5a2f27e9921618ff08b3130aab85cad3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a2f27e9921618ff08b3130aab85cad3_JaffaCakes118
Size

1.8MB
MD5

5a2f27e9921618ff08b3130aab85cad3
SHA1

91ff708778cef1dcf0bc5ed7fc25f96481e9564e
SHA256

bd596b7c49cb63c8b73a815c4eceb0149ccaee34d124dc9cf5e5c5304dde7a5f
SHA512

817de560909e625490637b120b4da486c655a059b94298336bf59b4a935f5c1e211e6e37d7064b2f2c29a1326f3d5ba2eca41f947eba6c6f7d78a7dc81098588
SSDEEP

49152:J9ylGZAIvZerccP70i1qfLe0U2D7XaA3YNKol7PAdM:JwlGaIKccP7ce0lLaA3YN7IG

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/AccessControl.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/mIRC.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UAC.dll
unpack003/$PLUGINSDIR/mIRC.dll
unpack003/$TEMP/uninstall.exe

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/mirc722.exe	nsis_installer_1
static1/unpack001/$TEMP/mirc722.exe	nsis_installer_2
static1/unpack002/uninstall.exe	nsis_installer_1
static1/unpack002/uninstall.exe	nsis_installer_2

Files

5a2f27e9921618ff08b3130aab85cad3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22-08-2011 00:00

Not After

11-11-2012 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:c2:e9:9d:c0:76:6f:d4:08:e9:2d:9c:82:e8:d4:69:8b:d9:90:97
Signer

Actual PE Digest

7f:c2:e9:9d:c0:76:6f:d4:08:e9:2d:9c:82:e8:d4:69:8b:d9:90:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/mirc722.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22-08-2011 00:00

Not After

11-11-2012 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:64:31:7d:a7:d5:84:44:90:4f:d4:72:d3:d7:e6:b6:53:b1:2b:c8
Signer

Actual PE Digest

de:64:31:7d:a7:d5:84:44:90:4f:d4:72:d3:d7:e6:b6:53:b1:2b:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
lstrcpynA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/confirm.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mIRC.dll
.dll windows:4 windows x86 arch:x86

81b1b3da12b3653dff62b70fa6759b3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetCurrentProcess
GetVersionExA
GetLastError
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
CloseHandle
MapViewOfFile
UnmapViewOfFile
lstrcpyA
GlobalFree
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
DisableThreadLibraryCalls
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
LoadLibraryA
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
RtlUnwind

user32

wsprintfA
SendMessageA
FindWindowExA

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken

Exports

Exports

IsInAdminGroup
IsmIRCRunning
RandNum
WinVer

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/options.ini
$_14_/mirc.ini
$_14_/scripts/aliases.ini
$_14_/scripts/popups.ini
$_14_/servers.ini
$_14_/urls.ini
defaults/mirc.ini
defaults/scripts/aliases.ini
defaults/scripts/popups.ini
defaults/servers.ini
defaults/urls.ini
ircintro.chm
.chm
license.txt
mirc.chm
.chm
mirc.exe
.exe windows:5 windows x86 arch:x86

15e4889f1ebcb2e7159808df5e891472

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22-08-2011 00:00

Not After

11-11-2012 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:e8:db:ac:1c:db:83:5e:a4:1d:61:e9:52:1f:50:9f:95:15:ff:f2
Signer

Actual PE Digest

ea:e8:db:ac:1c:db:83:5e:a4:1d:61:e9:52:1f:50:9f:95:15:ff:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetIconSize
ord17
ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

iphlpapi

GetBestInterface

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

mciSendStringW
mciGetDeviceIDW
mciGetErrorStringW
timeEndPeriod
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetDevCaps
mixerClose
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerOpen
PlaySoundW

ws2_32

ntohl
WSASetLastError
ntohs
getservbyport
gethostbyaddr
closesocket
getservbyname
inet_ntoa
gethostbyname
gethostname
connect
WSAGetLastError
accept
WSAAsyncSelect
inet_addr
htonl
getpeername
setsockopt
bind
socket
getsockname
listen
getsockopt
shutdown
recvfrom
sendto
send
recv
WSACleanup
WSAStartup
htons

kernel32

InterlockedIncrement
InterlockedDecrement
SetEndOfFile
SetFilePointer
CreateDirectoryW
DeleteFileW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
TryEnterCriticalSection
GetLocalTime
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
SetErrorMode
GetModuleFileNameW
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
GetPrivateProfileStringW
RemoveDirectoryW
GetShortPathNameW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetTimeZoneInformation
FileTimeToSystemTime
DeleteCriticalSection
WideCharToMultiByte
GetUserDefaultLangID
GlobalLock
GetTempPathW
GetSystemDirectoryA
MoveFileW
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RaiseException
RtlUnwind
SetStdHandle
GetFileType
PeekNamedPipe
GetFileInformationByHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
SetConsoleCtrlHandler
HeapSize
FileTimeToLocalFileTime
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapFree
ExitProcess
GetModuleHandleW
GlobalUnlock
GlobalAlloc
GlobalFree
GetLastError
CopyFileW
LoadLibraryA
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CompareStringW
GetProcessHeap
GetCurrentProcessId
WritePrivateProfileStringW
GetCommandLineW
SetEnvironmentVariableA
IsValidLocale
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
LoadLibraryExW
EnumResourceTypesW
EnumResourceNamesW
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
QueryDosDeviceW
GetFileAttributesW
SetFileAttributesW
MulDiv
GetSystemDefaultLangID
GetWindowsDirectoryW
GetSystemDefaultLCID
GetLocaleInfoW
CreateEventW
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
SetEvent
Sleep
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetStdHandle
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringW
CreateFileW
GetCurrentDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
LCMapStringA
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

user32

VkKeyScanExW
GetKeyboardLayout
CopyAcceleratorTableW
CallNextHookEx
MapVirtualKeyW
CharLowerBuffW
DrawIcon
LoadIconW
GetWindowDC
DefMDIChildProcW
GetClassLongW
IsRectEmpty
OffsetRect
IsMenu
GetMenuState
InsertMenuItemW
GetMenuItemInfoW
RemoveMenu
SetMenuItemInfoW
GetMenuItemID
TrackPopupMenu
RegisterWindowMessageW
SetWindowsHookExW
GetWindowThreadProcessId
LoadAcceleratorsW
DispatchMessageW
TranslateMessage
TranslateMDISysAccel
IsDialogMessageW
LoadMenuW
keybd_event
DefFrameProcW
PostQuitMessage
RegisterClassExW
UnhookWindowsHookEx
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
ValidateRect
DrawTextA
IsClipboardFormatAvailable
DefWindowProcW
DrawFrameControl
RegisterClassW
wsprintfW
CopyImage
CreateIconIndirect
GetWindowRgn
SetWindowRgn
SetScrollInfo
CallWindowProcW
DdeInitializeW
DdeClientTransaction
DdeQueryStringW
DdeFreeDataHandle
DdeNameService
DdeUninitialize
DdeAccessData
DdeUnaccessData
DdeCreateDataHandle
DdeCreateStringHandleW
DdeConnect
DdeDisconnect
DdeFreeStringHandle
DialogBoxParamW
IsChild
GetScrollRange
BeginDeferWindowPos
InsertMenuW
ModifyMenuW
GetNextDlgTabItem
ChildWindowFromPointEx
GetScrollInfo
SetScrollPos
CreateMenu
SetMenu
SetScrollRange
SetCapture
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
SetActiveWindow
GetMenuStringW
CreateDialogParamW
DestroyWindow
GetGUIThreadInfo
CopyRect
FindWindowExW
SetForegroundWindow
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
SetClipboardData
ClientToScreen
TrackMouseEvent
ChildWindowFromPoint
WindowFromPoint
BringWindowToTop
GetFocus
GetIconInfo
WinHelpW
GetSysColorBrush
GetPropW
RemovePropW
SetPropW
GetClassNameW
SystemParametersInfoW
GetForegroundWindow
FindWindowW
IntersectRect
EqualRect
GetWindow
CreateWindowExW
DrawTextW
GetMessagePos
GetAsyncKeyState
GetWindowLongW
GetSystemMetrics
LoadStringW
MessageBeep
GetTopWindow
IsZoomed
GetActiveWindow
IsWindow
GetSystemMenu
CheckMenuItem
GetDesktopWindow
IsIconic
GetDialogBaseUnits
SetDlgItemInt
GetDlgItemInt
CreatePopupMenu
DestroyMenu
GetWindowTextW
GetMenu
GetSubMenu
DeferWindowPos
EndDeferWindowPos
CharUpperW
CharUpperBuffW
GetCapture
ShowScrollBar
RedrawWindow
FlashWindow
MessageBoxW
ScrollDC
GetMessageW
GetKeyboardState
SetKeyboardState
GetScrollPos
ClipCursor
RegisterClassExA
CreateWindowExA
DefWindowProcA
SetWindowLongA
IsWindowUnicode
GetWindowLongA
SendMessageA
ReleaseDC
PostMessageW
MapWindowPoints
GetWindowRect
GetDlgItem
GetMenuItemCount
DeleteMenu
EnableMenuItem
AppendMenuW
DrawMenuBar
FrameRect
GetParent
DrawFocusRect
GetSysColor
GetKeyState
LoadCursorW
SetCursor
PeekMessageW
MsgWaitForMultipleObjects
FillRect
DrawEdge
BeginPaint
EndPaint
DrawIconEx
DestroyIcon
LoadImageW
IsWindowVisible
SendMessageW
CheckDlgButton
SetRect
SetFocus
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetWindowPos
IsDlgButtonChecked
EndDialog
SetWindowLongW
UpdateWindow
PtInRect
SetWindowTextW
EnableWindow
ShowWindow
MoveWindow
GetClientRect
SetTimer
KillTimer
IsWindowEnabled
InvalidateRect
SendDlgItemMessageW
GetDC
ToAscii

gdi32

CreateDIBSection
SetBitmapBits
GetBitmapBits
LineTo
MoveToEx
CreatePen
SelectClipRgn
CombineRgn
CreateRectRgn
GetNearestColor
PtInRegion
CreatePolygonRgn
SetBkMode
ExtFloodFill
CreatePatternBrush
Rectangle
RoundRect
Ellipse
CreateDIBitmap
SetROP2
IntersectClipRect
GetClipRgn
GetBkColor
GetTextColor
GetCurrentObject
EnumFontFamiliesExW
GetTextCharset
GetTextFaceW
RestoreDC
SaveDC
ExtTextOutA
GetCharABCWidthsA
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointW
GetTextExtentExPointA
GetClipBox
Polyline
ExcludeClipRect
GetObjectType
CreateBitmap
Polygon
FrameRgn
CreateRoundRectRgn
GetDIBits
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
SetBrushOrgEx
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
CreateFontW
CreateHatchBrush
GetTextMetricsW
ExtTextOutW
CreateSolidBrush
DeleteObject
GetObjectW
CreateFontIndirectW
SelectObject
SetTextColor
SetBkColor
GetPixel
GetStockObject
SetPixelV

comdlg32

ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
ChooseColorW

advapi32

RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueW
RegCreateKeyW
RegQueryValueExW
RegQueryValueW

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
DragQueryFileW
FindExecutableW
SHAppBarMessage
ShellExecuteExW
ShellExecuteW
ExtractIconExW
ExtractIconW
Shell_NotifyIconW

ole32

OleInitialize
OleUninitialize
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoCreateInstance
ProgIDFromCLSID
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
OleSetContainedObject
CoGetClassObject
RegisterDragDrop
CoTaskMemFree

oleaut32

VarCyFromR8
VarR8FromDate
VarR8FromCy
DispGetParam
VarDateFromR8
LoadRegTypeLi
SetErrorInfo
SysAllocString
VariantClear
VariantCopy
VariantInit
SysFreeString
VariantChangeType

crypt32

CertEnumCertificatesInStore
CertEnumCRLsInStore
CertCloseStore
CertOpenSystemStoreW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22-08-2011 00:00

Not After

11-11-2012 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:ca:a3:be:f8:83:08:d3:09:02:1a:39:b1:cf:a2:77:e1:f4:8e:7e
Signer

Actual PE Digest

c6:ca:a3:be:f8:83:08:d3:09:02:1a:39:b1:cf:a2:77:e1:f4:8e:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
lstrcpynA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mIRC.dll
.dll windows:4 windows x86 arch:x86

81b1b3da12b3653dff62b70fa6759b3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetCurrentProcess
GetVersionExA
GetLastError
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
CloseHandle
MapViewOfFile
UnmapViewOfFile
lstrcpyA
GlobalFree
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
DisableThreadLibraryCalls
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
LoadLibraryA
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
RtlUnwind

user32

wsprintfA
SendMessageA
FindWindowExA

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken

Exports

Exports

IsInAdminGroup
IsmIRCRunning
RandNum
WinVer

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/uninstall.exe
.exe windows:4 windows x86 arch:x86

03a8d1036fdff90b08b57dbc547bd75a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
DeleteFileA
lstrlenA
lstrcpyA
CloseHandle
CreateFileA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA

user32

PostQuitMessage
DestroyWindow
PostMessageA
KillTimer
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA

Sections

.text
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
versions.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

7f:c2:e9:9d:c0:76:6f:d4:08:e9:2d:9c:82:e8:d4:69:8b:d9:90:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 25KB - Virtual size: 25KB

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

de:64:31:7d:a7:d5:84:44:90:4f:d4:72:d3:d7:e6:b6:53:b1:2b:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 28KB - Virtual size: 28KB

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

7f:c2:e9:9d:c0:76:6f:d4:08:e9:2d:9c:82:e8:d4:69:8b:d9:90:97
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 25KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5b:28:ab:fe:6f:78:7a:e1:54:75:f0:c4:5f:20:02:9b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

de:64:31:7d:a7:d5:84:44:90:4f:d4:72:d3:d7:e6:b6:53:b1:2b:c8
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB