48f18a4dca3b50b237d169e48d2db255_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48f18a4dca3b50b237d169e48d2db255_JaffaCakes118
Size

2.8MB
MD5

48f18a4dca3b50b237d169e48d2db255
SHA1

3539f459ee80801f1ab431c602a0b22146763f76
SHA256

6154061310ed2d2b059db3575f2dc84265e945b2eea6cd4782ca2257dd10500a
SHA512

807944b7c22570d2f577cad79ef0f84f6170d6ad244e2e44fb3f4bb5e655d1814c7eaf448294bd2a2840b0950efeff2860f27cf6b1d2e4001e39329db4d23bd5
SSDEEP

49152:0BEJX4JQFJm5mSsf6RvwY87xVh5wWuZezFRUVxIoaw1XE4BD:c7OnqY3xzTOezF2IDUXzD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/UninstallIME.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/freewb51ex.exe
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/UninstallIME.exe
unpack003/out.upx
unpack002/freewb.dll
unpack002/freewb.ime
unpack002/plugin/command.plg
unpack002/plugin/date.plg
unpack002/plugin/queryex.plg
unpack002/registry.exe
unpack002/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/freewb51ex.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

48f18a4dca3b50b237d169e48d2db255_JaffaCakes118
.rar
freewb51ex.exe
.exe windows:4 windows x86 arch:x86

42134c4fb1b2d3cf6b447e018a5de700

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UninstallIME.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
convert.mb
freewb.bex
freewb.bin
freewb.dll
.dll windows:4 windows x86 arch:x86

b30df96f2b1fd3bae49019b9763e9ed8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadWritePtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
HeapCreate
HeapDestroy
GetACP
HeapReAlloc
HeapSize
GetTimeZoneInformation
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
FindNextFileA
RtlUnwind
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalLock
GlobalUnlock
SetLastError
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetProcAddress
GetTickCount
lstrcmpiA
SetFilePointer
CloseHandle
CopyFileA
WriteFile
GetFileSize
ReadFile
CreateFileA
DeleteFileA
MulDiv
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
IsBadReadPtr

user32

SetCapture
SetParent
SetRect
WindowFromPoint
ReleaseCapture
LoadStringA
GetSysColorBrush
GetDesktopWindow
UnregisterClassA
InflateRect
RegisterClipboardFormatA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
CharUpperA
PtInRect
SetRectEmpty
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
SendDlgItemMessageA
GetDCEx
PeekMessageA
DispatchMessageA
SetActiveWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
SendMessageA
CheckMenuItem
GetSubMenu
GetCursorPos
LoadBitmapA
LoadMenuA
EnableWindow
ScreenToClient
GetWindowRect
InvalidateRect
ReleaseDC
FrameRect
FillRect
GetSysColor
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
PostThreadMessageA
MapWindowPoints
IntersectRect
IsIconic
GetWindowPlacement
GetSystemMetrics
IsChild
GetClassNameA
SetFocus
GetFocus
SystemParametersInfoA
CopyRect
GetClientRect
GetDC
LoadImageA
LoadCursorA
SetTimer
KillTimer
RegisterWindowMessageA
LoadIconA
GetKeyState
PostMessageA
SetWindowTextA
UpdateWindow
GetParent
RedrawWindow
OffsetRect
SetCursor
IsWindow
LockWindowUpdate
SetWindowLongA
GetWindowLongA

gdi32

CreateRectRgn
CreatePatternBrush
RectVisible
ExtTextOutA
Escape
PatBlt
CreateRectRgnIndirect
StretchDIBits
GetCharWidthA
SetRectRgn
CombineRgn
GetTextMetricsA
SetTextAlign
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
RestoreDC
SetViewportExtEx
OffsetViewportOrgEx
SetStretchBltMode
PtVisible
DeleteDC
SaveDC
GetClipBox
CreatePen
Ellipse
Rectangle
GetStockObject
GetViewportOrgEx
SetViewportOrgEx
CreateFontIndirectA
CreateFontA
SetBkMode
GetTextExtentPoint32A
SetTextColor
TextOutA
CreateSolidBrush
CreateRoundRectRgn
StretchBlt
FillRgn
FrameRgn
GetDeviceCaps
CreateCompatibleDC
SelectObject
GetObjectA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject

comdlg32

FindTextA
ReplaceTextA
ChooseColorA
ChooseFontA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject

oleaut32

VarDateFromStr

Exports

Exports

CreateBig5
EditFile
GroupDeleteWord
Setup

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
freewb.gif
.gif
freewb.htm
.html
freewb.ime
.dll windows:4 windows x86 arch:x86

9b957d2219c021fec7ae5ea2f1d8f1e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionWindow
ImmCreateSoftKeyboard
ImmShowSoftKeyboard
ImmDestroySoftKeyboard
ImmSetStatusWindowPos
ImmGetIMEFileNameA
ImmSetOpenStatus
ImmGenerateMessage
ImmSetConversionStatus
ImmCreateIMCC
ImmReSizeIMCC
ImmDestroyIMCC
ImmLockIMCC
ImmUnlockIMCC
ImmLockIMC
ImmUnlockIMC

kernel32

GlobalAddAtomA
GetCurrentThreadId
Beep
DeleteFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
RaiseException
SetEndOfFile
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetCurrentDirectoryA
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
ExitProcess
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetVersion
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
HeapAlloc
HeapFree
SetCurrentDirectoryA
SetFilePointer
CreateDirectoryA
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CreateMutexA
GetLastError
ReleaseMutex
LoadLibraryA
FreeLibrary
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
GetPrivateProfileIntA
GetVersionExA
GetUserDefaultLangID
FindResourceA
LoadResource
LockResource
FreeResource
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalAlloc
lstrcpyA
GlobalFree
GetLocalTime
MulDiv
lstrlenA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GetEnvironmentStrings

user32

GetSubMenu
InsertMenuA
CheckMenuItem
EnableMenuItem
TrackPopupMenu
GetMenu
EnableWindow
SetWindowTextA
LoadMenuA
SetWindowPos
SetWindowRgn
ClientToScreen
GetDlgItem
EndDialog
GetWindowTextA
MessageBeep
UpdateWindow
RedrawWindow
DialogBoxParamA
GetWindowLongA
ShowWindow
DestroyWindow
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
IsWindowVisible
IsIconic
IsClipboardFormatAvailable
GetClipboardData
FindWindowA
IsWindow
GetKeyboardLayoutList
ToAscii
GetActiveWindow
DrawTextA
GetWindowPlacement
GetKeyState
IsWindowEnabled
GetForegroundWindow
UnregisterClassA
DestroyIcon
GetClassInfoExA
RegisterClassExA
GetSystemMetrics
EnumWindows
LoadStringA
MessageBoxA
GetClassNameA
SystemParametersInfoA
GetDC
ReleaseDC
GetKeyboardState
GetFocus
DestroyMenu
wsprintfA
MapVirtualKeyA
GetClipboardOwner
OpenClipboard
LoadImageA
EmptyClipboard
SetClipboardData
CloseClipboard
keybd_event
PeekMessageA
DefWindowProcA
BeginPaint
EndPaint
KillTimer
SetTimer
LoadBitmapA
ReleaseCapture
GetCursorPos
ScreenToClient
PtInRect
LoadCursorA
SetCursor
PostMessageA
SetCapture
GetWindowRect
SendMessageA
GetWindow
CreateWindowExA
SetWindowLongA
SetFocus

gdi32

CreateDCA
GetTextExtentPoint32A
GetCurrentObject
GetPixel
CombineRgn
GetStockObject
GetDeviceCaps
CreateFontA
SetBkMode
GetTextExtentPointA
ExtTextOutA
CreateBrushIndirect
SelectObject
PatBlt
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateRoundRectRgn
FrameRgn
CreatePen
MoveToEx
LineTo
SetTextColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

winmm

PlaySoundA

Exports

Exports

CandWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mJDShar
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
freewb.ini
g2b.dat
mb/default/attach.mb
mb/default/freewb.dat
mb/default/freewb.mb
mb/default/freewbcht.mb
mb/default/quick.mb
mb/default/user.ini
plugin/command.plg
.dll windows:4 windows x86 arch:x86

43ac3a3fc8729e16d2cc38311ad00920

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mixerClose
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mciSendCommandA

mfc42

ord342
ord1243
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord1182
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord4171
ord826
ord860
ord540
ord1200
ord269
ord6467
ord1255
ord1577
ord1168
ord1575
ord1176
ord1253
ord1570
ord1197
ord1116
ord600
ord3262
ord6877
ord1578

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
_access
_EH_prolog
__CxxFrameHandler
strlen
strchr
strcpy
memset
_strset
_stricmp
??1type_info@@UAE@XZ

kernel32

LocalAlloc
GetDriveTypeA
LocalFree

user32

FindWindowA
SendMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/data/guobiao.db
plugin/data/queryex.ini
plugin/date.plg
.dll windows:4 windows x86 arch:x86

7f59204c7dba5226ac5d258a558007ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord2554
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord4486
ord6375
ord3831
ord4274

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strstr
strncpy
strcat
strncat
sprintf
free
strcpy
_itoa

kernel32

LocalFree
GetLocalTime
LocalAlloc

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 694B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/queryex.plg
.dll windows:4 windows x86 arch:x86

d85c3cd24c9e49e19c2a7017df05670a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord541
ord801
ord535
ord941
ord939
ord6883
ord860
ord1158
ord6143
ord4277
ord858
ord4278
ord2763
ord6283
ord6282
ord5572
ord2764
ord940
ord5981
ord2818
ord6877
ord4202
ord4171
ord2915
ord537
ord6136
ord3767
ord2652
ord1669
ord1168
ord3771
ord2864
ord6134
ord2645
ord3874
ord1200
ord6199
ord4220
ord2584
ord3654
ord6215
ord2438
ord924
ord922
ord2642
ord5608
ord2863
ord1644
ord1146
ord3663
ord3619
ord3626
ord2414
ord2639
ord5655
ord6069
ord6067
ord6000
ord2117
ord1641
ord2859
ord4710
ord4299
ord6453
ord6270
ord955
ord1194
ord3564
ord823
ord397
ord699
ord2575
ord4396
ord4234
ord609
ord4275
ord3438
ord5860
ord912
ord500
ord2614
ord5606
ord4284
ord3797
ord2379
ord2754
ord2860
ord5875
ord3693
ord5788
ord3920
ord4133
ord4297
ord472
ord283
ord3571
ord640
ord2450
ord6172
ord5873
ord5785
ord1640
ord323
ord2567
ord4188
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord6438
ord6467
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2302
ord800
ord825
ord324
ord529
ord556
ord567
ord540
ord641
ord796
ord809
ord656
ord781
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3708
ord4424
ord3402
ord5290
ord1776
ord6055
ord3574
ord3610

msvcrt

memmove
atoi
_findfirst
_findnext
_findclose
_access
fread
_mbscmp
fseek
sprintf
__CxxFrameHandler
fopen
fprintf
fclose
_CxxThrowException
atol
atof
_ftol
free
strlen
memcmp
memset
strcmp
_iob
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
localtime
strncmp
tolower
toupper
strcat
realloc
strncpy
memcpy
_isctype
malloc
strcpy
_strcmpi

kernel32

GetProcAddress
lstrcpynA
MulDiv
WritePrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetPrivateProfileStringA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
FreeLibrary
DeleteFileA
DeleteFileW
MultiByteToWideChar
GetVersionExA
GetFileAttributesA
GetFileAttributesW
CreateFileW
GetTempPathA
GetTempPathW
WideCharToMultiByte
WriteFile
GetLastError
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
Sleep
LockFileEx
LockFile
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetPrivateProfileIntA
LocalAlloc
LocalFree

user32

FillRect
FrameRect
GetSysColorBrush
ClientToScreen
SetRect
DrawFocusRect
DrawEdge
DrawTextA
OffsetRect
DrawTextExA
LoadBitmapA
GetSystemMetrics
DrawFrameControl
CopyRect
LoadCursorA
SetCursor
PtInRect
GetParent
IsWindow
InvalidateRect
EnableWindow
GetDlgCtrlID
LoadIconA
GetDC
ReleaseDC
GetClientRect
GetSysColor
GetWindowRect
SetWindowPos
LoadMenuA
GetSubMenu
DeleteMenu
AppendMenuA
GetMenuStringA
PostMessageA
SendMessageA

gdi32

LineTo
CreateDIBSection
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectPalette
RealizePalette
SelectObject
BitBlt
CreateBitmap
CreatePen
CreateFontIndirectA
SetTextColor
GetObjectA
DeleteObject
GetDeviceCaps
CreateFontA
MoveToEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
registry.exe
.exe windows:4 windows x86 arch:x86

c52809fe412bfadab53f233998b13261

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetCommandLineA
GetStringTypeA
LCMapStringW
CreateMutexA
GetLastError
ReleaseMutex
GetSystemDirectoryA
DeleteFileA
CopyFileA
WinExec
GetStringTypeW
MoveFileExA
MoveFileA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
CloseHandle

user32

LoadIconA
RegisterClassA
MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

imm32

ImmInstallIMEA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
skin/Armor/Armor.BMP
skin/Armor/Armor_BG.bmp
skin/Armor/Armor_button.BMP
skin/Armor/Armor_ex.BMP
skin/Armor/candidate.bmp
skin/Armor/skin.ini
skin/Elegant/candidate.bmp
skin/Elegant/elegant.bmp
skin/Elegant/elegant_bg.bmp
skin/Elegant/elegant_button.bmp
skin/Elegant/elegant_ex.bmp
skin/Elegant/skin.ini
skin/blueness/blueness.bmp
skin/blueness/blueness_bg.bmp
skin/blueness/blueness_button.bmp
skin/blueness/blueness_ex.bmp
skin/blueness/candidate.bmp
skin/blueness/skin.ini
skin/expert/Paper.bmp
skin/expert/candidate.bmp
skin/expert/skin.ini
skin/simple/candidate.bmp
skin/simple/gray_fade.bmp
skin/simple/simple.bmp
skin/simple/simple_button.bmp
skin/simple/simple_ex.bmp
skin/simple/skin.ini
sound/back.wav
sound/chong.wav
sound/enter.wav
sound/kong.wav
sound/letter.wav
sound/space.wav
uninst.exe
.exe windows:4 windows x86 arch:x86

42134c4fb1b2d3cf6b447e018a5de700

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
SetFileTime
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
SystemParametersInfoA
RegisterClassA
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
LoadImageA
GetDC
EnableWindow
InvalidateRect
CreateWindowExA
GetWindowLongA
DrawFocusRect
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
TrackPopupMenu
wsprintfA
SendMessageA
CallWindowProcA
MapWindowPoints
GetWindowRect
ScreenToClient
PtInRect
LoadCursorA
SetCursor
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetWindowLongA

gdi32

SetBkColor
GetDeviceCaps
GetCurrentObject
GetObjectA
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

42134c4fb1b2d3cf6b447e018a5de700

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 290KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 29KB - Virtual size: 32KB

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 573B

.rdata Size: 1024B - Virtual size: 576B

.data Size: 512B - Virtual size: 45B

.reloc Size: 512B - Virtual size: 132B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 17KB - Virtual size: 20KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 15KB

b30df96f2b1fd3bae49019b9763e9ed8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 26KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 32KB - Virtual size: 30KB

9b957d2219c021fec7ae5ea2f1d8f1e1

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 290KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 17KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 26KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 32KB - Virtual size: 30KB

.text
Size: 240KB - Virtual size: 237KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 32KB - Virtual size: 125KB

.mJDShar
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 584B

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 4KB - Virtual size: 694B

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 24KB - Virtual size: 28KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 5KB