6f182cf07a956f446162a40f9dc6f841_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f182cf07a956f446162a40f9dc6f841_JaffaCakes118
Size

2.1MB
MD5

6f182cf07a956f446162a40f9dc6f841
SHA1

5d87ae1b166d3c2a3a2c054e6eb2bc0d6fd7b5b1
SHA256

605c0308a90767f9f7a1b4ef359dc47d8ec9470c51fc643fc10b8b76a21f0906
SHA512

1fc18ba5f60223256a16b8ef2494375d52abfbf6685602d91a4c5b91237c9fe03d31918db28e4ba9ed0cb7896d7fb0d9db18dc0fdf0286eb0b0dc603d189b06e
SSDEEP

49152:iAcuDcWU6pttb9MjR4mdTC+FLYg9WHgTBNQFKlzUFub:iABce/JmQ4LYgwHgtmKlOe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/$SYSDIR/udefrag.exe	upx
static1/unpack001/ultradefrag.exe	upx
static1/unpack001/uninstall.exe	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
6f182cf07a956f446162a40f9dc6f841_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/bootexctrl.exe
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$SYSDIR/bootexctrl.exe
unpack001/$SYSDIR/defrag_native.exe
unpack001/$SYSDIR/hibernate4win.exe
unpack001/$SYSDIR/lua5.1a.dll
unpack001/$SYSDIR/udefrag-dbg.exe
unpack001/$SYSDIR/udefrag.dll
unpack001/$SYSDIR/udefrag.exe
unpack002/out.upx
unpack001/$SYSDIR/zenwinx.dll
unpack001/lua5.1a.exe
unpack001/lua5.1a_gui.exe
unpack001/out.upx
unpack001/ultradefrag.exe
unpack003/out.upx
unpack001/uninstall.exe
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/UserInfo.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack004/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2
static1/unpack004/out.upx	nsis_installer_2

Files

6f182cf07a956f446162a40f9dc6f841_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomePageBitmap120.bmp
$PLUGINSDIR/WelcomePageBitmap144.bmp
$PLUGINSDIR/WelcomePageBitmap192.bmp
$PLUGINSDIR/WelcomePageBitmap96.bmp
$PLUGINSDIR/bootexctrl.exe
.exe windows:5 windows x86 arch:x86

e3123f8a7a4dd367047b3da0711b860a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

comctl32

ord17

zenwinx

winx_bootex_register
winx_bootex_unregister
winx_heap_free
winx_dbg_print
winx_swprintf
winx_init_library

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
HeapReAlloc
HeapAlloc
HeapSize
GetCommandLineA
HeapSetInformation
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/boot-config.cmd
$SYSDIR/boot-off.cmd
$SYSDIR/boot-on.cmd
$SYSDIR/bootexctrl.exe
.exe windows:5 windows x86 arch:x86

e3123f8a7a4dd367047b3da0711b860a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

comctl32

ord17

zenwinx

winx_bootex_register
winx_bootex_unregister
winx_heap_free
winx_dbg_print
winx_swprintf
winx_init_library

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
HeapReAlloc
HeapAlloc
HeapSize
GetCommandLineA
HeapSetInformation
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/defrag_native.exe
.sys windows:5 windows x86 arch:x86

58e6b8218547e25b0acca1299056c66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcsstr
_wcslwr
_snwprintf
_snprintf
memset
_wcsupr
wcschr
_wtol
_wtoi
RtlExpandEnvironmentStrings_U
RtlInitUnicodeString
wcsncpy
_aulldiv
_strupr
strncpy
_allmul
_alldiv
wcsrchr
_aulldvrm
NtWaitForSingleObject
NtFsControlFile
_CIpow
strchr
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
NtQuerySystemTime
RtlFindMessage
LdrGetDllHandle
NtUnmapViewOfSection
NtClose
NtSetEvent
NtMapViewOfSection
NtOpenSection
NtOpenEvent
RtlNtStatusToDosError
strstr
memcpy
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
NtCreateEvent
NtFlushBuffersFile
NtQueryInformationFile
NtCreateFile
NtDeleteFile
NtReadFile
NtWriteFile
NtDeviceIoControlFile
NtQueryDirectoryFile
NtCancelIoFile
NtClearEvent
RtlInitAnsiString
NtTerminateProcess
RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
NtDelayExecution
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtSetInformationProcess
NtQueryValueKey
NtOpenKey
NtQueryInformationProcess
RtlAdjustPrivilege
RtlQueryRegistryValues
RtlWriteRegistryValue
NtDisplayString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
_vsnprintf
_vsnwprintf
_atoi64
RtlCreateUserThread
ZwTerminateThread
NtQueryPerformanceCounter
NtQueryVolumeInformationFile
NtShutdownSystem

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/hibernate4win.exe
.exe windows:5 windows x86 arch:x86

699fd853e33b740d4a68ce97f9bde037

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

SetSuspendState

zenwinx

winx_dbg_print
winx_enable_privilege
winx_init_library

kernel32

SetLastError
CreateFileW
SetStdHandle
WriteConsoleW
CloseHandle
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
GetLastError
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapReAlloc
LoadLibraryW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
IsProcessorFeaturePresent

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/lua5.1a.dll
.dll windows:5 windows x86 arch:x86

3ea80ccfcf9b95e8f1d38367649d0913

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FormatMessageA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
SetEnvironmentVariableW
GetEnvironmentVariableW
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapFree
GetModuleHandleW
ExitProcess
DecodePointer
RtlUnwind
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
HeapAlloc
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
EncodePointer
IsProcessorFeaturePresent
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetLocaleInfoW
WriteFile
GetModuleFileNameW
GetFileAttributesA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
CreateFileA
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
RaiseException
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
HeapSize
SetEndOfFile
GetProcessHeap
WriteConsoleW
SetEnvironmentVariableA
CreateFileW

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ud-boot-time.cmd
.cmd .vbs
$SYSDIR/ud-boot-time.ini
$SYSDIR/udefrag-dbg.exe
.exe windows:5 windows x86 arch:x86

dcea5862637e6a369cf71b06b134103c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
OpenFileMappingA
OpenEventA
GetCurrentProcessId
DeleteFileW
OpenMutexA
MapViewOfFile
FlushFileBuffers
CreateFileW
WriteConsoleW
Sleep
GetModuleHandleA
SetStdHandle
GetStringTypeW
LCMapStringW
HeapReAlloc
HeapAlloc
HeapSize
MultiByteToWideChar
GetCommandLineA
HeapSetInformation
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

EndDialog
SetClassLongA
LoadIconA
DialogBoxParamA
MessageBoxA

comctl32

ord17

urlmon

URLDownloadToCacheFileW

zenwinx

winx_heap_free
winx_getenv
winx_dbg_print
winx_init_library

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/udefrag.dll
.dll windows:5 windows x86 arch:x86

4d02971c070f1c10f5aaa958749df2cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_aulldiv
_strupr
strncpy
memset
_allmul
_alldiv
wcsrchr
_snwprintf
_aulldvrm
NtWaitForSingleObject
NtFsControlFile
wcschr
_wcsupr
_wtoi
wcsstr
_wcslwr
_wtol
_snprintf
_CIpow
strchr
wcsncpy

zenwinx

winx_dbg_print
winx_bytes_to_hr
winx_get_volume_information
winx_get_free_volume_regions
winx_sub_volume_region
winx_patcmp
winx_defrag_fclose
winx_defrag_fopen
winx_wcsistr
winx_xtime
winx_dbg_print_header
winx_wcsicmp
prb_probe
prb_delete
prb_create
winx_scan_disk
winx_ftw
winx_get_local_time
winx_get_os_version
winx_time2str
winx_heap_free
winx_sprintf
winx_list_insert
winx_list_destroy
prb_t_next
prb_t_first
prb_t_init
winx_list_remove
winx_heap_alloc
winx_release_free_volume_regions
winx_wcsmatch
winx_add_volume_region
winx_ftw_dump_file
prb_t_cur
prb_t_find
prb_destroy
winx_str2time
winx_hr_to_bytes
winx_patcomp
winx_getenv
winx_patfree
winx_to_utf8
winx_tolower
winx_create_directory
winx_swprintf
winx_path_remove_filename
winx_get_module_filename
winx_fclose
winx_fwrite
winx_fopen
winx_fbopen
winx_path_remove_extension
winx_delete_file
winx_flush_dbg_log
prb_t_insert
winx_init_library
winx_unload_library
winx_exit_thread
winx_vflush
winx_vopen
winx_toupper
winx_ftw_release
winx_sleep
winx_create_thread
winx_enable_privilege
winx_create_path
winx_wcsdup
winx_path_extract_filename
winx_set_dbg_log
winx_get_drive_type
winx_set_system_error_mode

Exports

Exports

udefrag_get_error_description
udefrag_get_results
udefrag_get_vollist
udefrag_get_volume_information
udefrag_init_library
udefrag_release_results
udefrag_release_vollist
udefrag_set_log_file_path
udefrag_start_job
udefrag_unload_library
udefrag_validate_volume

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/udefrag.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 636KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 242KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/zenwinx.dll
.dll windows:5 windows x86 arch:x86

a0d7e22a635b41325bc5b26402a722d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlTimeToTimeFields
RtlSystemTimeToLocalTime
NtQuerySystemTime
RtlFindMessage
LdrGetDllHandle
RtlInitUnicodeString
NtUnmapViewOfSection
NtClose
NtSetEvent
strncpy
NtWaitForSingleObject
NtMapViewOfSection
NtOpenSection
NtOpenEvent
_snprintf
RtlNtStatusToDosError
strstr
memcpy
memset
wcsrchr
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
NtCreateEvent
NtFlushBuffersFile
NtQueryInformationFile
NtCreateFile
NtDeleteFile
_snwprintf
NtReadFile
NtWriteFile
NtDeviceIoControlFile
NtFsControlFile
NtQueryDirectoryFile
_allmul
wcsncpy
_aulldiv
_aulldvrm
wcsstr
NtCancelIoFile
NtClearEvent
LdrGetProcedureAddress
RtlInitAnsiString
NtTerminateProcess
RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
RtlDestroyHeap
NtDelayExecution
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtSetInformationProcess
NtQueryValueKey
NtOpenKey
_wcsupr
NtOpenMutant
NtCreateMutant
NtReleaseMutant
wcschr
NtQueryInformationProcess
RtlAdjustPrivilege
RtlQueryRegistryValues
RtlWriteRegistryValue
NtDisplayString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
strchr
_vsnprintf
_vsnwprintf
_CIpow
_atoi64
RtlCreateUserThread
ZwTerminateThread
NtQueryPerformanceCounter
_alldiv
NtQueryVolumeInformationFile
NtShutdownSystem

Exports

Exports

prb_copy
prb_create
prb_delete
prb_destroy
prb_find
prb_insert
prb_probe
prb_replace
prb_t_copy
prb_t_cur
prb_t_find
prb_t_first
prb_t_init
prb_t_insert
prb_t_last
prb_t_next
prb_t_prev
prb_t_replace
winx_acquire_lock
winx_add_volume_region
winx_bootex_check
winx_bootex_register
winx_bootex_unregister
winx_breakhit
winx_bytes_to_hr
winx_create_directory
winx_create_event
winx_create_lock
winx_create_mutex
winx_create_path
winx_create_thread
winx_dbg_print
winx_dbg_print_header
winx_defrag_fclose
winx_defrag_fopen
winx_delete_file
winx_destroy_event
winx_destroy_history
winx_destroy_lock
winx_destroy_mutex
winx_enable_privilege
winx_exit
winx_exit_thread
winx_fbopen
winx_fclose
winx_fflush
winx_flush_dbg_log
winx_fopen
winx_fread
winx_fsize
winx_ftw
winx_ftw_dump_file
winx_ftw_release
winx_fwrite
winx_get_drive_type
winx_get_file_contents
winx_get_free_volume_regions
winx_get_local_time
winx_get_module_filename
winx_get_os_version
winx_get_proc_address
winx_get_system_time
winx_get_volume_information
winx_get_windows_boot_options
winx_get_windows_directory
winx_getch
winx_getche
winx_getenv
winx_gets
winx_heap_alloc
winx_heap_free
winx_hr_to_bytes
winx_init_history
winx_init_library
winx_ioctl
winx_kb_init
winx_kb_read
winx_kbhit
winx_list_destroy
winx_list_insert
winx_list_remove
winx_open_event
winx_open_mutex
winx_patcmp
winx_patcomp
winx_patfind
winx_patfree
winx_path_extract_filename
winx_path_remove_extension
winx_path_remove_filename
winx_print
winx_print_strings
winx_printf
winx_prompt
winx_putch
winx_puts
winx_query_symbolic_link
winx_reboot
winx_release_file_contents
winx_release_free_volume_regions
winx_release_lock
winx_release_mutex
winx_scan_disk
winx_set_dbg_log
winx_set_killer
winx_set_system_error_mode
winx_setenv
winx_shutdown
winx_sleep
winx_sprintf
winx_str2time
winx_strdup
winx_stristr
winx_sub_volume_region
winx_swprintf
winx_time2str
winx_to_utf8
winx_tolower
winx_toupper
winx_towlower
winx_towupper
winx_unload_library
winx_vflush
winx_vopen
winx_vsprintf
winx_vswprintf
winx_wcsdup
winx_wcsicmp
winx_wcsistr
winx_wcslwr
winx_wcsmatch
winx_wcsupr
winx_windows_in_safe_mode
winx_xtime

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HISTORY.TXT
LICENSE.TXT
README.TXT
handbook/Blank.png
.png
handbook/Boot.html
.js
handbook/Compressed.png
.png
handbook/Console.html
.js
handbook/Credits.html
.js
handbook/Credits.js
.js
handbook/Development.html
.js
handbook/Directory.png
.png
handbook/FAQ.html
.js
handbook/FDL.html
.js
handbook/Fragmented.png
.png
handbook/FreeSpace.png
.png
handbook/GPL.html
.js
handbook/GUI.html
.js
handbook/Installation.html
.js
handbook/Introduction.html
.js
handbook/LGPL_3_0.html
.js
handbook/MFTzone.png
.png
handbook/NotFragmented.png
.png
handbook/Reports.html
.js
handbook/Schedule.html
.js
handbook/System.png
.png
handbook/Tips.html
.js
handbook/Translation.html
.js
handbook/Troubleshooting.html
.js
handbook/UnusedBlock.png
.png
handbook/bc_s.png
.png
handbook/bdwn.png
.png
handbook/closed.png
.png
handbook/custom_doxygen.css
handbook/defrag.png
.png
handbook/doxygen.css
handbook/dynsections.js
.js
handbook/fixed.png
.png
handbook/ftv2blank.png
.png
handbook/ftv2cl.png
.png
handbook/ftv2doc.png
.png
handbook/ftv2folderclosed.png
.png
handbook/ftv2folderopen.png
.png
handbook/ftv2lastnode.png
.png
handbook/ftv2link.png
.png
handbook/ftv2mlastnode.png
.png
handbook/ftv2mnode.png
.png
handbook/ftv2mo.png
.png
handbook/ftv2node.png
.png
handbook/ftv2ns.png
.png
handbook/ftv2plastnode.png
.png
handbook/ftv2pnode.png
.png
handbook/ftv2splitbar.png
.png
handbook/ftv2vertline.png
.png
handbook/full.png
.png
handbook/gear.png
.png
handbook/glass.png
.png
handbook/help.png
.png
handbook/index.html
.js
handbook/jquery.js
.js
handbook/languages.png
.png
handbook/light.png
.png
handbook/mft.png
.png
handbook/nav_f.png
.png
handbook/nav_g.png
.png
handbook/nav_h.png
.png
handbook/navtree.css
handbook/navtree.js
.js
handbook/navtreeindex0.js
.js
handbook/open.png
.png
handbook/pages.html
.js
handbook/pause.png
.png
handbook/quick.png
.png
handbook/removable.png
.png
handbook/report.png
.png
handbook/resize.js
.js
handbook/script.png
.png
handbook/sflogo.gif
.gif
handbook/star.png
.png
handbook/stop.png
.png
handbook/sync_off.png
.png
handbook/sync_on.png
.png
handbook/tab_a.png
.png
handbook/tab_b.png
.png
handbook/tab_h.png
.png
handbook/tab_s.png
.png
handbook/tabs.css
handbook/terminal.png
.png
handbook/udefrag.ico
handbook/udefrag80x15-colored-light.gif
.gif
icons/shellex-folder.ico
icons/shellex.ico
locale/ar/UltraDefrag.mo
locale/be/UltraDefrag.mo
locale/bg/UltraDefrag.mo
locale/bn/UltraDefrag.mo
locale/bs/UltraDefrag.mo
locale/ca/UltraDefrag.mo
locale/cs/UltraDefrag.mo
locale/da/UltraDefrag.mo
locale/de/UltraDefrag.mo
locale/el/UltraDefrag.mo
locale/en_GB/UltraDefrag.mo
locale/en_US/UltraDefrag.mo
locale/es/UltraDefrag.mo
locale/es_AR/UltraDefrag.mo
locale/es_MX/UltraDefrag.mo
locale/et/UltraDefrag.mo
locale/fa/UltraDefrag.mo
locale/fi/UltraDefrag.mo
locale/fr/UltraDefrag.mo
locale/gl/UltraDefrag.mo
locale/he/UltraDefrag.mo
locale/hi/UltraDefrag.mo
locale/hr/UltraDefrag.mo
locale/hu/UltraDefrag.mo
locale/hy/UltraDefrag.mo
locale/id/UltraDefrag.mo
locale/ilo/UltraDefrag.mo
locale/is/UltraDefrag.mo
locale/it/UltraDefrag.mo
locale/ja/UltraDefrag.mo
locale/jv/UltraDefrag.mo
locale/ka/UltraDefrag.mo
locale/ko/UltraDefrag.mo
locale/la/UltraDefrag.mo
locale/lt/UltraDefrag.mo
locale/lv/UltraDefrag.mo
locale/mk/UltraDefrag.mo
locale/ms/UltraDefrag.mo
locale/my/UltraDefrag.mo
locale/nl/UltraDefrag.mo
locale/no/UltraDefrag.mo
locale/pam/UltraDefrag.mo
locale/pl/UltraDefrag.mo
locale/pt/UltraDefrag.mo
locale/pt_BR/UltraDefrag.mo
locale/ro/UltraDefrag.mo
locale/ru/UltraDefrag.mo
locale/sk/UltraDefrag.mo
locale/sl/UltraDefrag.mo
locale/sq/UltraDefrag.mo
locale/sr/UltraDefrag.mo
locale/sv/UltraDefrag.mo
locale/ta/UltraDefrag.mo
locale/th/UltraDefrag.mo
locale/tl/UltraDefrag.mo
locale/tr/UltraDefrag.mo
locale/uk/UltraDefrag.mo
locale/uz@Latn/UltraDefrag.mo
locale/vi/UltraDefrag.mo
locale/war/UltraDefrag.mo
locale/yi/UltraDefrag.mo
locale/zh_CN/UltraDefrag.mo
locale/zh_TW/UltraDefrag.mo
lua5.1a.exe
.exe windows:5 windows x86 arch:x86

e9294e3c43f918488df7895e3ae36d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua5.1a

luaL_newstate
lua_cpcall
lua_close
lua_touserdata
luaL_openlibs
lua_setfield
lua_objlen
lua_pushlstring
lua_concat
lua_pushfstring
luaL_loadbuffer
luaL_loadfile
luaL_checkstack
lua_pushstring
lua_createtable
lua_rawseti
lua_gettop
lua_pushcclosure
lua_insert
lua_pcall
lua_remove
lua_gc
lua_getfield
lua_pushvalue
lua_pushinteger
lua_call
lua_type
lua_tolstring
lua_settop
lua_sethook
luaL_error

kernel32

SetUnhandledExceptionFilter
CloseHandle
CreateFileW
HeapSize
GetStringTypeW
LCMapStringW
SetEnvironmentVariableA
CompareStringW
ReadFile
SetStdHandle
SetFilePointer
MultiByteToWideChar
WriteConsoleW
LoadLibraryW
HeapReAlloc
HeapAlloc
IsProcessorFeaturePresent
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
DecodePointer
EncodePointer
GetLastError
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
Sleep
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
HeapFree
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lua5.1a_gui.exe
.exe windows:5 windows x86 arch:x86

2cea739cde568076fc759373a5c2bcf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

comctl32

ord17

lua5.1a

lua_cpcall
lua_close
lua_touserdata
luaL_openlibs
lua_setfield
luaL_loadbuffer
luaL_loadfile
luaL_checkstack
lua_pushstring
lua_createtable
lua_rawseti
lua_gettop
luaL_newstate
lua_insert
lua_pcall
lua_remove
lua_gc
lua_getfield
lua_pushvalue
lua_pushinteger
lua_call
lua_type
lua_tolstring
lua_settop
lua_sethook
luaL_error
lua_pushcclosure

kernel32

InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringW
HeapSize
SetEnvironmentVariableA
MultiByteToWideChar
CompareStringW
HeapReAlloc
HeapAlloc
IsProcessorFeaturePresent
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
LoadLibraryW
Sleep
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
EnterCriticalSection
GetCommandLineA
HeapSetInformation
DecodePointer
EncodePointer
GetLastError
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
man/boot-off.man
man/boot-on.man
man/call.man
man/echo.man
man/exit.man
man/help.man
man/hexview.man
man/history.man
man/man.man
man/pause.man
man/readme.txt
man/reboot.man
man/set.man
.vbs
man/shutdown.man
man/type.man
man/udefrag.man
man/variables.man
.vbs
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
po/UltraDefrag.pot
po/ar.po
po/be.po
po/bg.po
po/bn.po
po/bs.po
po/ca.po
po/cs.po
po/da.po
po/de.po
po/el.po
po/en_GB.po
po/en_US.po
po/es.po
po/es_AR.po
po/es_MX.po
po/et.po
po/fa.po
po/fi.po
po/fr.po
po/gl.po
po/he.po
po/hi.po
po/hr.po
po/hu.po
po/hy.po
po/id.po
po/ilo.po
po/is.po
po/it.po
po/ja.po
po/jv.po
po/ka.po
po/ko.po
po/la.po
po/lt.po
po/lv.po
po/mk.po
po/ms.po
po/my.po
po/nl.po
po/no.po
po/pam.po
po/pl.po
po/pt.po
po/pt_BR.po
po/ro.po
po/ru.po
po/sk.po
po/sl.po
po/sq.po
po/sr.po
po/sv.po
po/ta.po
po/th.po
po/tl.po
po/tr.po
po/uk.po
po/[email protected]
po/vi.po
po/war.po
po/yi.po
po/zh_CN.po
po/zh_TW.po
scripts/udreport.css
scripts/udreportcnv.lua
.sh linux
scripts/udsorting.js
.js
scripts/upgrade-options.lua
.sh linux
ultradefrag.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 914KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
SetWindowLongA
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 292KB

UPX1 Size: 19KB - Virtual size: 20KB

.rsrc Size: 60KB - Virtual size: 64KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

cce05dea98cbac3a9d486b233588f528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 692B

.rdata Size: 1024B - Virtual size: 705B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 240B

e3123f8a7a4dd367047b3da0711b860a

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

zenwinx

kernel32

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 38KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

ebc2d915841be8afc8fa1ee9f6850960

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 628B

e3123f8a7a4dd367047b3da0711b860a

Headers

DLL Characteristics

File Characteristics

UPX0
Size: - Virtual size: 292KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 60KB - Virtual size: 64KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 38KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 38KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 258KB - Virtual size: 516KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 217KB - Virtual size: 217KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 5KB - Virtual size: 13KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 116KB - Virtual size: 115KB

.reloc
Size: 3KB - Virtual size: 3KB