pdb

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
IsBadReadPtr
ReadProcessMemory
FlushInstructionCache
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
CreateFileMappingA
CloseHandle
WriteProcessMemory
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
ResumeThread
CreateDirectoryA
SetCurrentDirectoryA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
GetStdHandle
CreateProcessA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
ReadFile
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetModuleFileNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

DestroyWindow
GetMessageA
CreateDialogParamA
PostQuitMessage
SetForegroundWindow
GetWindowTextLengthA
SendMessageA
TranslateMessage
GetWindowTextA
MessageBoxA
GetDlgItem
ShowWindow
PostMessageA
DispatchMessageA
SetWindowTextA
UpdateWindow
FindWindowA
IsDialogMessageA

comdlg32

GetOpenFileNameA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/HackshieldStuff/edxSilkroadLoader5_0_3d.zip
.zip
KoreanCaptchaGenerator.exe
.exe windows:5 windows x86 arch:x86

b71439877d54d3e141e82669503c11d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\pushedx\Documents\Visual Studio 2008\Projects\edxKRCaptchaGen\Release\edxKRCaptchaGen.pdb

Imports

kernel32

WideCharToMultiByte
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetModuleHandleA

user32

DestroyWindow
GetMessageA
CreateDialogParamA
PostQuitMessage
SetForegroundWindow
SendMessageA
IsDialogMessageA
TranslateMessage
MessageBoxA
GetDlgItem
DispatchMessageA
SetWindowTextA
FindWindowA

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edxSilkroadDll5.dll
.dll windows:5 windows x86 arch:x86

8e029a776a4272f86113d95f4cf23afc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Drew Benton\Desktop\Desktop\edxSilkroadLoader5_0_3c\src\Release\edxSilkroadDll5.pdb

Imports

kernel32

GetCurrentProcess
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentThread
VirtualFreeEx
OpenThread
GetModuleFileNameA
CreateMutexA
GetCurrentThreadId
CreateFileA
FlushInstructionCache
GetProcAddress
VirtualProtect
CloseHandle
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
AllocConsole
FreeConsole
SetConsoleTitleA
GetStdHandle
CreateThread
GetLastError
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
VirtualAlloc
SuspendThread
SetLastError
SetFilePointer
WriteFile
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
LoadLibraryA
CreateDirectoryA
TerminateThread
GetTickCount
FreeLibrary
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
ExitProcess
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
HeapSize
FlushFileBuffers
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
SetStdHandle
GetFileType
ReadFile
GetCommandLineA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
GetConsoleCP
GetConsoleMode

user32

CreateWindowExA
ShowWindow
GetWindowTextA
TranslateMessage
DispatchMessageA
SetWindowTextA
MessageBoxA
GetDlgItem
GetActiveWindow
GetMessageA
CreateDialogParamA
GetClientRect
GetWindowTextLengthA
SendMessageA
IsDialogMessageA

gdi32

CreateFontA
DeleteObject

shell32

SHGetSpecialFolderPathA
ShellExecuteA

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
bind
WSACleanup
ntohs
htons
WSAStartup
inet_ntoa
connect

Exports

Exports

Initialize

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edxSilkroadLoader5.exe
.exe windows:5 windows x86 arch:x86

5ac5b10a1b2e5f498e7377cfe149d268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Drew Benton\Desktop\Desktop\edxSilkroadLoader5_0_3c\src\Release\edxSilkroadLoader5.pdb

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
IsBadReadPtr
ReadProcessMemory
FlushInstructionCache
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
CreateFileMappingA
CloseHandle
WriteProcessMemory
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
ResumeThread
CreateDirectoryA
SetCurrentDirectoryA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
GetStdHandle
CreateProcessA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
ReadFile
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetModuleFileNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

DestroyWindow
GetMessageA
CreateDialogParamA
PostQuitMessage
SetForegroundWindow
GetWindowTextLengthA
SendMessageA
TranslateMessage
GetWindowTextA
MessageBoxA
GetDlgItem
ShowWindow
PostMessageA
DispatchMessageA
SetWindowTextA
UpdateWindow
FindWindowA
IsDialogMessageA

comdlg32

GetOpenFileNameA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
screens/Thumbs.db
screens/imagecode1.png
.png
screens/imagecode2.png
.png
screens/imagecode3.png
.png
src/Common/ConfigFile.cpp
src/Common/ConfigFile.h
src/Common/Console.cpp
src/Common/Console.h
src/Common/CreateDirectoryRecursive.cpp
src/Common/CreateDirectoryRecursive.h
src/Common/FileChooser.cpp
src/Common/FileChooser.h
src/Common/GetCommonDirectory.cpp
src/Common/GetCommonDirectory.h
src/Common/PK2Reader.cpp
src/Common/PK2Reader.h
src/Common/Silkroad.cpp
.js
src/Common/Silkroad.h
src/Common/blowfish.cpp
src/Common/blowfish.h
src/Common/common.cpp
src/Common/common.h
src/Common/detours/creatwth.cpp
src/Common/detours/detours.cpp
src/Common/detours/detours.h
src/Common/detours/disasm.cpp
src/Common/detours/image.cpp
src/Common/detours/modules.cpp
src/Common/shared_io.cpp
.js
src/Common/shared_io.h
src/Common/shared_types.h
src/edxSilkroadDll5/Analyzer.cpp
src/edxSilkroadDll5/Analyzer.h
src/edxSilkroadDll5/edxSilkroadDll5.aps
src/edxSilkroadDll5/edxSilkroadDll5.cpp
src/edxSilkroadDll5/edxSilkroadDll5.rc
src/edxSilkroadDll5/edxSilkroadDll5.vcproj
.xml
src/edxSilkroadDll5/resource.h
src/edxSilkroadLoader5.sln
src/edxSilkroadLoader5.suo
src/edxSilkroadLoader5/edxSilkroadLoader5.aps
src/edxSilkroadLoader5/edxSilkroadLoader5.cpp
src/edxSilkroadLoader5/edxSilkroadLoader5.rc
src/edxSilkroadLoader5/edxSilkroadLoader5.vcproj
.xml
src/edxSilkroadLoader5/resource.h
version.txt
Agbot.Package/HackshieldStuff/readme.txt
Agbot.Package/IgnoreChat.txt
Agbot.Package/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/MSSTDFMT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

76114d56c8c1282d8a004aefa0d9031b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

98:7f:05:32:32:58:07:5a:cc:c8:5b:9c:96:82:33:c7:94:b4:10:a0
Signer

Actual PE Digest

98:7f:05:32:32:58:07:5a:cc:c8:5b:9c:96:82:33:c7:94:b4:10:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoW
FreeLibrary
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetVersion
GetFileAttributesA
lstrcatA
GetModuleFileNameA
IsDBCSLeadByte
MultiByteToWideChar
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesA
lstrcpynA
EnumDateFormatsA
CompareStringA
lstrcmpA
EnumTimeFormatsA
lstrlenA
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetLocaleInfoA
GetProcessHeap
GetThreadLocale
HeapFree
HeapReAlloc
lstrcpyA
GetSystemTime
lstrcmpiA
WideCharToMultiByte
lstrlenW

user32

ReleaseCapture
SetCapture
CallWindowProcA
PtInRect
GetFocus
InvalidateRect
MessageBoxA
GetDlgItemTextA
GetCapture
EqualRect
ShowWindow
SetDlgItemTextA
GetWindowRect
SetParent
SetWindowLongA
CharNextA
GetDC
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
SetWindowRgn
IntersectRect
GetActiveWindow
OffsetRect
ClientToScreen
BeginPaint
MoveWindow
SetFocus
SetWindowPos
GetClientRect
EndPaint
CreateWindowExA
GetDlgItemInt
RegisterClassA
GetWindowLongA
CreateDialogIndirectParamA
IsDlgButtonChecked
IsWindowEnabled
GetKeyState
IsChild
IsDialogMessageA
GetNextDlgTabItem
GetWindow
LoadStringA
WinHelpA
SetDlgItemInt
ScrollWindowEx
wsprintfA
SendMessageA
SendDlgItemMessageA
GetDlgItem
EnableWindow
IsWindowVisible
GetParent
DefWindowProcA

ole32

CreateOleAdviseHolder
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SystemTimeToVariantTime
OleLoadPicture
RegisterTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantChangeType
VariantChangeTypeEx
SafeArrayDestroy
SysAllocStringLen
VariantInit
SysReAllocStringLen
SysAllocString
SysStringLen
VariantCopy
SysFreeString
VariantClear
OleCreatePropertyFrame

gdi32

SetMapMode
LPtoDP
DeleteDC
SetWindowOrgEx
SetViewportOrgEx
CreateDCA
SetViewportExtEx
GetDeviceCaps
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/MediaPatcher.exe
.exe windows:4 windows x86 arch:x86

4dd9bde8ec329ace3bf646dfe9d45c1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord516

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/ProjectHsBypass1.4.exe
.exe windows:4 windows x86 arch:x86

fd7857e50f1dcabee5dfd00d52930c0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI4

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

f879ec87b93340bacfa917edf4e1aee5

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragFinish
DragQueryFileA

oledlg

ord1

kernel32

GlobalSize
GlobalUnlock
lstrcmpA
GetVersionExA
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetProcAddress
LoadResource
LockResource
HeapReAlloc
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

GetClipboardFormatNameA
PeekMessageW
ScreenToClient
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
LoadCursorA
SetCursor
SetFocus
CreateDialogIndirectParamA
SetCursorPos
MapWindowPoints
FillRect
PostMessageA
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
EnableMenuItem
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
DispatchMessageA
TranslateMessage
WindowFromDC
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
MoveWindow
SetParent
BeginPaint
EndPaint
GetMenuItemCount
IsWindowVisible
DeleteMenu
IntersectRect
ShowWindow
SetWindowRgn
GetDlgItemTextA
EqualRect
GetDlgItemInt
SetWindowPos
GetWindowRect
SetWindowLongA
DestroyWindow
GetActiveWindow
UnregisterClassA
RemoveMenu
LoadMenuA
GetSubMenu
GetParent
DestroyMenu
GetFocus
IsWindow
DefWindowProcA
GetClientRect
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
OffsetRect
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegOpenKeyExA

oleaut32

SafeArrayCopy
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
VariantCopy
CreateErrorInfo
VariantCopyInd
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SafeArrayPutElement
GetErrorInfo
SafeArrayCreate
LoadRegTypeLi
OleLoadPicture
OleCreatePictureIndirect
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
SysStringLen
SysAllocString
VariantInit
VariantChangeType
VariantClear
OleTranslateColor
SafeArrayRedim

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
StretchBlt
PatBlt
GetObjectType
GetBitmapBits
CreateDIBitmap
CreatePalette
SelectPalette
RealizePalette
GetObjectA
GetPaletteEntries
GetStockObject
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateBitmap
LPtoDP
GetWindowExtEx
CreateDCA
CreateRectRgnIndirect
SetBkColor
GetViewportExtEx
GetClipBox
SetWindowExtEx
IntersectClipRect
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
EndDoc
EndPage
DeleteDC
StartDocA
DPtoLP
StartPage
SetViewportOrgEx
SetMapMode
SetWindowOrgEx
GetMapMode
GetDeviceCaps
CreateICA
CreateCompatibleDC

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/ServerList.txt
Agbot.Package/acc.cfg
Agbot.Package/agbot.exe
.exe windows:4 windows x86 arch:x86

2cc0914792a83a5ebdd29467bc501e14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaAryMove

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/data/Item.txt
Agbot.Package/data/MOpt.txt
Agbot.Package/data/Mobs.txt
Agbot.Package/data/Skill.txt
Agbot.Package/data/nleveldata.txt
Agbot.Package/data/npcdata.txt
Agbot.Package/data/nteleportbuilding.txt
Agbot.Package/data/nteleportdata.txt
Agbot.Package/datar/Item.txt
Agbot.Package/datar/MOpt.txt
Agbot.Package/datar/Mobs.txt
Agbot.Package/datar/Skill.txt
Agbot.Package/datar/nleveldata.txt
Agbot.Package/datar/npcdata.txt
Agbot.Package/datar/nteleportbuilding.txt
Agbot.Package/datar/nteleportdata.txt
Agbot.Package/edxSilkroadDll5.dll
.dll windows:5 windows x86 arch:x86

8e029a776a4272f86113d95f4cf23afc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Drew Benton\Desktop\Desktop\edxSilkroadLoader5_0_3c\src\Release\edxSilkroadDll5.pdb

Imports

kernel32

GetCurrentProcess
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentThread
VirtualFreeEx
OpenThread
GetModuleFileNameA
CreateMutexA
GetCurrentThreadId
CreateFileA
FlushInstructionCache
GetProcAddress
VirtualProtect
CloseHandle
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
AllocConsole
FreeConsole
SetConsoleTitleA
GetStdHandle
CreateThread
GetLastError
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
VirtualAlloc
SuspendThread
SetLastError
SetFilePointer
WriteFile
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
LoadLibraryA
CreateDirectoryA
TerminateThread
GetTickCount
FreeLibrary
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
ExitProcess
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
HeapSize
FlushFileBuffers
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
SetStdHandle
GetFileType
ReadFile
GetCommandLineA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
GetConsoleCP
GetConsoleMode

user32

CreateWindowExA
ShowWindow
GetWindowTextA
TranslateMessage
DispatchMessageA
SetWindowTextA
MessageBoxA
GetDlgItem
GetActiveWindow
GetMessageA
CreateDialogParamA
GetClientRect
GetWindowTextLengthA
SendMessageA
IsDialogMessageA

gdi32

CreateFontA
DeleteObject

shell32

SHGetSpecialFolderPathA
ShellExecuteA

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
bind
WSACleanup
ntohs
htons
WSAStartup
inet_ntoa
connect

Exports

Exports

Initialize

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/killSRO.au3
Agbot.Package/killSRO.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Agbot.Package/mc18.exe
.exe windows:5 windows x86 arch:x86

8f742d2708a5d82f47f0a23fae50b315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\Downloads\edxSilkroadLoader5_0_3d\src\Release\eLoa.pdb

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
IsBadReadPtr
ReadProcessMemory
FlushInstructionCache
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
CreateFileMappingA
CloseHandle
ResumeThread
GetFullPathNameA
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetStdHandle
CreateDirectoryA
GetCurrentDirectoryA
WriteProcessMemory
CreateProcessA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
WriteFile
GetModuleFileNameA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

user32

MessageBoxA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/mc65.exe
.exe windows:5 windows x86 arch:x86

9afe4c19c34a5a09f8cba8810a00463e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/navmesh/107E534O.dat
Agbot.Package/navmesh/112F14GC.dat
Agbot.Package/navmesh/122F317M.dat
Agbot.Package/navmesh/123B626Q.dat
Agbot.Package/navmesh/124D217R.dat
Agbot.Package/navmesh/124F311J.dat
Agbot.Package/navmesh/128B517E.dat
Agbot.Package/navmesh/146G522N.dat
Agbot.Package/navmesh/148A235O.dat
Agbot.Package/navmesh/151B742N.dat
Agbot.Package/navmesh/157C236K.dat
Agbot.Package/navmesh/158C612E.dat
Agbot.Package/navmesh/163F727B.dat
Agbot.Package/navmesh/165G262Q.dat
Agbot.Package/navmesh/171E53DF.dat
Agbot.Package/navmesh/173F451N.dat
Agbot.Package/navmesh/176G711M.dat
Agbot.Package/navmesh/1B6F124Q.dat
Agbot.Package/navmesh/1B8E654H.dat
Agbot.Package/navmesh/1D6A241M.dat
Agbot.Package/navmesh/1E3C169G.dat
Agbot.Package/navmesh/1E6E169Q.dat
Agbot.Package/navmesh/1F1F264C.dat
Agbot.Package/navmesh/1F3B54AH.dat
Agbot.Package/navmesh/1F3E324E.dat
Agbot.Package/navmesh/1F6A14AM.dat
Agbot.Package/navmesh/1F8B12AI.dat
Agbot.Package/navmesh/1G4F128A.dat
Agbot.Package/navmesh/1G6C454M.dat
Agbot.Package/navmesh/221G657Q.dat
Agbot.Package/navmesh/222C16DS.dat
Agbot.Package/navmesh/224C467F.dat
Agbot.Package/navmesh/228G167G.dat
Agbot.Package/navmesh/248C432R.dat
Agbot.Package/navmesh/248C465M.dat
Agbot.Package/navmesh/262D721B.dat
Agbot.Package/navmesh/268D132N.dat
Agbot.Package/navmesh/272D131R.dat
Agbot.Package/navmesh/272D231R.dat
Agbot.Package/navmesh/276F21DL.dat
Agbot.Package/navmesh/277A531L.dat
Agbot.Package/navmesh/298A154G.dat
Agbot.Package/navmesh/2A5C544F.dat
Agbot.Package/navmesh/2B8G334G.dat
Agbot.Package/navmesh/2D1D321B.dat
Agbot.Package/navmesh/2E2B324O.dat
Agbot.Package/navmesh/2E4C129D.dat
Agbot.Package/navmesh/2F6A414F.dat
Agbot.Package/navmesh/2G2A128Q.dat
Agbot.Package/navmesh/2G6D344N.dat
Agbot.Package/navmesh/321B44DS.dat
Agbot.Package/navmesh/322A716D.dat
Agbot.Package/navmesh/324B711L.dat
Agbot.Package/navmesh/325E411F.dat
Agbot.Package/navmesh/341A535D.dat
Agbot.Package/navmesh/344A526C.dat
Agbot.Package/navmesh/345G446Q.dat
Agbot.Package/navmesh/346E312H.dat
Agbot.Package/navmesh/348A635A.dat
Agbot.Package/navmesh/352D526A.dat
Agbot.Package/navmesh/353A342K.dat
Agbot.Package/navmesh/356D462K.dat
Agbot.Package/navmesh/362A617S.dat
Agbot.Package/navmesh/368E552F.dat
Agbot.Package/navmesh/374F14DF.dat
Agbot.Package/navmesh/3A6E144O.dat
Agbot.Package/navmesh/3B4C541C.dat
Agbot.Package/navmesh/3B8G744H.dat
Agbot.Package/navmesh/3C7D534L.dat
Agbot.Package/navmesh/3G5E264K.dat
Agbot.Package/navmesh/3J7D164F.dat
Agbot.Package/navmesh/421C717I.dat
Agbot.Package/navmesh/424A541K.dat
Agbot.Package/navmesh/425E631H.dat
Agbot.Package/navmesh/428C22DQ.dat
Agbot.Package/navmesh/441B632H.dat
Agbot.Package/navmesh/441C122A.dat
Agbot.Package/navmesh/443B712A.dat
Agbot.Package/navmesh/445A116N.dat
Agbot.Package/navmesh/446E145Q.dat
Agbot.Package/navmesh/447D335O.dat
Agbot.Package/navmesh/453E122L.dat
Agbot.Package/navmesh/454E136O.dat
Agbot.Package/navmesh/455F212C.dat
Agbot.Package/navmesh/456B316H.dat
Agbot.Package/navmesh/458A522A.dat
Agbot.Package/navmesh/458F426K.dat
Agbot.Package/navmesh/467D352E.dat
Agbot.Package/navmesh/468D452M.dat
Agbot.Package/navmesh/4B1G111N.dat
Agbot.Package/navmesh/4B3D214L.dat
Agbot.Package/navmesh/4B4A431D.dat
Agbot.Package/navmesh/4B4E221I.dat
Agbot.Package/navmesh/4D1E151L.dat
Agbot.Package/navmesh/4D2E427P.dat
Agbot.Package/navmesh/4D4D531B.dat
Agbot.Package/navmesh/4D5F461C.dat
Agbot.Package/navmesh/4E2C224H.dat
Agbot.Package/navmesh/4H1A714J.dat
Agbot.Package/navmesh/522C251C.dat
Agbot.Package/navmesh/522G121C.dat
Agbot.Package/navmesh/525A55DM.dat
Agbot.Package/navmesh/526F35DQ.dat
Agbot.Package/navmesh/543D242E.dat
Agbot.Package/navmesh/544E336N.dat
Agbot.Package/navmesh/546D735H.dat
Agbot.Package/navmesh/546F216J.dat
Agbot.Package/navmesh/566A661H.dat
Agbot.Package/navmesh/568B315G.dat
Agbot.Package/navmesh/572B641O.dat
Agbot.Package/navmesh/575D31DO.dat
Agbot.Package/navmesh/576C361F.dat
Agbot.Package/navmesh/581B164N.dat
Agbot.Package/navmesh/5B7F311G.dat
Agbot.Package/navmesh/5C8E114H.dat
Agbot.Package/navmesh/5E3F654Q.dat
Agbot.Package/navmesh/5E7A464O.dat
Agbot.Package/navmesh/5F4E12AC.dat
Agbot.Package/navmesh/5H4E434C.dat
Agbot.Package/navmesh/5H5E510O.dat
Agbot.Package/navmesh/5I1G314R.dat
Agbot.Package/nuConnector.ini
Agbot.Package/nuConnector1.3.exe
.exe windows:4 windows x86 arch:x86

a10a31d0c3a2221a5b16387add480308

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

ws2_32

setsockopt

kernel32

CompareStringA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

ShellExecuteA

Sections

.text
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Agbot.Package/readme.txt
Agbot.Package/script/Alexandria/001.MiddleNorth-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Alexandria/001.MiddleSouth-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Alexandria/100.South-SandRaiders-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/100.South-Uneg-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/101.South-CruelRaider-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/101.South-DarkKhepris-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/101.South-Weneg-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/102.South-WindSpider-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/106.North-HunterPriestOfTerror-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/106.North-MushroomRockArea-A3CG-rev6-v1.lst
Agbot.Package/script/Alexandria/108.North-JobTempleThiefKeisasBerserker-A3CG-rev6-v1.lst
Agbot.Package/script/ChatScript/fwboxes.lst
Agbot.Package/script/ChatScript/fwscript.lst
Agbot.Package/script/Constantinople/001.Middle-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Constantinople/001.West-MoviaMovoi-P5C-Apa-v1.lst
Agbot.Package/script/Constantinople/003.West-GraespEdenp-P5C-Apa-v1.lst
Agbot.Package/script/Constantinople/005.West-BaroiWolfBarusWolfLogosBaroi-P4C-Apa-v1.lst
Agbot.Package/script/Constantinople/008.West-BartisMisosBaroi-P4Cf-Apa-v1.lst
Agbot.Package/script/Constantinople/011.West-DowGenetosDowGenema-A4CGfi-Hidan-v1.lst
Agbot.Package/script/Constantinople/012.West-Kiklopes-P4C-Apa-v1.lst
Agbot.Package/script/Constantinople/012.West-Kiklopes-P4C-Apa-v2.lst
Agbot.Package/script/Donwhang/001.Middle-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Donwhang/021.East-Chakji-A4CG-Claude-v1.lst
Agbot.Package/script/Donwhang/022.East-DevilBug-ACG4-linuxhell-v1.lst
Agbot.Package/script/Donwhang/023.East-HyungnoGhost-ACG4-linuxhell-v1.lst
Agbot.Package/script/Donwhang/024.East-HyungnoGhost-P4-Claude-v1.lst
Agbot.Package/script/Donwhang/026.East-DevilHorse-ACG4-Mark-v1.lst
Agbot.Package/script/Donwhang/027.East-EarthGhost-A5CGQ-Atommacika-v1.lst
Agbot.Package/script/Donwhang/027.East-EarthGhost-ACG5-linuxhell-v1.lst
Agbot.Package/script/Donwhang/027.East-GunPowder-A5Ci-Jan214-v1.lst
Agbot.Package/script/Donwhang/027.East-MeekGunPowder-P4C-Claude-v1.lst
Agbot.Package/script/Donwhang/030.West-Hyeongcheon-A5CG-Loriac-v1.lst
Agbot.Package/script/Donwhang/030.West-Hyeongcheon-A5CGQ-Atommacika-v1.lst
Agbot.Package/script/Donwhang/032.South-Scorpion-A5CGp-Atommacika-v1.lst
Agbot.Package/script/Donwhang/032.West-Scoprion-A3CGp-Loriac-v1.lst
Agbot.Package/script/Donwhang/033.West-Ong-ACG4-linuxhell-v1.lst
Agbot.Package/script/Donwhang/034.West-BloodDeathFlower-A5CGz-Loriac-v1.lst
Agbot.Package/script/Donwhang/035.West-BlackYeowa-P5-Loriac-v1.lst
Agbot.Package/script/Donwhang/036.West-RedYeowa-A3CGz-Hidan-v1.lst
Agbot.Package/script/Donwhang/037.South-Blackrobber-A1CG-Suomiporo-v1.lst
Agbot.Package/script/Donwhang/037.West-BlackRoberBowman-A5-Loriac-v1.lst
Agbot.Package/script/Donwhang/040.South-RedScorpion-A3CGp-Anon-v1.lst
Agbot.Package/script/Donwhang/042.West-RedEyeGhost-A2CGb-Claude-v1.lst
Agbot.Package/script/Hotan/001.Middle-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Hotan/043.East-Maong-A1-Suomiporo-v1.lst
Agbot.Package/script/Hotan/043.East-Maong-A2-13th-v2.lst
Agbot.Package/script/Hotan/043.East-Maong-A4-13th-v1.lst
Agbot.Package/script/Hotan/043.East-Maong-P4-Max-v1.lst
Agbot.Package/script/Hotan/045.East-Bunwang-A3CGR-Stankonia-v1.lst
Agbot.Package/script/Hotan/045.East-Goldenspider-A2-Suomiporo-v2.lst
Agbot.Package/script/Hotan/046.West-UltraBloodDevil-A4CQ-Psykotik-v1.lst
Agbot.Package/script/Hotan/050.West-Ujigi-CG3P-Rosire-v1.lst
Agbot.Package/script/Hotan/050.West-Ujigi-P5-AgJosh-v1.lst
Agbot.Package/script/Hotan/051.West-Ishade-P5CGc-Suomiporo-v1.lst
Agbot.Package/script/Hotan/053.West-Bluespider-A3CGc-Suomiporo-v1.lst
Agbot.Package/script/Hotan/054.West-PenonFighter-P3CGR-AgJosh-v1.lst
Agbot.Package/script/Hotan/055.West-PenonWarrior-A3-Essey-v1.lst
Agbot.Package/script/Hotan/055.West-PenonWarrior-A3-Essey-v2.lst
Agbot.Package/script/Hotan/055.West-PenonWarrior-A3-Essey-v3.lst
Agbot.Package/script/Hotan/055.West-PenonWarrior-A3-Essey-v4.lst
Agbot.Package/script/Hotan/055.West-PenonWarrior-A3-Kraka-v1.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5-Rosire-v2.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5C-Vegetta91-v1.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5CQ-Ashanti-v1.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5Q-Jan214-v1.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5Q-Rosire-v1.lst
Agbot.Package/script/Hotan/057.West-Sonar-P5R-Rychu-v1.lst
Agbot.Package/script/Hotan/059.West-Yeti-P4-Minuit-v1.lst
Agbot.Package/script/Hotan/060.West-DevilYeti-A5-TidusDark-v1.lst
Agbot.Package/script/Hotan/063.East-ShakramEdimu-A2CG-Essey-v1.lst
Agbot.Package/script/Hotan/063.West-ShakramEdimu-A2CG-Essey-v2.lst
Agbot.Package/script/Hotan/063.West-ShakramEdimu-A2CG-Essey-v3.lst
Agbot.Package/script/Hotan/067.East-DarkKarra-A4CGZ-Chubaca-v1.lst
Agbot.Package/script/Hotan/067.West-DarkDeathKara-A3Gz-Jan214-v1.lst
Agbot.Package/script/Hotan/067.West-DarkDeathKara-unk-Andro23-v1.lst
Agbot.Package/script/Hotan/067.West-DarkKarra-A4CGZ-MrBlue-v1.lst
Agbot.Package/script/Hotan/067.West-DarkKarra-A4CGZ-MrBlue-v2.lst
Agbot.Package/script/Hotan/072.RokSouth-BlackEagle-P4CGQRL-Ashanti-v1.lst
Agbot.Package/script/Hotan/073.RokNorth-FeatherMask-A2CGF-MrBlue-v1.lst
Agbot.Package/script/Hotan/073.RokNorth-FeatherMask-A2CGQRF-Ashanti-v1.lst
Agbot.Package/script/Hotan/073.RokSouth-FeatherCloak-A2CGF-MrBlue-v1.lst
Agbot.Package/script/Hotan/073.RokSouth-FeatherMask-A2CGQRF-Ashanti-v1.lst
Agbot.Package/script/Hotan/073.West-BoneSoldierNiyaGuard-A2G-Jan214-v1.lst
Agbot.Package/script/Hotan/073.West-NiyaGuard-A4G-VArmand-v1.lst
Agbot.Package/script/Hotan/074.West-NiyaSniper-P3RP-Thiefz-v1.lst
Agbot.Package/script/Hotan/074.West-NiyaSniper-P5Q-AgJosh-v1.lst
Agbot.Package/script/Hotan/074.West-NiyaSniper-P5Q-MrBlue-v1.lst
Agbot.Package/script/Hotan/074.West-NiyaSniper-P5R-RodrigoGS-v1.lst
Agbot.Package/script/Hotan/075.West-Shaur-P3CGQFS-AgJosh-v1.lst
Agbot.Package/script/Hotan/076.West-NiyaHunter-A3CGP-MrBlue-v3.lst
Agbot.Package/script/Hotan/076.West-NiyaHunter-A3CGQP-MrBlue-v1.lst
Agbot.Package/script/Hotan/076.West-NiyaHunter-A3CGQP-MrBlue-v2.lst
Agbot.Package/script/Hotan/076.West-goat-P3CGQFS-AgJosh-v1.lst
Agbot.Package/script/Hotan/078.RokNorth-WingTribe-P4CGl-RodrigoGS-v1.lst
Agbot.Package/script/Hotan/080.RokNorth-WingTribe-A1CGRt-Ashanti-v1.lst
Agbot.Package/script/Hotan/080.RokNorth-WingTribeAttacker-A1CGRt-Codimusprime-v1.lst
Agbot.Package/script/Hotan/080.RokSouth-WingTribeGuardian-P&A3CGl-MrBot-v1.lst
Agbot.Package/script/Hotan/082.RokNorth-Antinoke-A2CGQRF-Ashanti-v1.lst
Agbot.Package/script/Hotan/083.RokNorth-Antelope-A2CGf-Milodiu-v1.lst
Agbot.Package/script/Hotan/083.RokNorth-Antiklopes-A1CGRt-Codimusprime-v1.lst
Agbot.Package/script/Hotan/083.RokSouth-Antiklopes-A1CGRt-Codimusprime-v1.lst
Agbot.Package/script/Hotan/087.RokNorth-WingTribeAttacker-A1CGRT-Ashanti-v1.lst
Agbot.Package/script/Hotan/087.RokSouth-WingTribeAttacker-A1CGRt-Anon-v1.lst
Agbot.Package/script/Hotan/088.RokNorth-Rockys-unk-Anabol-v1.lst
Agbot.Package/script/Jangan/001.East-Mangyang-P5C-Anon-v1.lst
Agbot.Package/script/Jangan/001.Middle-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Jangan/013.West-YoungTiger-P4-linuxhell-v1.lst
Agbot.Package/script/Jangan/014.West-Tiger-A3CGp-Loriac-v1.lst
Agbot.Package/script/Jangan/018.West-WhiteTiger-A4CG-Claude-v1.lst
Agbot.Package/script/Jangan/018.West-WhiteTiger-A4CG-Drotalion-v1.lst
Agbot.Package/script/Jangan/019.West-ChakjiWorker-P5-Claude-v1.lst
Agbot.Package/script/Jangan/019.West-ChakjiWorker-P5-Jan214-v1.lst
Agbot.Package/script/Jangan/081.B1-TombSoldier+QinTombStone-A3CG-Test-v1.lst
Agbot.Package/script/Jangan/081.B1-jj-cave-B1-TombSoldier+QinTombStone-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/081.B1-jj-cave-B1-TombSoldier+QinTombStone-A3CG-x_H_x-v2.lst
Agbot.Package/script/Jangan/081.B1-jj-cave-B1-TombSoldier+QinTombStone-A3CG-x_H_x-v3.lst
Agbot.Package/script/Jangan/081.B1-jj-cave-B1-TombSoldier+QinTombStone-A3CG-x_H_x-v4.lst
Agbot.Package/script/Jangan/082.B1-TombSoldier-unk-Test-v1.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior+QinTombStone-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior+QinTombStone-A3CG-x_H_x-v2.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v2.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v3.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v4.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v5.lst
Agbot.Package/script/Jangan/082.B1-jj-cave-B1-TombWarrior-A3CG-x_H_x-v6.lst
Agbot.Package/script/Jangan/083.B1-TombWarrior-unk-Test-v1.lst
Agbot.Package/script/Jangan/084.B1-BloodyTombStone+ShiTombStone-A3CG-Test-v1.lst
Agbot.Package/script/Jangan/084.B1-BloodyTombstone-ACG-Anchen-v1.lst
Agbot.Package/script/Jangan/084.B1-jj-cave-B1-BloodyTombStone+ShiTombStone-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/084.B1-jj-cave-B1-TombArcher-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/084.B1-jj-cave-B1-TombGuard+BloodyTombStone-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/085.B1-TombBowman-unk-Test-v1.lst
Agbot.Package/script/Jangan/085.B1-jj-cave-B1-TombBowman+Unique85-A3CG-x_H_x-v3.lst
Agbot.Package/script/Jangan/085.B1-jj-cave-B1-TombBowman-A3CG-x_H_x-v1.lst
Agbot.Package/script/Jangan/085.B1-jj-cave-B1-TombBowman-A3CG-x_H_x-v2.lst
Agbot.Package/script/Jangan/086.B1-jjcave-B2-camp2-TombHunters+StoneGhost+Unique85-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/086.B1-jjcave-B2-camp3-TombHunters+StoneGhos-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/087.B1-jjcave-B2-camp7-TombGhost+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/087.B1-jjcave-B2-camp8-TombGhost+TombSpirit+Unique88-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/088.B1-jjcave-B2-camp10-RoyalSoldier+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/088.B1-jjcave-B2-camp9-RoyalSoldier+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/089.B1-jjcave-B2-camp11-RoyalGuard+TombSpirit+Unique89-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/089.B1-jjcave-B2-camp12-RoyalGuard+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/089.B1-jjcave-B2-camp13-RoyalGuard+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B2-camp14-RoyalWarrior+TombSpirit-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B2-camp15-RoyalWarrior+TombSpirit+Unique90-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B3-A3CG-rev6-v1.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B3-Entrance-A3CG-rev6-B3Entrance.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B3-TombBug-A3CG-rev6-SouthernViperCaveA.lst
Agbot.Package/script/Jangan/090.B1-jjcave-B3-TombBug-A3CG-rev6-WesternViperCaveA.lst
Agbot.Package/script/Jangan/091.B1-jjcave-B3-TombBeetle-A3CG-rev6-SouthernViperCaveB.lst
Agbot.Package/script/Jangan/092.B1-jjcave-B3-TombSnake-A3CG-rev6-WesternViperCaveB.lst
Agbot.Package/script/Jangan/092.B1-jjcave-B3-TombSnake-A3CG-rev6-WesternViperCaveC.lst
Agbot.Package/script/Jangan/093.B1-jjcave-B3-TombSnakeman-A3CG-rev6-WesternViperCaveD.lst
Agbot.Package/script/Jangan/093.B1-jjcave-B3-TombSnakeman-A3CG-rev6-WesternViperCaveE.lst
Agbot.Package/script/Jangan/093.B1-jjcave-B3-TombSnakeman-A3CG-rev6-WesternViperCaveF.lst
Agbot.Package/script/Jangan/094.B1-jjcave-B3-TombSnake-A3CG-rev6-SouthernViperCaveC.lst
Agbot.Package/script/Jangan/094.B1-jjcave-B3-TombSnake-A3CG-rev6-SouthernViperCaveD.lst
Agbot.Package/script/Jangan/094.B1-jjcave-B3-TombSnake-A3CG-rev6-SouthernViperCaveE.lst
Agbot.Package/script/Jangan/095.B1-jjcave-B3-TombSnakeUnique-A3CG-rev6-SouthernViperCaveF.lst
Agbot.Package/script/Jangan/096.B1-jjcave-B4-Entrance-A3CG-rev6-SouthernViperCaveGB4.lst
Agbot.Package/script/Jangan/096.B1-jjcave-B4-Entrance-A3CG-rev6-WesternViperCaveGB4.lst
Agbot.Package/script/Jangan/097.B1-jjcave-B4-TombSnakeMistress-A3CG-rev6-WesternViperCaveI.lst
Agbot.Package/script/Jangan/097.B1-jjcave-B4-TombSnakeMistress-A3CG-rev6-WesternViperCaveJ.lst
Agbot.Package/script/Jangan/097.B1-jjcave-B4-TombSnakeMistress-A3CG-rev6-WesternViperCaveK.lst
Agbot.Package/script/Jangan/097.B1-jjcave-B4-TombSnakeWorker-A3CG-rev6-WesternViperCaveH.lst
Agbot.Package/script/Jangan/098.B1-jjcave-B4-TombSnake-A3CG-rev6-SouthernViperCaveH.lst
Agbot.Package/script/Jangan/098.B1-jjcave-B4-TombSnake-A3CG-rev6-SouthernViperCaveI.lst
Agbot.Package/script/Jangan/098.B1-jjcave-B4-TombSnake-A3CG-rev6-SouthernViperCaveJ.lst
Agbot.Package/script/Jangan/098.B1-jjcave-B4-TombSnake-A3CG-rev6-SouthernViperCaveK.lst
Agbot.Package/script/Jangan/099.B1-jjcave-B4-TombSnakeLord-A3CG-rev6-SouthernViperCaveMiddleBottom.lst
Agbot.Package/script/Jangan/099.B1-jjcave-B4-TombSnakeLord-A3CG-rev6-WesternViperCaveMiddleLeft.lst
Agbot.Package/script/Jangan/099.B1-jjcave-B4-TombSnakeLord-A3CG-rev6-WesternViperCaveMiddleTop.lst
Agbot.Package/script/Jangan/100.B1-jjcave-B5-Entrance-A3CG-rev6-WesternViperCaveZB5Entrance.lst
Agbot.Package/script/MirrorWorld/001.MirrorWorld-ag-v1.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_011_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_012_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_013_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_016_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_018_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_019_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_032_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_GU_038_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_SU_004_06.lst
Agbot.Package/script/Quests/SN_TALK_QNO_SD_SU_005_06.lst
Agbot.Package/script/Readme.txt
Agbot.Package/script/SN_TALK_QNO_TRADE_THIEF_A_013_09.lst
Agbot.Package/script/Samarkand/001.Middle-MiddleTown-P5C-rev6-v1.lst
Agbot.Package/script/Samarkand/031.North-Kokoru-A5Gh-KventinDorvardRus-v1.lst
Agbot.Package/script/Samarkand/031.North-Kokoru-A5Gh-Mark-v1.lst
Agbot.Package/script/Samarkand/032.North-Periton-A5Gh-KventinDorvardRus-v1.lst
Agbot.Package/script/Samarkand/033.South-Ong-PA1R-Whitey-TaxiScript.lst
Agbot.Package/script/Samarkand/034.South-Ong-A2CGR-13th-v1.lst
Agbot.Package/script/Samarkand/036.East-Huns-A4CG-13th-v1.lst
Agbot.Package/script/Samarkand/037.East-HunAssault-A3GCd-AlyShehata-v1.lst
Agbot.Package/script/Samarkand/038.East-HunAssault-A2CG-13th-v1.lst
Agbot.Package/script/Samarkand/040.East-RockGolem-A2CG-13th-v1.lst
Agbot.Package/security.data
Agbot.Package/sound/info.txt
Agbot.Package/sound/sndrec32.exe
.exe windows:5 windows x86 arch:x86

c86d10d715e0a8f08cc68ae46e3fc52f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SndRec32.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA

kernel32

GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
GetStartupInfoA
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
LCMapStringA
MultiByteToWideChar
LCMapStringW
VirtualProtect
GetSystemInfo
GetLocaleInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetTempFileNameW
lstrcpynW
GlobalReAlloc
WaitForSingleObject
CreateThread
GlobalMemoryStatus
GetLocaleInfoW
GetCommandLineW
GetFullPathNameW
lstrlenW
lstrcatW
DeleteFileW
CreateFileW
CloseHandle
GlobalAlloc
GlobalLock
GlobalSize
GetCurrentThreadId
lstrcmpiW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
FreeResource
lstrcmpW
MulDiv
lstrcpyW
GlobalFree
GlobalUnlock
GlobalHandle
VirtualAlloc

gdi32

SetMapMode
GetStockObject
CreateMetaFileW
SetWindowOrgEx
SetWindowExtEx
StretchBlt
CloseMetaFile
DeleteMetaFile
GetDeviceCaps
CreateCompatibleBitmap
GetObjectW
SelectPalette
RealizePalette
GetDIBits
PatBlt
BitBlt
DeleteDC
CreateCompatibleDC
CreateBitmap
SetTextColor
SelectObject
SetBkColor
GetTextExtentPointW
ExtTextOutW
DeleteObject
CreateSolidBrush
SetBrushOrgEx
CreateHatchBrush

user32

SetCursor
LoadCursorW
GetClipboardData
OpenClipboard
wsprintfW
MessageBoxW
wvsprintfW
GetWindowLongW
MessageBeep
CharPrevW
CharNextW
SetClassLongW
SetWindowTextW
LoadAcceleratorsW
DefDlgProcW
RegisterClassW
LoadIconW
GetDlgItem
ShowWindow
GetWindowTextW
ReleaseDC
GetDC
EndPaint
BeginPaint
DefWindowProcW
InflateRect
PeekMessageW
InvalidateRect
SetDlgItemTextW
GetActiveWindow
EnableWindow
GetFocus
SetTimer
KillTimer
RegisterWindowMessageW
DrawIcon
SetRect
GetSystemMetrics
ModifyMenuW
DrawMenuBar
DeleteMenu
GetMenu
IsWindow
EndDialog
SetPropW
RemovePropW
CloseClipboard
GetDlgCtrlID
DialogBoxParamW
MoveWindow
IsIconic
GetWindowRect
DrawFocusRect
CopyRect
DrawEdge
CallWindowProcW
SetWindowLongW
MapWindowPoints
CreateWindowExW
SetForegroundWindow
SetFocus
RemoveMenu
GetMenuStringW
GetSubMenu
InsertMenuW
GetParent
SetWindowPos
DestroyMenu
CreateMenu
RedrawWindow
RegisterClipboardFormatW
DispatchMessageW
UnhookWindowsHookEx
GetSysColor
GetClientRect
FillRect
DestroyWindow
PostQuitMessage
LoadStringW
ScreenToClient
UpdateWindow
IsWindowEnabled
SetActiveWindow
PostMessageW
GetWindow
GetKeyState
EnableMenuItem
IsClipboardFormatAvailable
SetWindowsHookExW
CreateDialogParamW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
GetPropW
TranslateMessage
WinHelpW
GetDesktopWindow
IsWindowVisible
GetAsyncKeyState
SendMessageW
CallNextHookEx
ClientToScreen

winmm

waveOutUnprepareHeader
mmioOpenW
mmioWrite
mmioAscend
mmioCreateChunk
mmioRead
mmioSeek
mmioDescend
waveOutGetNumDevs
waveInGetNumDevs
waveInOpen
waveOutWrite
waveInAddBuffer
waveOutPrepareHeader
waveInPrepareHeader
waveInUnprepareHeader
waveOutOpen
waveInReset
waveOutReset
mmioGetInfo
waveInStart
waveOutPause
waveOutRestart
waveOutClose
waveInClose
waveOutGetPosition
waveInGetPosition
mmioClose

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

ShellAboutW
DragQueryFileW
DragFinish
SHGetFileInfoW
ShellExecuteW
DragAcceptFiles

ole32

OleFlushClipboard
OleUninitialize
OleInitialize
OleBuildVersion
CoRevokeClassObject
CoLockObjectExternal
CoCreateInstance
OleSetClipboard
WriteClassStg
OleNoteObjectVisible
StgCreateDocfile
OleSave
CreateFileMoniker
OleIsCurrentClipboard
CoRegisterClassObject
CLSIDFromString
OleDraw
WriteClassStm
CreateStreamOnHGlobal
ReleaseStgMedium
CreateDataAdviseHolder
WriteFmtUserTypeStg
StgOpenStorage
CreateOleAdviseHolder
GetRunningObjectTable
CreateBindCtx
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoGetMalloc

msacm32

acmFormatSuggest
acmStreamOpen
acmStreamSize
acmFormatDetailsW
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmMetrics
acmFormatChooseW
acmFormatTagDetailsW

comctl32

ord17
ord8
PropertySheetW

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Agbot.Package/uxtheme.dll
.dll windows:6 windows x86 arch:x86

478cabb8e519363ad481372dba535388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wuxtheme.pdb

Imports

msvcrt

memmove
memset
_purecall
rand
_wsplitpath_s
_ftol2_sse
floor
memcpy
_XcptFilter
malloc
free
_initterm
_amsg_exit
_adjust_fdiv
_except_handler4_common
_onexit
_lock
__dllonexit
wcschr
strchr
wcstoul
fwprintf
fputws
fflush
_vsnwprintf
_unlock

ntdll

DbgPrintEx
NtQuerySystemInformation
DbgBreakPoint
DbgPrompt
NtUnmapViewOfSection
NtRequestPort
NtOpenEvent
NtQueryEvent
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlInitializeSRWLock
RtlGetThreadLangIdByIndex
RtlInitializeCriticalSection
NtRequestWaitReplyPort
NtConnectPort
RtlInitUnicodeString
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
RtlNtStatusToDosError

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
DelayLoadFailureHook
TerminateProcess
QueryPerformanceCounter
Sleep
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
ResetEvent
SetEvent
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
InterlockedExchange
IsDebuggerPresent
GetACP
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetSystemDirectoryW
GetFullPathNameW
LoadResource
LockResource
CompareStringW
lstrcmpW
GetSystemInfo
VirtualFree
GetModuleHandleExW
GetCurrentThread
CreateThread
FreeLibraryAndExitThread
GetUserDefaultUILanguage
GetFileTime
VirtualAlloc
GetFileSize
GetAtomNameW
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
MulDiv
DisableThreadLibraryCalls
GetProcAddress
CreateActCtxW
ActivateActCtx
LoadLibraryW
GetFileAttributesW
DeactivateActCtx
ReleaseActCtx
FreeLibrary
InitializeCriticalSection
lstrcmpiW
SetLastError
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
TlsFree
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
lstrlenW
WriteFile
GetLastError
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
AddAtomW
DeleteAtom
MultiByteToWideChar
GetStringTypeW
SizeofResource
FindResourceW
ReadFile
FormatMessageW
SystemTimeToFileTime
GetSystemTime
DebugBreak
TerminateThread
RtlCaptureStackBackTrace
ExitProcess
IsWow64Process
SetFilePointer
HeapReAlloc
HeapFree
LoadLibraryExW
GetModuleHandleW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime

user32

AdjustWindowRectEx
IsMenu
GetMenuInfo
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
UnregisterUserApiHook
RegisterUserApiHook
SystemParametersInfoA
SystemParametersInfoW
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
SetWindowLongW
DestroyWindow
IsServerSideWindow
ClientToScreen
LoadStringW
GetMessagePos
GetKeyState
PaintMenuBar
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
SetCapture
PeekMessageW
MsgWaitForMultipleObjectsEx
ReleaseCapture
GetCapture
LoadIconW
CalcMenuBar
GetWindowInfo
IsIconic
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
InvalidateRect
IsWindowRedirectedForPrint
GetClientRect
GetSysColorBrush
InternalGetWindowText
GetWindowTextW
IsWindowInDestroy
SetWindowRgn
GetParent
SetMenuItemInfoW
DefWindowProcW
DefFrameProcW
SetRectEmpty
GetWindowRgnBox
GetTitleBarInfo
GetWindowLongW
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
GetAncestor
GetClassLongW
SetWindowPos
IsThreadDesktopComposited
GetDesktopWindow
PostMessageW
SetProcessDPIAware
SetSysColors
GetDC
RemovePropW
SetPropW
GetPropW
GetClassNameW
EnumDesktopsW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowThreadProcessId
InflateRect
DrawTextW
CopyImage
DrawTextExW
GetWindowDC
ReleaseDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
WindowFromDC
SetTimer
RedrawWindow
KillTimer
EqualRect
OffsetRect
GetWindowRect
MapWindowPoints
IsRectEmpty
IntersectRect
FillRect
SetRect
IsWindow
IsChild
CharNextW
SendMessageTimeoutW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSysColor

gdi32

GetObjectType
ExcludeClipRect
OffsetRgn
LPtoDP
GetRandomRgn
GetLayout
DeleteDC
CreateRectRgnIndirect
GdiAlphaBlend
CreateDIBSection
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SetWindowOrgEx
SetViewportOrgEx
GdiFlush
GetDeviceCaps
StretchBlt
SetStretchBltMode
CreateFontIndirectW
PtInRegion
GdiGradientFill
PathToRegion
SetLayout
GdiDrawStream
SetTextColor
SetBkMode
GetRegionData
GetRgnBox
GetViewportOrgEx
GetWindowOrgEx
GetCurrentObject
ClearBitmapAttributes
SetBitmapAttributes
CreatePatternBrush
SetBrushOrgEx
GetClipBox
SetTextAlign
GetTextAlign
RectVisible
CreateFontW
SetDIBits
ExtCreateRegion
CombineRgn
AbortPath
StrokeAndFillPath
ExtCreatePen
GetTextMetricsW
GdiTransparentBlt
PatBlt
GetBoundsRect
SetBoundsRect
SetBkColor
ExtTextOutW
GetBkColor
IntersectClipRect
CreatePen
CreateSolidBrush
GetStockObject
Rectangle
RoundRect
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
GetDIBits
DeleteObject
Arc

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
TraceEvent
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegEnumValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegCreateKeyExW
RegSetValueExW
EventRegister
EventUnregister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
EventEnabled
EventWrite
RegOpenKeyExW
RegCloseKey

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTransitionDuration
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Agbot.Package/zlib.dll
.dll windows:4 windows x86 arch:x86

d864ee5b5be09704bef5ffbefb087055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fflush
fprintf
_fdopen
fopen
_errno
malloc
sprintf
fwrite
fread
fclose
free
vsprintf
ftell
fseek
rewind
fputc
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpenCurrentFile
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipOpen
zipOpenNewFileInZip
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8cebbf034d8c6304701e5ec3fae70a4

Code Sign

Signer

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 332KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 24KB - Virtual size: 23KB

988f29c1eb8054253091352741683c76

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

4dd9bde8ec329ace3bf646dfe9d45c1a

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 52KB

.data Size: - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 16B

.vmp0 Size: - Virtual size: 28KB

.vmp1 Size: 84KB - Virtual size: 81KB

fd7857e50f1dcabee5dfd00d52930c0d

Headers

File Characteristics

Imports

msvbvm60

kernel32

Sections

.text Size: - Virtual size: 37KB

.data Size: - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.vmp0 Size: - Virtual size: 134KB

.vmp1 Size: 168KB - Virtual size: 164KB

5ac5b10a1b2e5f498e7377cfe149d268

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

.text
Size: 332KB - Virtual size: 332KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: - Virtual size: 52KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 16B

.vmp0
Size: - Virtual size: 28KB

.vmp1
Size: 84KB - Virtual size: 81KB

.text
Size: - Virtual size: 37KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.vmp0
Size: - Virtual size: 134KB

.vmp1
Size: 168KB - Virtual size: 164KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 696KB - Virtual size: 695KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 11KB - Virtual size: 279KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate