gh0strat | T G Vip[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

T G Vip.7z
Size

22.0MB
MD5

e0bcc101087293ae444654e536c0cf30
SHA1

a0c0a3f7b12fda279d1032b4ae3f0f0933a04adb
SHA256

3eca6259eb561843ef9356261e3037c02b20f808065034dffb60bdf0971047aa
SHA512

2dd862be19d58c5c509213a610be4917142d80f36d9a1d116b5e6ea1a9a0986dd33386991e273dccc058449e919962c15f1fe60780efbc0e1685df68e016d26e
SSDEEP

393216:pJnsn9EXkIveq4mbZmFfdLW5We27/th0ZjIoWyJ1u7+aNI6p1wXqGKCD:p1snOvezzBWE/tUj/XlspERKCD

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 12 IoCs

resource	yara_rule
static1/unpack001/Plugins/CHAT.dll	family_gh0strat
static1/unpack001/Plugins/FILE.dll	family_gh0strat
static1/unpack001/Plugins/KEYLOG.dll	family_gh0strat
static1/unpack001/Plugins/LISTEN.dll	family_gh0strat
static1/unpack001/Plugins/PROXYMAP.dll	family_gh0strat
static1/unpack001/Plugins/REGEDIT.dll	family_gh0strat
static1/unpack001/Plugins/SCREEN.dll	family_gh0strat
static1/unpack001/Plugins/SCREEN1.dll	family_gh0strat
static1/unpack001/Plugins/SERVICE.dll	family_gh0strat
static1/unpack001/Plugins/SHELL.dll	family_gh0strat
static1/unpack001/Plugins/SYSTEM.dll	family_gh0strat
static1/unpack001/Plugins/VIDEO.dll	family_gh0strat

Gh0strat family
gh0strat

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SkinH.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Plugins/upx.exe	upx
static1/unpack001/SkinH.dll	upx
static1/unpack003/out.upx	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plugins/AnyFileToByte.exe
unpack001/Plugins/CHAT.dll
unpack001/Plugins/FILE.dll
unpack001/Plugins/KEYLOG.dll
unpack001/Plugins/LISTEN.dll
unpack001/Plugins/PRANK.dll
unpack001/Plugins/PROXY.dll
unpack001/Plugins/PROXYMAP.dll
unpack001/Plugins/REGEDIT.dll
unpack001/Plugins/SCREEN.dll
unpack001/Plugins/SCREEN1.dll
unpack001/Plugins/SCREEN2.dll
unpack001/Plugins/SERVICE.dll
unpack001/Plugins/SHELL.dll
unpack001/Plugins/SYSTEM.dll
unpack001/Plugins/VIDEO.dll
unpack001/Plugins/shellcode.exe
unpack001/Plugins/upx.exe
unpack001/SkinH.dll
unpack003/out.upx
unpack001/T G 远控.exe
unpack001/Tools/Install.dat
unpack001/Tools/MSTSCAX.DLL
unpack001/Tools/mstsc.exe
unpack001/Update/MainDll.exe

Files

T G Vip.7z
.7z
Plugins/AnyFileToByte.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

MEW
Size: - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 316KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/CHAT.dll
.dll windows:4 windows x86 arch:x86

ede70848b488cec38d5b96e85b3b3d56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GetLocalTime
FreeLibrary
GetCurrentThreadId
GetProcAddress
LoadLibraryA

user32

SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
CreateDialogParamA
UpdateWindow
ShowWindow
SetWindowPos
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EndDialog
wsprintfA

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send
WSAStartup

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 481B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/C_CHAT.h
Plugins/C_FILE.h
Plugins/C_KEYLOG.h
Plugins/C_LISTEN.h
Plugins/C_PRANK.h
Plugins/C_PROXY.h
Plugins/C_PROXYMAP.h
Plugins/C_REGEDIT.h
Plugins/C_SCREEN.h
Plugins/C_SCREEN1.h
Plugins/C_SCREEN2.h
Plugins/C_SERVICE.h
Plugins/C_SHELL.h
Plugins/C_SYSTEM.h
Plugins/C_VIDEO.h
Plugins/Example.Cpp
Plugins/FILE.dll
.dll windows:4 windows x86 arch:x86

6ddb50b9feea01f957e3f9739cc65772

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_strupr
??1type_info@@UAE@XZ
strncat
strchr
??3@YAXPAX@Z
printf
system
strrchr
strncpy
_except_handler3
malloc
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
_beginthreadex

ws2_32

setsockopt
connect
WSACleanup
htons
gethostbyname
socket
recv
select
closesocket
send
WSAIoctl
WSAStartup

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

kernel32

CloseHandle
GetLogicalDriveStringsA
LoadLibraryA
GetProcAddress
GetDiskFreeSpaceExA
GetDriveTypeA
FreeLibrary
ExpandEnvironmentStringsA
lstrcatA
CreateProcessA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
GetLastError
FindFirstFileA
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
FindNextFileA
GetCurrentThreadId
WriteFile
OutputDebugStringA
SetFilePointer
ReadFile
CreateFileA
GetFileSize
CopyFileA
MoveFileA
SetFileAttributesA
FindClose
DeleteFileA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
RemoveDirectoryA
WaitForSingleObject
CreateEventA
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection

user32

wsprintfA
CharNextA

Exports

Exports

PluginMe

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 721B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/KEYLOG.dll
.dll windows:4 windows x86 arch:x86

279064c8a6cfb7af80c2e3e0ccaea130

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
printf
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
_onexit

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send
WSAStartup

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kernel32

InitializeCriticalSection
LocalFree
DeleteFileA
CreateFileA
GetSystemDirectoryA
lstrcatA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
GetLocalTime
lstrlenA
WriteFile
GetFileSize
SetFilePointer
ReadFile
VirtualFree
DeleteCriticalSection
LocalAlloc

user32

GetAsyncKeyState
GetForegroundWindow
wsprintfA
SendMessageA
GetKeyState

Exports

Exports

PluginMe

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/LISTEN.dll
.dll windows:4 windows x86 arch:x86

905e5fe2dd78068420cc156ae92d8456

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetNumDevs
mixerGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose

msvcrt

free
malloc
__CxxFrameHandler
memmove
ceil
_ftol
_CxxThrowException
_beginthreadex
_except_handler3
_CIacos
printf
_CIpow
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z

ws2_32

send
closesocket
select
recv
socket
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAStartup
WSAIoctl

kernel32

LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
Sleep
CancelIo
InterlockedExchange
ResetEvent
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
lstrcpyA
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventA

user32

GetMessageA
TranslateMessage
DispatchMessageA

Exports

Exports

PluginMe

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PRANK.dll
.dll windows:4 windows x86 arch:x86

514265855c794fc13fb6ee92338c23c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
DeviceIoControl
CloseHandle
Beep
Sleep
GetVersion
GetCurrentProcess
CreateFileA

user32

MoveWindow
GetForegroundWindow
ShowWindow
FindWindowA
GetWindowRect
SwapMouseButton
ExitWindowsEx
SendMessageA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

winmm

mciSendStringA

Exports

Exports

PluginMe

Sections

.text
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXY.dll
.dll windows:4 windows x86 arch:x86

7860524c5ba6ef564bb3aee747862755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
WSACleanup
select
shutdown
WSAStartup
sendto
accept
getpeername
bind
getsockname
htons
socket
listen
WSAGetLastError
setsockopt
connect
closesocket
ntohs
inet_addr
inet_ntoa
gethostbyname
recv
__WSAFDIsSet
send

kernel32

CreateThread
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Sleep
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject

user32

wsprintfA

msvcrt

atoi
strncmp
strncpy
printf
free
malloc
strchr
_errno
_strnicmp

Exports

Exports

CloseProxy
OpenProxy

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 875B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PROXYMAP.dll
.dll windows:4 windows x86 arch:x86

cdefbe630f4dc8bca585796ed6531172

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GetLastError
FreeLibrary
GetCurrentThreadId
GetProcAddress
LoadLibraryA

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
??3@YAXPAX@Z
memmove
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException

ws2_32

WSACleanup
WSAIoctl
setsockopt
WSAStartup
htons
gethostbyname
socket
recv
select
closesocket
send
getsockname
connect

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/REGEDIT.dll
.dll windows:4 windows x86 arch:x86

f14cb989a1ffd82d184cf2f732ea524d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
InterlockedExchange
CancelIo
Sleep
LocalReAlloc
LocalAlloc
LocalFree
LocalSize
FreeLibrary
ResetEvent
GetProcAddress
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection

advapi32

RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA

msvcrt

_except_handler3
??1type_info@@UAE@XZ
_beginthreadex
??3@YAXPAX@Z
memmove
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
printf
free
malloc

ws2_32

WSACleanup
WSAIoctl
setsockopt
WSAStartup
htons
gethostbyname
socket
recv
select
closesocket
send
connect

Exports

Exports

PluginMe

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN.dll
.dll windows:4 windows x86 arch:x86

e39b71ce875fd5928ed166f465bbe8bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
free
malloc
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
_ftol
ceil
memmove

ws2_32

select
closesocket
send
recv
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup

kernel32

GetProcAddress
FreeLibrary
LoadLibraryA
GlobalFree
CancelIo
InterlockedExchange
SetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
GetCurrentThreadId
Sleep
GlobalSize
lstrcmpiA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent

user32

GetThreadDesktop
GetUserObjectInformationA
LoadCursorA
DestroyCursor
BlockInput
SendMessageA
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

Exports

Exports

PluginMe

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 509B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN1.dll
.dll windows:4 windows x86 arch:x86

2765c6c5c8101fb8f16ea09273d65127

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

_iob
vsprintf
getenv
sscanf
fprintf
exit
??1type_info@@UAE@XZ
malloc
??3@YAXPAX@Z
memmove
ceil
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
sprintf
free
_beginthreadex
_except_handler3

ws2_32

WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send

kernel32

lstrcmpiA
GetCurrentThreadId
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GetProcAddress
LoadLibraryA
GetSystemInfo

user32

GetCursorInfo
GetSystemMetrics
GetCursorPos
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
mouse_event
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
ReleaseDC
BlockInput
DestroyCursor
LoadCursorA
GetDC
SetClipboardData

gdi32

CreateCompatibleBitmap
GetDIBits
CreateRectRgnIndirect
CombineRgn
GetRegionData
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps

Exports

Exports

PluginMe

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SCREEN2.dll
.dll windows:4 windows x86 arch:x86

2538221a66b1e3d370e229ccc38717b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

_iob
strncmp
vsprintf
fopen
fclose
srand
rand
getenv
sscanf
fprintf
exit
fflush
??1type_info@@UAE@XZ
strchr
strncat
_beginthreadex
_except_handler3
strcmp
printf
free
_strnicmp
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
??2@YAPAXI@Z
memcmp
_CxxThrowException
malloc
sprintf
fwrite

ws2_32

WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
send

kernel32

lstrcmpiA
lstrlenA
WriteFile
GetCurrentThreadId
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
OutputDebugStringA
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
CreateProcessA
CreateFileA
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
GetVolumeInformationA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
FindNextFileA
CopyFileA
lstrcmpA
FindFirstFileA
GetLastError
CreateDirectoryA
lstrcatA
lstrcpyA
ReadFile
GetSystemInfo

user32

GetWindowPlacement
PostMessageA
SetWindowLongA
GetWindowLongA
WindowFromPoint
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetWindow
GetTopWindow
IsWindowVisible
GetSystemMetrics
GetCursorPos
GetCursorInfo
MoveWindow
GetUserObjectInformationA
GetThreadDesktop
ScreenToClient
ChildWindowFromPoint
SystemParametersInfoA
SendMessageA
OpenDesktopA
CreateDesktopA
SetThreadDesktop
FindWindowA
ReleaseDC
CloseDesktop
DestroyCursor
LoadCursorA
GetDC
PtInRect
RealGetWindowClassA
MenuItemFromPoint
OpenInputDesktop
GetMenuItemID
wsprintfA
GetWindowRect

gdi32

GetDIBits
CreateRectRgnIndirect
CombineRgn
GetRegionData
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps

shell32

SHAppBarMessage
SHGetFolderPathA

shlwapi

StrStrA

Exports

Exports

PluginMe

Sections

.text
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SERVICE.dll
.dll windows:4 windows x86 arch:x86

d9b102499c797ce3529a8304cd05bbff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

send
closesocket
select
recv
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup

kernel32

LocalReAlloc
lstrcpyA
LocalFree
lstrlenA
LocalAlloc
GetLastError
FreeLibrary
GetCurrentThreadId
GetProcAddress
LoadLibraryA
LocalSize
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
Sleep
CancelIo

advapi32

CloseServiceHandle
QueryServiceConfig2A
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
DeleteService
ControlService
QueryServiceStatus
StartServiceA
QueryServiceConfigA

Exports

Exports

PluginMe

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SHELL.dll
.dll windows:4 windows x86 arch:x86

2af8fe0a18bfbd20cf580eedc60281c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

connect
setsockopt
htons
WSACleanup
WSAStartup
gethostbyname
socket
recv
select
closesocket
send
WSAIoctl

kernel32

ResetEvent
LocalFree
WriteFile
TerminateThread
TerminateProcess
DisconnectNamedPipe
CreatePipe
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
Sleep
CancelIo
InterlockedExchange
SetEvent
LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
WaitForMultipleObjects
PeekNamedPipe
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ReadFile

Exports

Exports

PluginMe

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/SYSTEM.dll
.dll windows:4 windows x86 arch:x86

5b1bf03e50b95ecd9b1ac6536b434f01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_stricmp
??1type_info@@UAE@XZ
strncat
strchr
_beginthreadex
wcstombs
strncmp
mbstowcs
wcscpy
atoi
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

connect
setsockopt
WSAIoctl
WSACleanup
htons
gethostbyname
socket
recv
select
closesocket
send
WSAStartup
gethostname

wtsapi32

WTSLogoffSession
WTSEnumerateSessionsA
WTSFreeMemory
WTSDisconnectSession
WTSQuerySessionInformationA

shell32

SHGetSpecialFolderPathA

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

kernel32

GlobalMemoryStatusEx
LocalSize
LocalReAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalAlloc
DeleteFileA
TerminateProcess
GetLastError
GetCurrentProcess
QueryDosDeviceA
GetLogicalDriveStringsA
GlobalFree
GlobalAlloc
GetFileSize
GetPriorityClass
GetModuleFileNameA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateRemoteThread
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
OpenProcess
GetVersionExA
GetFileAttributesA
lstrlenA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
WriteFile
CreateFileA
GetSystemDirectoryA
LocalFree
GetModuleHandleA
Module32Next
Module32First
GetTickCount

user32

GetUserObjectInformationA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetSystemMetrics
ExitWindowsEx
PostMessageA
ShowWindow
wsprintfA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SendMessageA

advapi32

QueryServiceStatus
GetTokenInformation
OpenProcessToken
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
AbortSystemShutdownA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountSidA

psapi

GetProcessImageFileNameA
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExA

netapi32

NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetApiBufferFree

Exports

Exports

PluginMe

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/UPX压缩.bat
Plugins/VIDEO.dll
.dll windows:4 windows x86 arch:x86

ab5a1cb1dc8e698d324c83aeeaea7686

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
vsprintf
free
malloc
_except_handler3
_beginthreadex
_CxxThrowException
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
??3@YAXPAX@Z

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

kernel32

ResetEvent
GetSystemInfo
LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
Sleep
CancelIo
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString

ws2_32

htons
send
closesocket
select
WSACleanup
WSAIoctl
setsockopt
connect
WSAStartup
gethostbyname
socket
recv

Exports

Exports

PluginMe

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/shellcode.exe
.exe windows:4 windows x86 arch:x86

eaeec2037d260a719b215e1d9c24c272

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA

mfc42

ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord765
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord5731
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6055
ord1576
ord5290
ord3402
ord3698
ord1146
ord1168
ord860
ord540
ord567
ord2294
ord2362
ord2301
ord2289
ord2370
ord2302
ord6199
ord2642
ord3092
ord4160
ord2863
ord2379
ord755
ord470
ord665
ord1979
ord2818
ord3318
ord5186
ord354
ord3499
ord2515
ord355
ord6334
ord6877
ord2915
ord823
ord1200
ord3874
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4837
ord1776

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
_ftol
strrchr
__CxxFrameHandler
_setmbcp

kernel32

CloseHandle
lstrlenA
CreateFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

GetClientRect
GetSystemMetrics
DrawIcon
wsprintfA
EnableWindow
GetSystemMenu
AppendMenuA
SendMessageA
IsIconic
LoadIconA

shell32

DragQueryFileA
DragFinish

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 281KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SkinH.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T G 远控.exe
.exe windows:5 windows x86 arch:x86

c0aa3a845c40ce1f605b453b0203bd2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIStreamRelease

msvfw32

DrawDibOpen

winmm

PlaySoundA

kernel32

GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetCapture
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

Polygon

comdlg32

PageSetupDlgA

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

SHGetPathFromIDListA

comctl32

ImageList_Write

oledlg

ord9

ole32

SetConvertStg

olepro32

ord253

oleaut32

GetErrorInfo

urlmon

URLDownloadToFileA

ws2_32

WSACleanup

skinh

SkinH_Detach

wininet

InternetConnectA

imm32

ImmAssociateContext

wtsapi32

WTSSendMessageW

Exports

Exports

�D��d��w܂\P�Z��R��C+$�;�4��lP��:6v�!#�#ʯ@��H?ۮ{��[qfͻ�冦-�W��#�=6�~��֊��Ri}�Њ}��KeZ�9�N��d�LH�j��^��~{ CFJ۱�$�3&�N.W㪳��ă��v��ӟ8��5o-«|�Hr)��eTh�n̕��X��c�pi^��8*��t(��g��.5�yu�u.�QNG��<O��d_��2�Y��o�w��b�ݦBW<�?'��넸��#�LeÑ��@ߛ��& +�E�ڍ:O9��e /�_Rs>K"��(��awrH��u?��$�)�[�}�C7�g�~��O�&��AҞF�2=��ǈ�tT>MF�,e��9.#ywۿ�h"��`z�<��3\J�1�W��;|w�{�� :�T; �PR[%1E?� �[��(g��#�s��-�� ninj��#xw�Ն�d&�*��J��L'�k�r��m~��/��3��nǽr��i��#qp��7S��O�;�}ά�<�n�� Ҡ@a�"u��W 1�:Z�F��n�3fX&�[n�3<c��x�L�3[�C�� G��ZqS�$TX� ��=��=��1�Ebq��mDњOĬ�v�`�ᛧY��ad��=B)'��s��˘��B`��\�C �E��U(��fV�S��v{�Y)�&�߻��%�Go��ʜ%?��"o��73�mj�D�\74�5�� a��[!C��C�^,W� h�l��B!�ko��;`�#�;&��:e*��ی�s��s� ��Z�Dɪ��O%��ײ��[�I�Ks��Z�j�!Vy�l��906-��32��^��$6�A��E*#�|M<۸.B��f$81��Ҫ�VҒ��gʶ>5Ƞ��j8^�j��K$:$�� z��H�@"�z�AHPݘxDX{�*�I$ؚ��2��2��h��2e��(*x�_#!�2��I �AnS��b9��)�b�΅�u�lRŸ5�¶�� n��<�qp��w��u߄mq� ��\��nf��> ��u�q��UG��G�ԉ��S��yEֳGX"��}��C ��z�PHEH�X�Ϊ�_fOZ]��9��JTL6�č3`�a�f�oiO��p�r|��8w�O*_D��U ��6�=K�^(��A�{DI��Q��/��D<);�gI�&��*>PC.��BG�=]>�F�?��X�K ��'*��u�r!�� |ָƳ\(f��J[�𺃲�*|. ���FU��Uӻ��^Lys��[�z4+��~VP�(��I�|�m��duaj|�� (G�K�񍽦1w�]PW*��o�ԃ|�� f��Q~'<��ffWJ��i㧥�]|��3)ꏥB�ذ�� M_��/��_��*coe7�q�3��&��M��8ԗ�G��ƙB�<�܌�_��>g\!gkZ�� H��]Ӏ.��-�N�>��s��P�u��9� ��Tu��`1v2�J�ؼ_��d9�K��4=88d ��N��gɃsEMk�KZѧ>��8��f��Ļ��r��{�$83bx�� P�R��f+Siv0#_D��.\��W;��@�4x��=?^^�P�R}��h$��\B��Mg�%Z3�9��L5hnp��RX;31��+ ��b6��;&⌚�C��(��8!Q:��pS�;�Yѫ]=�ߚ0�^)p�PB7�B�>�3��4��|�O�ޔZ��F��/R!8'�s�0V�XCw��$�V��I�`��w�1�%u8�h$>Lz]�F��ܰbe��X�tKQ!��{&�d��Mr��>jR�).�cc��:�v'��1�G�埌��UG4A,��֯�W�[b��NgL޹1�O��Y�_"kR�: ��?.��*�7sB�Y�}�X$>u��:�N�N��I�K�k��_�2��Av�p: �P�d~�U=;��Z�wi��< �#8�^�w��|Ty�q�ŀR@A5��O\��ߎ��ʃ�V�/{��U��;صO9+��o<�z��p-�L�r��Ps(-$��su��D��g��K��P�[��K�x:kL�[ְ��p��f}P_�`�7o'kjJ�d�2Q�(��(L��N��^��ޑ�p�1�8}��(Sdo|Sq��6Ż�b��Q�Jk:��uv�<v�7�8dsfb�Q��}��R 1/~��'N�(�sT<4~��W@�AL��8�� D:a��T�A^3'?��et��C��uV��"o�̒|�! ��5�+��*�b��-Pj��a��'��!��&D�?�O4"`8��ƚ�5mc�?�vga)��o�0�]yf�6r-��Pԇd^_)Y��z��q B^�E广sf�[��P#��U�r�.�:0�T� ��[Wc��A� �}��g[�� m6ج�[�f��-vP��7D��ue��6H-[r�)�~2)4�wΙY�Z��n�q�#ީc�c��N��&jEeJ��=��v�ɋ/��%a�ҷxXʗ0'��*L��@z��Ef��Y��)��W��*G�'cY��2��ڠD��ȷ��X�у0�� 6�"Q��ٯ��[�qK U�'�$C,�+'��w�ɣbI��1Z�+b��m�5��A�[�_�u��F�<N��c�Cۤ��OC��u|�}_R�.'p4G�$�]��J��x�AW#��m��>F]�x⎗��4s��5��鎟L��9�F��0@��5f��9ͤÃ�ch��.WЈ1`�~=![V�Y0��a ��K��=�?�P��(.e��3W�!�"�x��~U�*D+��B�T�ƥ�{��V��3s4.z��j0f��f��+�f��w��>ϦL[y�� K�oug�x

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rzytrx0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ussngw
Size: - Virtual size: 494B

IMAGE_SCN_MEM_WRITE

.lqpljf
Size: - Virtual size: 283B

IMAGE_SCN_MEM_EXECUTE

.rzytrx1
Size: - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rzytrx2
Size: 17.0MB - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/Install.dat
.exe windows:4 windows x86 arch:x86

81dbe29a48d9f37fb19ba50b4ed8bb0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord523
ord825
ord791
ord4919
ord800
ord535
ord3525
ord540
ord6093
ord5265
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3610
ord656
ord641
ord860
ord567
ord324
ord2297
ord2363
ord2370
ord2302
ord4234
ord4853
ord6334
ord4376
ord2379
ord823
ord2135
ord818
ord1949
ord4034
ord433
ord3663
ord858
ord4278
ord2764
ord537
ord3717
ord6663
ord2575
ord4396
ord3574
ord609
ord2642
ord3092
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord3571
ord3626
ord2414
ord798
ord773
ord795
ord692
ord2621
ord1134
ord1199
ord1247
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3721
ord3573
ord2574
ord3572
ord1168
ord533
ord501
ord1641
ord1146
ord6217
ord6241
ord4148
ord1200
ord4160
ord2863
ord755
ord470
ord2077
ord1083
ord6199
ord2818
ord922
ord924
ord926
ord2614
ord2776
ord2820
ord3811
ord5607
ord4476
ord6453
ord3803
ord5600
ord967
ord1995
ord5479
ord5797
ord4975
ord4863
ord4335
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord4277
ord5308
ord1576

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_adjust_fdiv
__dllonexit
??1type_info@@UAE@XZ
exit
_except_handler3
_CxxThrowException
_setmbcp
_controlfp
__p__commode
__set_app_type
__p__fmode
_onexit
__CxxFrameHandler
_mbscmp

kernel32

WriteFile
CreateFileA
ExitProcess
LoadLibraryA
CloseHandle
lstrcmpiA
GetLocalTime
Sleep
GetStartupInfoA
Process32Next
GetProcAddress
GetModuleHandleA

user32

IsIconic
LoadIconA
GetSystemMetrics
GetClientRect
EnableWindow
SetTimer
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadBitmapA

gdi32

CreatePatternBrush

wsock32

listen

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/MSTSCAX.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

kernel32

lstrcatA
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
GetSystemDefaultLangID
SetEvent
GetVersion
FreeResource
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetCommandLineA
IsBadReadPtr
SetFilePointer
ReadFile
DuplicateHandle
GlobalFree
GlobalHandle
Beep
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
Sleep
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
IsBadCodePtr
SetStdHandle
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
OutputDebugStringA

advapi32

RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyA

user32

SetRect
GetWindowDC
DestroyCursor
CreateCursor
AttachThreadInput
GetWindowThreadProcessId
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
MessageBeep
FlashWindow
SetCapture
ReleaseCapture
GetMessageExtraInfo
UnhookWindowsHookEx
CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
FillRect
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
BringWindowToTop
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
GetKeyboardLayout
DestroyWindow
InflateRect
GetSysColorBrush
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetSystemMetrics
GetWindowPlacement
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
OffsetRect
wsprintfA

gdi32

CreateSolidBrush
PatBlt
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
DeleteObject
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
StretchBlt
RealizePalette
SelectPalette
CreateDIBitmap
CreateBrushIndirect
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
GetBitmapBits
GdiFlush
GetPaletteEntries
Polyline
Polygon
SetPolyFillMode
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetTextColor
SetMapMode
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx

winspool.drv

SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterA
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
GetPrinterDriverW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleLoadFromStream
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
OleInitialize
CoGetMalloc

oleaut32

VariantClear
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

winmm

waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen

wsock32

ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
WSAAsyncSelect
WSAAsyncGetHostByName
connect
htons
socket
closesocket
send
recv
WSAStartup
bind
sendto
recvfrom
gethostbyname
gethostname
WSACancelAsyncRequest
WSAGetLastError

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/QQwry.dat
Tools/SkinH.she
Tools/mstsc.exe
.exe windows:5 windows x86 arch:x86

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mstsc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetModuleHandleW
lstrlenW
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn

user32

TranslateMessage
GetWindowDC
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageTime
GetCursorPos
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Update/MainDll.exe
.exe windows:4 windows x86 arch:x86

b522da40c46bcac3eb930357dc463832

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
lstrcpyA
LocalFree
LocalSize
LocalAlloc
lstrlenA
lstrcatA
GetModuleFileNameA
GetComputerNameA
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
WriteFile
CreateFileA
ExitProcess
GetLastError
CreateMutexA
FreeLibrary
GetModuleHandleA
GetVersionExA
VirtualProtect
HeapFree
SetEvent
WaitForSingleObject
CreateEventA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileAttributesA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
CreateThread
CloseHandle
ExitThread
GetLocalTime
GetTickCount
Sleep
InterlockedExchange
VirtualAlloc
GetCurrentProcess
VirtualFree
IsValidLocale
ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
SetConsoleCtrlHandler
GetOEMCP
GetACP
SetEnvironmentVariableA
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
RtlUnwind
RaiseException
TerminateProcess
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
SetLastError
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
GetEnvironmentVariableA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr

user32

GetClassNameA
wsprintfA
GetSystemMetrics
GetWindowTextA
FindWindowA
GetLastInputInfo
GetWindow

advapi32

OpenServiceA
DeleteService
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

wininet

InternetGetConnectedState

ws2_32

closesocket
htons
gethostbyname
socket
sendto
connect
setsockopt
WSASocketA
htonl
send
inet_addr

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

MEW Size: - Virtual size: 888KB

�uۊ�� Size: 316KB - Virtual size: 376KB

ede70848b488cec38d5b96e85b3b3d56

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 481B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 922B

6ddb50b9feea01f957e3f9739cc65772

Headers

File Characteristics

Imports

msvcrt

ws2_32

msvcp60

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 721B

.reloc Size: 4KB - Virtual size: 1KB

279064c8a6cfb7af80c2e3e0ccaea130

Headers

File Characteristics

Imports

msvcrt

ws2_32

msvcp60

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 2KB - Virtual size: 1KB

905e5fe2dd78068420cc156ae92d8456

Headers

File Characteristics

Imports

winmm

msvcrt

ws2_32

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 18KB - Virtual size: 35KB

.reloc Size: 2KB - Virtual size: 2KB

514265855c794fc13fb6ee92338c23c2

Headers

File Characteristics

Imports

kernel32

MEW
Size: - Virtual size: 888KB

�uۊ��
Size: 316KB - Virtual size: 376KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 481B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 922B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 721B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 18KB - Virtual size: 35KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1024B - Virtual size: 928B

.rdata
Size: 1024B - Virtual size: 741B

.data
Size: 512B - Virtual size: 170B

.reloc
Size: 512B - Virtual size: 184B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 875B

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 500B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 224B

.reloc
Size: 1024B - Virtual size: 806B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 884B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 509B