3e94d04fd84536f6297238171dc84900_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e94d04fd84536f6297238171dc84900_JaffaCakes118
Size

2.1MB
MD5

3e94d04fd84536f6297238171dc84900
SHA1

696fb7f8d2f9ee1ce13b5eca61e0ee1479ca0caa
SHA256

fced89ce4b8ce3fb7ac8b82bd8138c7ea84a97c82ad265d30b3b028835235090
SHA512

b46319f712961b534887ef4a67d97127c42ddd42680131fc95ad6a37ec7e7ec9d1e8f25a00f4b1ceac32d9771ab24d1e504a606ef6957e25114fde5e80bbe900
SSDEEP

49152:ET2DkcfaenDKqifjrqIUvgyXIOBIzCRgTAygMBrrwOxlEbF40jA:EKnVGNLrCvgyXpRigMBvbxKxTjA

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/pdftotext.dll	acprotect

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Dfm2Txt.exe	upx
static1/unpack001/IniSort.exe	upx
static1/unpack001/IniSort98.exe	upx
static1/unpack001/LineSort.exe	upx
static1/unpack001/bin2hex.exe	upx
static1/unpack001/keygen.exe	upx
static1/unpack001/pdftotext.dll	upx
static1/unpack001/uniqline.exe	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dfm2Txt.exe
unpack002/out.upx
unpack001/IniSort.exe
unpack003/out.upx
unpack001/IniSort98.exe
unpack004/out.upx
unpack001/LineSort.exe
unpack005/out.upx
unpack001/OdfToTxt.exe
unpack001/UnWise.exe
unpack001/Winstart.exe
unpack001/bin2hex.exe
unpack006/out.upx
unpack001/keygen.exe
unpack007/out.upx
unpack001/lnkconv.exe
unpack001/pdftotext.dll
unpack001/uniqline.exe
unpack009/out.upx
unpack001/unzip32.dll
unpack001/urlconv.exe
unpack001/wincmpExt.dll
unpack001/wincmpext64.dll

Files

3e94d04fd84536f6297238171dc84900_JaffaCakes118
.rar
Chinese_cn.dic
Chinese_tw.dic
Dfm2Txt.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dfm2Txt.txt
EN_wincmp3.chm
.chm
IniSort.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IniSort.txt
IniSort98.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LineSort.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LineSort.txt
OdfToTxt.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OdfToTxt.html
.html
OdfToTxt.txt
OdfToTxtReadme.html
.html
UnWise.exe
.exe windows:4 windows x86 arch:x86

1253fca4d360ee1861d91e5029004cf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
WaitForSingleObject
MoveFileExA
GetVersionExA
CreateDirectoryA
LocalFree
FormatMessageA
GetLastError
SizeofResource
CreateProcessA
RemoveDirectoryA
GetFileAttributesA
GetPrivateProfileIntA
SetErrorMode
GlobalAlloc
GlobalLock
DeleteFileA
FreeResource
WinExec
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GlobalUnlock
GlobalFree
OpenFile
lstrcpynA
WritePrivateProfileStringA
MultiByteToWideChar
_lcreat
_lwrite
FileTimeToDosDateTime
GetFileTime
FileTimeToLocalFileTime
GetSystemDirectoryA
_lread
GetDriveTypeA
lstrcmpA
_lopen
_llseek
MulDiv
lstrcmpiA
_lclose
lstrcpyA
GetModuleFileNameA
lstrlenA
CopyFileA
GetTempPathA
GetTempFileNameA
LoadResource
FindResourceA
LockResource
GetPrivateProfileStringA
GetLocalTime
FreeEnvironmentStringsA
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
VirtualFree
ExitProcess
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ReadFile
SetFilePointer
WriteFile
GetStdHandle
SetHandleCount
SetStdHandle
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
GetCurrentProcess
TerminateProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
MoveFileA
CreateFileA
GetFileType
SetEndOfFile
CloseHandle
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetCPInfo
VirtualAlloc
GetACP
GetOEMCP

user32

LoadBitmapA
UpdateWindow
RegisterClassA
SetWindowTextA
wsprintfA
MessageBoxA
GetSysColor
CreateWindowExA
DispatchMessageA
ShowWindow
LoadIconA
KillTimer
DestroyWindow
GetMessageA
ExitWindowsEx
LoadCursorA
SetCursor
EnableWindow
IsWindowVisible
CreateDialogParamA
IsDialogMessageA
PostMessageA
EndPaint
PostQuitMessage
GetClientRect
BeginPaint
ReleaseDC
InvalidateRect
GetDC
DefWindowProcA
MoveWindow
GetWindowRect
SetDlgItemTextA
EndDialog
GetDlgItemTextA
SetRect
ScreenToClient
GetWindowTextA
SendMessageA
SendDlgItemMessageA
GetDlgItem
SetFocus
OemToCharA
DialogBoxParamA
DrawEdge
CharNextA
GetDialogBaseUnits
FillRect
DrawIcon
LoadStringA
GetParent
EnumChildWindows
FindWindowA
DdeCreateDataHandle
DdeInitializeA
DdeCreateStringHandleA
DdeClientTransaction
DdeGetData
TranslateMessage
SetTimer
DdeUninitialize
PeekMessageA
DdeDisconnect
DdeFreeDataHandle
DdeConnect

gdi32

CreateBrushIndirect
TextOutA
SetTextColor
GetTextExtentPointA
CreateFontA
GetDeviceCaps
SetBkMode
BitBlt
GetObjectA
DeleteDC
PatBlt
CreateSolidBrush
CreateCompatibleDC
RealizePalette
SelectPalette
SelectObject
MoveToEx
CreatePen
LineTo
SetBkColor
StretchBlt
ExtTextOutA
CreateCompatibleBitmap
CreateFontIndirectA
GetStockObject
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
DeleteService
ControlService
OpenServiceA

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

_ItemDlg@16
_MainWndProc@16
_ProgressDlg@16
_PromptDlg@16
_SharedDlg@16

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Winstart.exe
.exe windows:4 windows x86 arch:x86

0f032a8f052196802ab65edddd7bb92f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetCPInfo
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LoadLibraryA
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapFree
HeapAlloc
VirtualAlloc
GetProcAddress

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 823B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Winstart.txt
basic.chl
bin2hex.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin2hex.txt
dirinfo.txt
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lnkconv.exe
.exe windows:4 windows x86 arch:x86

83caf33ad4489f9c4e68a18edea26342

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CopyFileA
ExitProcess
FindAtomA
GetAtomNameA
MultiByteToWideChar
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
printf
puts
signal

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lnkconv.txt
pdftotext.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetDocInfo
GetDocInfoU
GetTextContent
GetTextContentFormatted
GetUnicodeTextContent
GetUnicodeTextContentFormatted

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pdftotext.txt
perl.chl
readme.txt
reg.bat
reg.txt
register.url
uniqline.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
unzip32.dll
.dll windows:4 windows x86 arch:x86

37934361a5d305498d4771b0b90a7c26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
__lconv_init
toupper
_adjust_fdiv
mktime
time
_initterm
_get_osfhandle
setlocale
fclose
strncpy
gmtime
_mbsrchr
tolower
_isctype
_pctype
localtime
putc
fflush
longjmp
fopen
mblen
__mb_cur_max
_mbschr
_mbsinc
_iob
fgets
strncmp
sprintf
_setjmp3
realloc
malloc
_chmod
_isatty
_mkdir
_read
_lseek
_setmode
_fileno
_open
_unlink
_stat
_write
_tzset
_putenv
_close
_strnicmp
_strupr

kernel32

FileTimeToSystemTime
InitializeCriticalSection
ReleaseMutex
FindFirstFileA
FindNextFileA
GlobalFree
GlobalAlloc
GlobalUnlock
lstrcpyA
GetCurrentProcess
GlobalLock
CreateMutexA
InterlockedExchange
HeapAlloc
GetFullPathNameA
lstrlenA
lstrcmpiA
lstrcpynA
EnterCriticalSection
GetVersion
SetEndOfFile
SetFilePointer
CloseHandle
SetFileTime
GetLastError
SetFileAttributesA
CreateFileA
FileTimeToLocalFileTime
GetVolumeInformationA
GetProcessHeap
GetLocaleInfoA
WaitForSingleObject
FindClose
SetVolumeLabelA
GetDriveTypeA
GetFileAttributesA
GetFileTime
LeaveCriticalSection
HeapFree

advapi32

SetKernelObjectSecurity
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
GetSecurityDescriptorLength
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup

user32

CharToOemA
OemToCharA

Exports

Exports

UzpFreeMemBuffer
UzpVersion
UzpVersion2
Wiz_Grep
Wiz_Init
Wiz_NoPrinting
Wiz_SetOpts
Wiz_SingleEntryUnzip
Wiz_Unzip
Wiz_UnzipToMemory
Wiz_Validate

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
urlconv.exe
.exe windows:4 windows x86 arch:x86

571faeaca799c75ba8bc08437d0c2843

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CreateFileA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetFullPathNameA
GetLastError
GetPrivateProfileStringA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
LoadLibraryA
SetUnhandledExceptionFilter
SleepEx
WriteFile
lstrcatA
lstrcmpA
lstrcpynA
lstrlenA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
printf
puts
signal
strchr
strcpy
strstr
strtol
strtoul

user32

FindWindowExA
GetDesktopWindow
SendMessageA
wsprintfA

wininet

FtpOpenFileA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetGetLastResponseInfoA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
urlconv.txt
wincmp3.chm
.chm
wincmp3.exe
.exe windows:4 windows x86 arch:x86

867defdd7c82dba88bf19cea8796a410

Code Sign

71:6d:fc:64:21:08:b7:cc:d3:e8:35:3f:69:fc:86:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

08/12/2007, 00:00

Not After

07/12/2008, 23:59

Subject

CN=Igor Green,O=Igor Green,POSTALCODE=220125,STREET=Nezavisimosti 185-149,L=Minsk,ST=BY,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:a8:48:06:62:0a:43:4f:fa:10:1d:41:36:39:da:70:30:18:fc:6b
Signer

Actual PE Digest

09:a8:48:06:62:0a:43:4f:fa:10:1d:41:36:39:da:70:30:18:fc:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrStrIA

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
GetStartupInfoA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
IsBadReadPtr
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetStdHandle
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
lstrcpyW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetDriveTypeW
SetFileAttributesW
DeleteFileW
ResetEvent
SetEvent
Sleep
lstrcpynW
MultiByteToWideChar
WaitForSingleObject
lstrlenW
GetFileSize
GetDateFormatW
SetHandleCount
GetUserDefaultLCID
GetProcessVersion
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeFormatW
GetFileAttributesW
ReadFile
GetTickCount
GetModuleHandleW
FindResourceW
HeapSize
GetFileType
SetStdHandle
SetEnvironmentVariableW
GetTimeZoneInformation
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetCommandLineW
GetProfileIntW
GetPrivateProfileIntW
lstrcmpW
lstrcmpiA
GetCurrentThread
GlobalGetAtomNameW
LocalFileTimeToFileTime
FileTimeToSystemTime
CreateEventW
ResumeThread
GetShortPathNameW
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrcmpA
SetLastError
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GlobalSize
lstrlenA
GetFullPathNameW
lstrcmpiW
SetFilePointer
SetEndOfFile
GetFileInformationByHandle
GetLastError
FormatMessageW
MoveFileW
SetVolumeLabelW
GetDiskFreeSpaceW
SizeofResource
VirtualAlloc
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetSystemTime
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileMappingA
LockResource
LoadResource
CreateFileA
LoadLibraryA
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
GetVersionExW
GetVersion
DeviceIoControl
SetFileTime
GetFileTime
CreateProcessW
GetCurrentDirectoryW
CreateDirectoryW
lstrcatW
SearchPathW
FindFirstFileW
FindNextFileW
FindClose
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLocalTime
SystemTimeToFileTime
SetCurrentDirectoryW
CopyFileW
GetTempPathW
GetTempFileNameW
CompareFileTime
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetDriveTypeA
IsBadCodePtr
GetCPInfo
WritePrivateProfileStringW
GetModuleFileNameW
FindResourceA
FreeLibrary
VirtualFree
WideCharToMultiByte
GetProcAddress
LoadLibraryW
CloseHandle
WriteFile
CreateFileW
GlobalAddAtomA
MulDiv
GetPrivateProfileStringW
GetProfileStringA

user32

SetDlgItemTextW
IsDialogMessageW
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
wvsprintfW
LoadStringW
ValidateRect
GetMessageW
GetDesktopWindow
ReuseDDElParam
UnpackDDElParam
SetCursorPos
WaitMessage
GetWindowThreadProcessId
IsZoomed
ShowOwnedPopups
GetDCEx
GetTabbedTextExtentA
SetParent
RegisterClipboardFormatW
DestroyCaret
MessageBoxW
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
BeginPaint
EndPaint
LockWindowUpdate
CreateWindowExW
DefWindowProcW
CharToOemBuffA
OemToCharBuffA
wsprintfW
wsprintfA
CreateAcceleratorTableW
DestroyAcceleratorTable
SetClassLongW
MessageBeep
TrackPopupMenuEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetTopWindow
CreateMenu
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemInfoW
IsMenu
CopyAcceleratorTableW
GetMenuItemInfoW
CallWindowProcW
GetMessagePos
DrawEdge
DrawStateW
CharUpperW
FrameRect
DrawFocusRect
GetActiveWindow
GetNextDlgTabItem
GetWindowLongW
TabbedTextOutW
EqualRect
GetSysColorBrush
RegisterClassExW
SetWindowRgn
SetRectEmpty
DestroyIcon
GetIconInfo
GetWindowDC
CallNextHookEx
GetClipboardData
OpenClipboard
EmptyClipboard
ShowWindow
TranslateAcceleratorW
LoadAcceleratorsW
SendDlgItemMessageA
SendDlgItemMessageW
SetCaretPos
ShowCaret
HideCaret
GetAsyncKeyState
SetCursor
DrawTextExW
DispatchMessageW
TranslateMessage
DrawTextW
DrawFrameControl
PeekMessageW
PostQuitMessage
IsIconic
IsWindowEnabled
FindWindowW
ClientToScreen
ScreenToClient
SetWindowLongW
DestroyMenu
SetMenu
BringWindowToTop
SetActiveWindow
IsRectEmpty
GetWindow
IsWindow
GetClassNameW
GetClassInfoExW
DeleteMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetFocus
GetDlgCtrlID
GetMenu
FillRect
InflateRect
GetCapture
ReleaseCapture
SetCapture
KillTimer
SetTimer
IsWindowVisible
GetSystemMenu
RemoveMenu
LoadBitmapW
IntersectRect
UpdateWindow
IsClipboardFormatAvailable
SetFocus
MoveWindow
SetRect
OffsetRect
GetCursorPos
GetSysColor
ModifyMenuW
RedrawWindow
CopyRect
WinHelpW
GetClassInfoW
RegisterClassW
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
SetWindowTextW
GetMenuStringW
SystemParametersInfoW
LoadIconW
LoadCursorW
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
GetWindowPlacement
EndDialog
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
SetClipboardData
MapWindowPoints
SetWindowPos
InvalidateRect
GetDlgItem
GetDC
ReleaseDC
PtInRect
WindowFromPoint
IsChild
AdjustWindowRectEx
ScrollWindow
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
EnableScrollBar
CreateCaret
UnhookWindowsHookEx
SetWindowsHookExW
CloseClipboard
PostMessageW
CreatePopupMenu
AppendMenuW
GetKeyState
GetClientRect
LoadMenuW
GetSubMenu
EnableMenuItem
GetWindowRect
EnableWindow
GetParent
SendMessageW
GrayStringW
DestroyCursor
LoadImageW
WindowFromDC
CallWindowProcA
UnregisterClassW
GetWindowTextLengthA
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CharLowerW
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
LoadStringA

gdi32

PatBlt
CreateSolidBrush
GetDeviceCaps
Rectangle
GetTextExtentPoint32W
SelectObject
GetObjectW
GetStockObject
GetTextMetricsW
DeleteObject
StretchBlt
BitBlt
CreateCompatibleDC
GetBitmapDimensionEx
GetCharWidthW
GetBkColor
SetViewportExtEx
GetTextColor
GetCurrentObject
RoundRect
CreateHatchBrush
Ellipse
CreateCompatibleBitmap
FrameRgn
OffsetRgn
EqualRgn
CreatePolygonRgn
CreateRoundRectRgn
CombineRgn
CreateRectRgn
GetWindowOrgEx
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
Pie
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
GetNearestColor
CreatePalette
CreatePen
RealizePalette
SetDIBits
GetDIBits
SelectPalette
SetMapMode
SetBitmapDimensionEx
CreateDCW
TextOutA
GetCurrentPositionEx
MoveToEx
SetTextAlign
GetClipBox
StartDocW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetViewportOrgEx
OffsetViewportOrgEx
CreateRectRgnIndirect
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
LineTo
CreatePatternBrush
SetRectRgn
DPtoLP
StretchDIBits
CreateFontW
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
GetViewportOrgEx
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceW
GetTextExtentPoint32A
CopyMetaFileW
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
CreateFontIndirectW

comdlg32

GetSaveFileNameW
ChooseColorW
PrintDlgW
ChooseFontW
GetOpenFileNameW
CommDlgExtendedError
PageSetupDlgW
GetFileTitleW

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW
DocumentPropertiesW
EnumPrintersW

advapi32

SetFileSecurityW
RegSetValueW
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueW
GetFileSecurityW
GetUserNameW
RegOpenKeyW
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ExtractIconW
DragAcceptFiles
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
DragFinish
DragQueryFileW
ShellExecuteW
SHGetFileInfoW

comctl32

ImageList_Destroy
ord13
ord17
ImageList_LoadImageW
ImageList_Create
ord14
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_GetIconSize
_TrackMouseEvent

ole32

ReleaseStgMedium
CoLockObjectExternal
RegisterDragDrop
CoFileTimeNow
DoDragDrop
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
RevokeDragDrop
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantTimeToSystemTime
SysAllocString
SysStringLen

Sections

.text
Size: 1024KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ddata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wincmp3.ini
wincmp3Ext.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4d95241db675c6d8abe3d57dcd257e46

Code Sign

71:6d:fc:64:21:08:b7:cc:d3:e8:35:3f:69:fc:86:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

08/12/2007, 00:00

Not After

07/12/2008, 23:59

Subject

CN=Igor Green,O=Igor Green,POSTALCODE=220125,STREET=Nezavisimosti 185-149,L=Minsk,ST=BY,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:ab:27:9d:7f:ef:db:15:66:d3:86:63:82:8e:cb:a8:50:ce:df:68
Signer

Actual PE Digest

05:ab:27:9d:7f:ef:db:15:66:d3:86:63:82:8e:cb:a8:50:ce:df:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcmpiW
SizeofResource
lstrcpynW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
FreeLibrary
lstrlenA
lstrcatW
InterlockedIncrement
InterlockedDecrement
CloseHandle
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
MultiByteToWideChar
DisableThreadLibraryCalls
GetModuleHandleW
GetShortPathNameW
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
LoadLibraryW
lstrcpyW
GetStringTypeW
FlushFileBuffers
LCMapStringA
GetStringTypeA
LCMapStringW
GetVersionExA
GetEnvironmentVariableA
SetStdHandle
GetFileAttributesW
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
FreeEnvironmentStringsW
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
IsBadCodePtr
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP

user32

GetKeyState
InsertMenuW
CharNextW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

DragQueryFileW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
ReleaseStgMedium
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wincmpExt.dll
.dll regsvr32 windows:5 windows x86 arch:x86

934925db60e3c8ca9e6bfd9e6f4ef406

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
DeleteCriticalSection
LoadLibraryExW
CloseHandle
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
FlushFileBuffers
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetModuleFileNameW
GetFileAttributesW
FindResourceW
WideCharToMultiByte
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount

user32

InsertMenuW
CharNextW
GetKeyState

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

DragQueryFileW
ShellExecuteW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wincmpext64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

b121d7a195e3da383866ee37277461ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
lstrcmpiW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DeleteCriticalSection
CloseHandle
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
FlushFileBuffers
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
WideCharToMultiByte
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

InsertMenuW
CharNextW
GetKeyState

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

DragQueryFileW
ShellExecuteW

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 80KB

UPX1 Size: 39KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 74KB - Virtual size: 73KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 120KB

UPX1 Size: 74KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 920B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 120KB

UPX1 Size: 73KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 920B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 120KB

UPX1 Size: 74KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

CODE Size: 79KB - Virtual size: 79KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

1253fca4d360ee1861d91e5029004cf5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

UPX0
Size: - Virtual size: 80KB

UPX1
Size: 39KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 74KB - Virtual size: 73KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 120KB

UPX1
Size: 74KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 920B

UPX0
Size: - Virtual size: 120KB

UPX1
Size: 73KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 920B

UPX0
Size: - Virtual size: 120KB

UPX1
Size: 74KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB

CODE
Size: 79KB - Virtual size: 79KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 150KB - Virtual size: 150KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 823B

.data
Size: 9KB - Virtual size: 10KB

.idata
Size: 1024B - Virtual size: 886B

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 69KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 160B

UPX0
Size: - Virtual size: 448KB

UPX1
Size: 126KB - Virtual size: 128KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 25KB - Virtual size: 106KB

.rsrc
Size: 394KB - Virtual size: 394KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 80B